diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 59c7b8b08e..be9a2271b2 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -458,20 +458,6 @@ components: items: $ref: '#/components/schemas/GetIssueIncludeQueryParameterItem' type: array - HistoricalJobID: - description: The ID of the job. - in: path - name: job_id - required: true - schema: - type: string - HistoricalSignalID: - description: The ID of the historical signal. - in: path - name: histsignal_id - required: true - schema: - type: string IncidentAttachmentFilterQueryParameter: description: Specifies which types of attachments are included in the response. explode: false @@ -1091,6 +1077,20 @@ components: required: true schema: type: string + ThreatHuntingJobID: + description: The ID of the job. + in: path + name: job_id + required: true + schema: + type: string + ThreatHuntingSignalID: + description: The ID of the threat hunting signal. + in: path + name: histsignal_id + required: true + schema: + type: string UserID: description: The ID of the user. in: path @@ -11815,7 +11815,7 @@ components: - GZIP - DEFLATE ConvertJobResultsToSignalsAttributes: - description: Attributes for converting historical job results to signals. + description: Attributes for converting threat hunting job results to signals. properties: id: description: Request ID. @@ -11847,7 +11847,7 @@ components: - notifications type: object ConvertJobResultsToSignalsData: - description: Data for converting historical job results to signals. + description: Data for converting threat hunting job results to signals. properties: attributes: $ref: '#/components/schemas/ConvertJobResultsToSignalsAttributes' @@ -11862,7 +11862,7 @@ components: x-enum-varnames: - HISTORICALDETECTIONSJOBRESULTSIGNALCONVERSION ConvertJobResultsToSignalsRequest: - description: Request for converting historical job results to signals. + description: Request for converting threat hunting job results to signals. properties: data: $ref: '#/components/schemas/ConvertJobResultsToSignalsData' @@ -22191,130 +22191,6 @@ components: - type - value type: object - HistoricalJobDataType: - description: Type of payload. - enum: - - historicalDetectionsJob - type: string - x-enum-varnames: - - HISTORICALDETECTIONSJOB - HistoricalJobListMeta: - description: Metadata about the list of jobs. - properties: - totalCount: - description: Number of jobs in the list. - format: int32 - maximum: 2147483647 - type: integer - type: object - HistoricalJobOptions: - description: Job options. - properties: - detectionMethod: - $ref: '#/components/schemas/SecurityMonitoringRuleDetectionMethod' - evaluationWindow: - $ref: '#/components/schemas/SecurityMonitoringRuleEvaluationWindow' - impossibleTravelOptions: - $ref: '#/components/schemas/SecurityMonitoringRuleImpossibleTravelOptions' - keepAlive: - $ref: '#/components/schemas/SecurityMonitoringRuleKeepAlive' - maxSignalDuration: - $ref: '#/components/schemas/SecurityMonitoringRuleMaxSignalDuration' - newValueOptions: - $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptions' - sequenceDetectionOptions: - $ref: '#/components/schemas/SecurityMonitoringRuleSequenceDetectionOptions' - thirdPartyRuleOptions: - $ref: '#/components/schemas/SecurityMonitoringRuleThirdPartyOptions' - type: object - HistoricalJobQuery: - description: Query for selecting logs analyzed by the historical job. - properties: - aggregation: - $ref: '#/components/schemas/SecurityMonitoringRuleQueryAggregation' - dataSource: - $ref: '#/components/schemas/SecurityMonitoringStandardDataSource' - distinctFields: - description: Field for which the cardinality is measured. Sent as an array. - items: - description: Field. - type: string - type: array - groupByFields: - description: Fields to group by. - items: - description: Field. - type: string - type: array - hasOptionalGroupByFields: - default: false - description: When false, events without a group-by value are ignored by - the query. When true, events with missing group-by fields are processed - with `N/A`, replacing the missing values. - example: false - type: boolean - metrics: - description: Group of target fields to aggregate over when using the sum, - max, geo data, or new value aggregations. The sum, max, and geo data aggregations - only accept one value in this list, whereas the new value aggregation - accepts up to five values. - items: - description: Field. - type: string - type: array - name: - description: Name of the query. - type: string - query: - description: Query to run on logs. - example: a > 3 - type: string - type: object - HistoricalJobResponse: - description: Historical job response. - properties: - data: - $ref: '#/components/schemas/HistoricalJobResponseData' - type: object - HistoricalJobResponseAttributes: - description: Historical job attributes. - properties: - createdAt: - description: Time when the job was created. - type: string - createdByHandle: - description: The handle of the user who created the job. - type: string - createdByName: - description: The name of the user who created the job. - type: string - createdFromRuleId: - description: ID of the rule used to create the job (if it is created from - a rule). - type: string - jobDefinition: - $ref: '#/components/schemas/JobDefinition' - jobName: - description: Job name. - type: string - jobStatus: - description: Job status. - type: string - modifiedAt: - description: Last modification time of the job. - type: string - type: object - HistoricalJobResponseData: - description: Historical job response data. - properties: - attributes: - $ref: '#/components/schemas/HistoricalJobResponseAttributes' - id: - description: ID of the job. - type: string - type: - $ref: '#/components/schemas/HistoricalJobDataType' - type: object HourlyUsage: description: Hourly usage for a product family for an org. properties: @@ -26495,7 +26371,7 @@ components: type: string type: object JobCreateResponse: - description: Run a historical job response. + description: Run a threat hunting job response. properties: data: $ref: '#/components/schemas/JobCreateResponseData' @@ -26507,10 +26383,10 @@ components: description: ID of the created job. type: string type: - $ref: '#/components/schemas/HistoricalJobDataType' + $ref: '#/components/schemas/ThreatHuntingJobDataType' type: object JobDefinition: - description: Definition of a historical job. + description: Definition of a threat hunting job. properties: calculatedFields: description: Calculated fields. @@ -26549,11 +26425,11 @@ components: example: Excessive number of failed attempts. type: string options: - $ref: '#/components/schemas/HistoricalJobOptions' + $ref: '#/components/schemas/ThreatHuntingJobOptions' queries: description: Queries for selecting logs analyzed by the job. items: - $ref: '#/components/schemas/HistoricalJobQuery' + $ref: '#/components/schemas/ThreatHuntingJobQuery' type: array referenceTables: description: Reference tables used in the queries. @@ -26590,7 +26466,8 @@ components: - message type: object JobDefinitionFromRule: - description: Definition of a historical job based on a security monitoring rule. + description: Definition of a threat hunting job based on a security monitoring + rule. properties: from: description: Starting time of data analyzed by the job. @@ -27290,17 +27167,6 @@ components: - data - meta type: object - ListHistoricalJobsResponse: - description: List of historical jobs. - properties: - data: - description: Array containing the list of historical jobs. - items: - $ref: '#/components/schemas/HistoricalJobResponseData' - type: array - meta: - $ref: '#/components/schemas/HistoricalJobListMeta' - type: object ListKindCatalogResponse: description: List kind response. properties: @@ -27468,6 +27334,17 @@ components: - _NAME - USER_COUNT - _USER_COUNT + ListThreatHuntingJobsResponse: + description: List of threat hunting jobs. + properties: + data: + description: Array containing the list of threat hunting jobs. + items: + $ref: '#/components/schemas/ThreatHuntingJobResponseData' + type: array + meta: + $ref: '#/components/schemas/ThreatHuntingJobListMeta' + type: object ListVulnerabilitiesResponse: description: The expected response schema when listing vulnerabilities. properties: @@ -41523,14 +41400,18 @@ components: $ref: '#/components/schemas/RumRetentionFilterData' type: array type: object - RunHistoricalJobRequest: - description: Run a historical job request. + RunRetentionFilterName: + description: The name of a RUM retention filter. + example: Retention filter for session + type: string + RunThreatHuntingJobRequest: + description: Run a threat hunting job request. properties: data: - $ref: '#/components/schemas/RunHistoricalJobRequestData' + $ref: '#/components/schemas/RunThreatHuntingJobRequestData' type: object - RunHistoricalJobRequestAttributes: - description: Run a historical job request. + RunThreatHuntingJobRequestAttributes: + description: Run a threat hunting job request. properties: fromRule: $ref: '#/components/schemas/JobDefinitionFromRule' @@ -41540,25 +41421,21 @@ components: jobDefinition: $ref: '#/components/schemas/JobDefinition' type: object - RunHistoricalJobRequestData: - description: Data for running a historical job request. + RunThreatHuntingJobRequestData: + description: Data for running a threat hunting job request. properties: attributes: - $ref: '#/components/schemas/RunHistoricalJobRequestAttributes' + $ref: '#/components/schemas/RunThreatHuntingJobRequestAttributes' type: - $ref: '#/components/schemas/RunHistoricalJobRequestDataType' + $ref: '#/components/schemas/RunThreatHuntingJobRequestDataType' type: object - RunHistoricalJobRequestDataType: + RunThreatHuntingJobRequestDataType: description: Type of data. enum: - historicalDetectionsJobCreate type: string x-enum-varnames: - HISTORICALDETECTIONSJOBCREATE - RunRetentionFilterName: - description: The name of a RUM retention filter. - example: Retention filter for session - type: string SAMLAssertionAttribute: description: SAML assertion attribute. properties: @@ -50443,6 +50320,130 @@ components: description: Offset type. type: string type: object + ThreatHuntingJobDataType: + description: Type of payload. + enum: + - historicalDetectionsJob + type: string + x-enum-varnames: + - HISTORICALDETECTIONSJOB + ThreatHuntingJobListMeta: + description: Metadata about the list of jobs. + properties: + totalCount: + description: Number of jobs in the list. + format: int32 + maximum: 2147483647 + type: integer + type: object + ThreatHuntingJobOptions: + description: Job options. + properties: + detectionMethod: + $ref: '#/components/schemas/SecurityMonitoringRuleDetectionMethod' + evaluationWindow: + $ref: '#/components/schemas/SecurityMonitoringRuleEvaluationWindow' + impossibleTravelOptions: + $ref: '#/components/schemas/SecurityMonitoringRuleImpossibleTravelOptions' + keepAlive: + $ref: '#/components/schemas/SecurityMonitoringRuleKeepAlive' + maxSignalDuration: + $ref: '#/components/schemas/SecurityMonitoringRuleMaxSignalDuration' + newValueOptions: + $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptions' + sequenceDetectionOptions: + $ref: '#/components/schemas/SecurityMonitoringRuleSequenceDetectionOptions' + thirdPartyRuleOptions: + $ref: '#/components/schemas/SecurityMonitoringRuleThirdPartyOptions' + type: object + ThreatHuntingJobQuery: + description: Query for selecting logs analyzed by the threat hunting job. + properties: + aggregation: + $ref: '#/components/schemas/SecurityMonitoringRuleQueryAggregation' + dataSource: + $ref: '#/components/schemas/SecurityMonitoringStandardDataSource' + distinctFields: + description: Field for which the cardinality is measured. Sent as an array. + items: + description: Field. + type: string + type: array + groupByFields: + description: Fields to group by. + items: + description: Field. + type: string + type: array + hasOptionalGroupByFields: + default: false + description: When false, events without a group-by value are ignored by + the query. When true, events with missing group-by fields are processed + with `N/A`, replacing the missing values. + example: false + type: boolean + metrics: + description: Group of target fields to aggregate over when using the sum, + max, geo data, or new value aggregations. The sum, max, and geo data aggregations + only accept one value in this list, whereas the new value aggregation + accepts up to five values. + items: + description: Field. + type: string + type: array + name: + description: Name of the query. + type: string + query: + description: Query to run on logs. + example: a > 3 + type: string + type: object + ThreatHuntingJobResponse: + description: Threat hunting job response. + properties: + data: + $ref: '#/components/schemas/ThreatHuntingJobResponseData' + type: object + ThreatHuntingJobResponseAttributes: + description: Threat hunting job attributes. + properties: + createdAt: + description: Time when the job was created. + type: string + createdByHandle: + description: The handle of the user who created the job. + type: string + createdByName: + description: The name of the user who created the job. + type: string + createdFromRuleId: + description: ID of the rule used to create the job (if it is created from + a rule). + type: string + jobDefinition: + $ref: '#/components/schemas/JobDefinition' + jobName: + description: Job name. + type: string + jobStatus: + description: Job status. + type: string + modifiedAt: + description: Last modification time of the job. + type: string + type: object + ThreatHuntingJobResponseData: + description: Threat hunting job response data. + properties: + attributes: + $ref: '#/components/schemas/ThreatHuntingJobResponseAttributes' + id: + description: ID of the job. + type: string + type: + $ref: '#/components/schemas/ThreatHuntingJobDataType' + type: object TimeAggregation: description: 'Time aggregation period (in seconds) is used to aggregate the results of the notification rule evaluation. @@ -76493,7 +76494,7 @@ paths: permissions: - incident_settings_write x-unstable: '**Note**: This endpoint is deprecated.' - /api/v2/siem-historical-detections/histsignals: + /api/v2/siem-threat-hunting/histsignals: get: description: List hist signals. operationId: ListSecurityMonitoringHistsignals @@ -76534,7 +76535,7 @@ paths: x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' - /api/v2/siem-historical-detections/histsignals/search: + /api/v2/siem-threat-hunting/histsignals/search: get: description: Search hist signals. operationId: SearchSecurityMonitoringHistsignals @@ -76574,12 +76575,12 @@ paths: x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' - /api/v2/siem-historical-detections/histsignals/{histsignal_id}: + /api/v2/siem-threat-hunting/histsignals/{histsignal_id}: get: description: Get a hist signal's details. operationId: GetSecurityMonitoringHistsignal parameters: - - $ref: '#/components/parameters/HistoricalSignalID' + - $ref: '#/components/parameters/ThreatHuntingSignalID' responses: '200': content: @@ -76610,10 +76611,10 @@ paths: x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' - /api/v2/siem-historical-detections/jobs: + /api/v2/siem-threat-hunting/jobs: get: - description: List historical jobs. - operationId: ListHistoricalJobs + description: List threat hunting jobs. + operationId: ListThreatHuntingJobs parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' @@ -76636,7 +76637,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/ListHistoricalJobsResponse' + $ref: '#/components/schemas/ListThreatHuntingJobsResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' @@ -76648,20 +76649,20 @@ paths: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] - summary: List historical jobs + summary: List threat hunting jobs tags: - Security Monitoring x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' post: - description: Run a historical job. - operationId: RunHistoricalJob + description: Run a threat hunting job. + operationId: RunThreatHuntingJob requestBody: content: application/json: schema: - $ref: '#/components/schemas/RunHistoricalJobRequest' + $ref: '#/components/schemas/RunThreatHuntingJobRequest' required: true responses: '201': @@ -76685,7 +76686,7 @@ paths: appKeyAuth: [] - AuthZ: - security_monitoring_rules_write - summary: Run a historical job + summary: Run a threat hunting job tags: - Security Monitoring x-codegen-request-body-name: body @@ -76696,7 +76697,7 @@ paths: x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' - /api/v2/siem-historical-detections/jobs/signal_convert: + /api/v2/siem-threat-hunting/jobs/signal_convert: post: description: Convert a job result to a signal. operationId: ConvertJobResultToSignal @@ -76730,12 +76731,12 @@ paths: x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' - /api/v2/siem-historical-detections/jobs/{job_id}: + /api/v2/siem-threat-hunting/jobs/{job_id}: delete: description: Delete an existing job. - operationId: DeleteHistoricalJob + operationId: DeleteThreatHuntingJob parameters: - - $ref: '#/components/parameters/HistoricalJobID' + - $ref: '#/components/parameters/ThreatHuntingJobID' responses: '204': description: OK @@ -76763,15 +76764,15 @@ paths: Please check the documentation regularly for updates.' get: description: Get a job's details. - operationId: GetHistoricalJob + operationId: GetThreatHuntingJob parameters: - - $ref: '#/components/parameters/HistoricalJobID' + - $ref: '#/components/parameters/ThreatHuntingJobID' responses: '200': content: application/json: schema: - $ref: '#/components/schemas/HistoricalJobResponse' + $ref: '#/components/schemas/ThreatHuntingJobResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' @@ -76796,12 +76797,12 @@ paths: x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' - /api/v2/siem-historical-detections/jobs/{job_id}/cancel: + /api/v2/siem-threat-hunting/jobs/{job_id}/cancel: patch: - description: Cancel a historical job. - operationId: CancelHistoricalJob + description: Cancel a threat hunting job. + operationId: CancelThreatHuntingJob parameters: - - $ref: '#/components/parameters/HistoricalJobID' + - $ref: '#/components/parameters/ThreatHuntingJobID' responses: '204': description: OK @@ -76822,7 +76823,7 @@ paths: appKeyAuth: [] - AuthZ: - security_monitoring_rules_write - summary: Cancel a historical job + summary: Cancel a threat hunting job tags: - Security Monitoring x-permission: @@ -76832,12 +76833,12 @@ paths: x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' - /api/v2/siem-historical-detections/jobs/{job_id}/histsignals: + /api/v2/siem-threat-hunting/jobs/{job_id}/histsignals: get: description: Get a job's hist signals. operationId: GetSecurityMonitoringHistsignalsByJobId parameters: - - $ref: '#/components/parameters/HistoricalJobID' + - $ref: '#/components/parameters/ThreatHuntingJobID' - $ref: '#/components/parameters/QueryFilterSearch' - $ref: '#/components/parameters/QueryFilterFrom' - $ref: '#/components/parameters/QueryFilterTo' diff --git a/docs/datadog_api_client.v2.model.rst b/docs/datadog_api_client.v2.model.rst index fd32ce4b81..28df3405c2 100644 --- a/docs/datadog_api_client.v2.model.rst +++ b/docs/datadog_api_client.v2.model.rst @@ -9195,55 +9195,6 @@ datadog\_api\_client.v2.model.group\_tags module :members: :show-inheritance: -datadog\_api\_client.v2.model.historical\_job\_data\_type module ----------------------------------------------------------------- - -.. automodule:: datadog_api_client.v2.model.historical_job_data_type - :members: - :show-inheritance: - -datadog\_api\_client.v2.model.historical\_job\_list\_meta module ----------------------------------------------------------------- - -.. automodule:: datadog_api_client.v2.model.historical_job_list_meta - :members: - :show-inheritance: - -datadog\_api\_client.v2.model.historical\_job\_options module -------------------------------------------------------------- - -.. automodule:: datadog_api_client.v2.model.historical_job_options - :members: - :show-inheritance: - -datadog\_api\_client.v2.model.historical\_job\_query module ------------------------------------------------------------ - -.. automodule:: datadog_api_client.v2.model.historical_job_query - :members: - :show-inheritance: - -datadog\_api\_client.v2.model.historical\_job\_response module --------------------------------------------------------------- - -.. automodule:: datadog_api_client.v2.model.historical_job_response - :members: - :show-inheritance: - -datadog\_api\_client.v2.model.historical\_job\_response\_attributes module --------------------------------------------------------------------------- - -.. automodule:: datadog_api_client.v2.model.historical_job_response_attributes - :members: - :show-inheritance: - -datadog\_api\_client.v2.model.historical\_job\_response\_data module --------------------------------------------------------------------- - -.. automodule:: datadog_api_client.v2.model.historical_job_response_data - :members: - :show-inheritance: - datadog\_api\_client.v2.model.hourly\_usage module -------------------------------------------------- @@ -11617,13 +11568,6 @@ datadog\_api\_client.v2.model.list\_findings\_response module :members: :show-inheritance: -datadog\_api\_client.v2.model.list\_historical\_jobs\_response module ---------------------------------------------------------------------- - -.. automodule:: datadog_api_client.v2.model.list_historical_jobs_response - :members: - :show-inheritance: - datadog\_api\_client.v2.model.list\_kind\_catalog\_response module ------------------------------------------------------------------ @@ -11722,6 +11666,13 @@ datadog\_api\_client.v2.model.list\_teams\_sort module :members: :show-inheritance: +datadog\_api\_client.v2.model.list\_threat\_hunting\_jobs\_response module +-------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.list_threat_hunting_jobs_response + :members: + :show-inheritance: + datadog\_api\_client.v2.model.list\_vulnerabilities\_response module -------------------------------------------------------------------- @@ -18358,31 +18309,31 @@ datadog\_api\_client.v2.model.rum\_warning module :members: :show-inheritance: -datadog\_api\_client.v2.model.run\_historical\_job\_request module ------------------------------------------------------------------- +datadog\_api\_client.v2.model.run\_threat\_hunting\_job\_request module +----------------------------------------------------------------------- -.. automodule:: datadog_api_client.v2.model.run_historical_job_request +.. automodule:: datadog_api_client.v2.model.run_threat_hunting_job_request :members: :show-inheritance: -datadog\_api\_client.v2.model.run\_historical\_job\_request\_attributes module ------------------------------------------------------------------------------- +datadog\_api\_client.v2.model.run\_threat\_hunting\_job\_request\_attributes module +----------------------------------------------------------------------------------- -.. automodule:: datadog_api_client.v2.model.run_historical_job_request_attributes +.. automodule:: datadog_api_client.v2.model.run_threat_hunting_job_request_attributes :members: :show-inheritance: -datadog\_api\_client.v2.model.run\_historical\_job\_request\_data module ------------------------------------------------------------------------- +datadog\_api\_client.v2.model.run\_threat\_hunting\_job\_request\_data module +----------------------------------------------------------------------------- -.. automodule:: datadog_api_client.v2.model.run_historical_job_request_data +.. automodule:: datadog_api_client.v2.model.run_threat_hunting_job_request_data :members: :show-inheritance: -datadog\_api\_client.v2.model.run\_historical\_job\_request\_data\_type module ------------------------------------------------------------------------------- +datadog\_api\_client.v2.model.run\_threat\_hunting\_job\_request\_data\_type module +----------------------------------------------------------------------------------- -.. automodule:: datadog_api_client.v2.model.run_historical_job_request_data_type +.. automodule:: datadog_api_client.v2.model.run_threat_hunting_job_request_data_type :members: :show-inheritance: @@ -22229,6 +22180,55 @@ datadog\_api\_client.v2.model.teams\_response\_meta\_pagination module :members: :show-inheritance: +datadog\_api\_client.v2.model.threat\_hunting\_job\_data\_type module +--------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.threat_hunting_job_data_type + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.threat\_hunting\_job\_list\_meta module +--------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.threat_hunting_job_list_meta + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.threat\_hunting\_job\_options module +------------------------------------------------------------------ + +.. automodule:: datadog_api_client.v2.model.threat_hunting_job_options + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.threat\_hunting\_job\_query module +---------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.threat_hunting_job_query + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.threat\_hunting\_job\_response module +------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.threat_hunting_job_response + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.threat\_hunting\_job\_response\_attributes module +------------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.threat_hunting_job_response_attributes + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.threat\_hunting\_job\_response\_data module +------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.threat_hunting_job_response_data + :members: + :show-inheritance: + datadog\_api\_client.v2.model.time\_restriction module ------------------------------------------------------ diff --git a/examples/v2/security-monitoring/CancelThreatHuntingJob.py b/examples/v2/security-monitoring/CancelThreatHuntingJob.py new file mode 100644 index 0000000000..96a2bd4d25 --- /dev/null +++ b/examples/v2/security-monitoring/CancelThreatHuntingJob.py @@ -0,0 +1,14 @@ +""" +Cancel a threat hunting job returns "OK" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi + +configuration = Configuration() +configuration.unstable_operations["cancel_threat_hunting_job"] = True +with ApiClient(configuration) as api_client: + api_instance = SecurityMonitoringApi(api_client) + api_instance.cancel_threat_hunting_job( + job_id="job_id", + ) diff --git a/examples/v2/security-monitoring/CancelHistoricalJob.py b/examples/v2/security-monitoring/CancelThreatHuntingJob_1945505845.py similarity index 50% rename from examples/v2/security-monitoring/CancelHistoricalJob.py rename to examples/v2/security-monitoring/CancelThreatHuntingJob_1945505845.py index ffade0ee16..b15aed48a4 100644 --- a/examples/v2/security-monitoring/CancelHistoricalJob.py +++ b/examples/v2/security-monitoring/CancelThreatHuntingJob_1945505845.py @@ -6,14 +6,14 @@ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi -# there is a valid "historical_job" in the system -HISTORICAL_JOB_DATA_ID = environ["HISTORICAL_JOB_DATA_ID"] +# there is a valid "threat_hunting_job" in the system +THREAT_HUNTING_JOB_DATA_ID = environ["THREAT_HUNTING_JOB_DATA_ID"] configuration = Configuration() -configuration.unstable_operations["cancel_historical_job"] = True -configuration.unstable_operations["run_historical_job"] = True +configuration.unstable_operations["cancel_threat_hunting_job"] = True +configuration.unstable_operations["run_threat_hunting_job"] = True with ApiClient(configuration) as api_client: api_instance = SecurityMonitoringApi(api_client) - api_instance.cancel_historical_job( - job_id=HISTORICAL_JOB_DATA_ID, + api_instance.cancel_threat_hunting_job( + job_id=THREAT_HUNTING_JOB_DATA_ID, ) diff --git a/examples/v2/security-monitoring/DeleteHistoricalJob.py b/examples/v2/security-monitoring/DeleteThreatHuntingJob.py similarity index 75% rename from examples/v2/security-monitoring/DeleteHistoricalJob.py rename to examples/v2/security-monitoring/DeleteThreatHuntingJob.py index 59811de16d..9f77a92e25 100644 --- a/examples/v2/security-monitoring/DeleteHistoricalJob.py +++ b/examples/v2/security-monitoring/DeleteThreatHuntingJob.py @@ -6,9 +6,9 @@ from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi configuration = Configuration() -configuration.unstable_operations["delete_historical_job"] = True +configuration.unstable_operations["delete_threat_hunting_job"] = True with ApiClient(configuration) as api_client: api_instance = SecurityMonitoringApi(api_client) - api_instance.delete_historical_job( + api_instance.delete_threat_hunting_job( job_id="job_id", ) diff --git a/examples/v2/security-monitoring/GetHistoricalJob.py b/examples/v2/security-monitoring/GetThreatHuntingJob.py similarity index 51% rename from examples/v2/security-monitoring/GetHistoricalJob.py rename to examples/v2/security-monitoring/GetThreatHuntingJob.py index e975c05c19..1a890147b7 100644 --- a/examples/v2/security-monitoring/GetHistoricalJob.py +++ b/examples/v2/security-monitoring/GetThreatHuntingJob.py @@ -6,16 +6,16 @@ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi -# there is a valid "historical_job" in the system -HISTORICAL_JOB_DATA_ID = environ["HISTORICAL_JOB_DATA_ID"] +# there is a valid "threat_hunting_job" in the system +THREAT_HUNTING_JOB_DATA_ID = environ["THREAT_HUNTING_JOB_DATA_ID"] configuration = Configuration() -configuration.unstable_operations["get_historical_job"] = True -configuration.unstable_operations["run_historical_job"] = True +configuration.unstable_operations["get_threat_hunting_job"] = True +configuration.unstable_operations["run_threat_hunting_job"] = True with ApiClient(configuration) as api_client: api_instance = SecurityMonitoringApi(api_client) - response = api_instance.get_historical_job( - job_id=HISTORICAL_JOB_DATA_ID, + response = api_instance.get_threat_hunting_job( + job_id=THREAT_HUNTING_JOB_DATA_ID, ) print(response) diff --git a/examples/v2/security-monitoring/ListThreatHuntingJobs.py b/examples/v2/security-monitoring/ListThreatHuntingJobs.py new file mode 100644 index 0000000000..865b1636fe --- /dev/null +++ b/examples/v2/security-monitoring/ListThreatHuntingJobs.py @@ -0,0 +1,14 @@ +""" +List threat hunting jobs returns "OK" response +""" + +from datadog_api_client import ApiClient, Configuration +from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi + +configuration = Configuration() +configuration.unstable_operations["list_threat_hunting_jobs"] = True +with ApiClient(configuration) as api_client: + api_instance = SecurityMonitoringApi(api_client) + response = api_instance.list_threat_hunting_jobs() + + print(response) diff --git a/examples/v2/security-monitoring/ListHistoricalJobs.py b/examples/v2/security-monitoring/ListThreatHuntingJobs_1365512061.py similarity index 56% rename from examples/v2/security-monitoring/ListHistoricalJobs.py rename to examples/v2/security-monitoring/ListThreatHuntingJobs_1365512061.py index 18c79874b7..51a5bcda36 100644 --- a/examples/v2/security-monitoring/ListHistoricalJobs.py +++ b/examples/v2/security-monitoring/ListThreatHuntingJobs_1365512061.py @@ -6,15 +6,15 @@ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi -# there is a valid "historical_job" in the system -HISTORICAL_JOB_DATA_ID = environ["HISTORICAL_JOB_DATA_ID"] +# there is a valid "threat_hunting_job" in the system +THREAT_HUNTING_JOB_DATA_ID = environ["THREAT_HUNTING_JOB_DATA_ID"] configuration = Configuration() -configuration.unstable_operations["list_historical_jobs"] = True -configuration.unstable_operations["run_historical_job"] = True +configuration.unstable_operations["list_threat_hunting_jobs"] = True +configuration.unstable_operations["run_threat_hunting_job"] = True with ApiClient(configuration) as api_client: api_instance = SecurityMonitoringApi(api_client) - response = api_instance.list_historical_jobs( + response = api_instance.list_threat_hunting_jobs( filter_query="id:string", ) diff --git a/examples/v2/security-monitoring/RunHistoricalJob.py b/examples/v2/security-monitoring/RunThreatHuntingJob.py similarity index 67% rename from examples/v2/security-monitoring/RunHistoricalJob.py rename to examples/v2/security-monitoring/RunThreatHuntingJob.py index 737bb0d3a3..4f8da41e2f 100644 --- a/examples/v2/security-monitoring/RunHistoricalJob.py +++ b/examples/v2/security-monitoring/RunThreatHuntingJob.py @@ -1,16 +1,14 @@ """ -Run a historical job returns "Status created" response +Run a threat hunting job returns "Status created" response """ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi -from datadog_api_client.v2.model.historical_job_options import HistoricalJobOptions -from datadog_api_client.v2.model.historical_job_query import HistoricalJobQuery from datadog_api_client.v2.model.job_definition import JobDefinition -from datadog_api_client.v2.model.run_historical_job_request import RunHistoricalJobRequest -from datadog_api_client.v2.model.run_historical_job_request_attributes import RunHistoricalJobRequestAttributes -from datadog_api_client.v2.model.run_historical_job_request_data import RunHistoricalJobRequestData -from datadog_api_client.v2.model.run_historical_job_request_data_type import RunHistoricalJobRequestDataType +from datadog_api_client.v2.model.run_threat_hunting_job_request import RunThreatHuntingJobRequest +from datadog_api_client.v2.model.run_threat_hunting_job_request_attributes import RunThreatHuntingJobRequestAttributes +from datadog_api_client.v2.model.run_threat_hunting_job_request_data import RunThreatHuntingJobRequestData +from datadog_api_client.v2.model.run_threat_hunting_job_request_data_type import RunThreatHuntingJobRequestDataType from datadog_api_client.v2.model.security_monitoring_rule_case_create import SecurityMonitoringRuleCaseCreate from datadog_api_client.v2.model.security_monitoring_rule_evaluation_window import ( SecurityMonitoringRuleEvaluationWindow, @@ -23,16 +21,18 @@ SecurityMonitoringRuleQueryAggregation, ) from datadog_api_client.v2.model.security_monitoring_rule_severity import SecurityMonitoringRuleSeverity +from datadog_api_client.v2.model.threat_hunting_job_options import ThreatHuntingJobOptions +from datadog_api_client.v2.model.threat_hunting_job_query import ThreatHuntingJobQuery -body = RunHistoricalJobRequest( - data=RunHistoricalJobRequestData( - type=RunHistoricalJobRequestDataType.HISTORICALDETECTIONSJOBCREATE, - attributes=RunHistoricalJobRequestAttributes( +body = RunThreatHuntingJobRequest( + data=RunThreatHuntingJobRequestData( + type=RunThreatHuntingJobRequestDataType.HISTORICALDETECTIONSJOBCREATE, + attributes=RunThreatHuntingJobRequestAttributes( job_definition=JobDefinition( type="log_detection", name="Excessive number of failed attempts.", queries=[ - HistoricalJobQuery( + ThreatHuntingJobQuery( query="source:non_existing_src_weekend", aggregation=SecurityMonitoringRuleQueryAggregation.COUNT, group_by_fields=[], @@ -47,7 +47,7 @@ condition="a > 1", ), ], - options=HistoricalJobOptions( + options=ThreatHuntingJobOptions( keep_alive=SecurityMonitoringRuleKeepAlive.ONE_HOUR, max_signal_duration=SecurityMonitoringRuleMaxSignalDuration.ONE_DAY, evaluation_window=SecurityMonitoringRuleEvaluationWindow.FIFTEEN_MINUTES, @@ -63,9 +63,9 @@ ) configuration = Configuration() -configuration.unstable_operations["run_historical_job"] = True +configuration.unstable_operations["run_threat_hunting_job"] = True with ApiClient(configuration) as api_client: api_instance = SecurityMonitoringApi(api_client) - response = api_instance.run_historical_job(body=body) + response = api_instance.run_threat_hunting_job(body=body) print(response) diff --git a/src/datadog_api_client/configuration.py b/src/datadog_api_client/configuration.py index 9e4a48dcfc..a5eda201d1 100644 --- a/src/datadog_api_client/configuration.py +++ b/src/datadog_api_client/configuration.py @@ -245,24 +245,24 @@ def __init__( "v2.get_open_api": False, "v2.list_apis": False, "v2.update_open_api": False, - "v2.cancel_historical_job": False, + "v2.cancel_threat_hunting_job": False, "v2.convert_job_result_to_signal": False, - "v2.delete_historical_job": False, + "v2.delete_threat_hunting_job": False, "v2.get_finding": False, - "v2.get_historical_job": False, "v2.get_rule_version_history": False, "v2.get_sbom": False, "v2.get_security_monitoring_histsignal": False, "v2.get_security_monitoring_histsignals_by_job_id": False, + "v2.get_threat_hunting_job": False, "v2.list_assets_sbo_ms": False, "v2.list_findings": False, - "v2.list_historical_jobs": False, "v2.list_scanned_assets_metadata": False, "v2.list_security_monitoring_histsignals": False, + "v2.list_threat_hunting_jobs": False, "v2.list_vulnerabilities": False, "v2.list_vulnerable_assets": False, "v2.mute_findings": False, - "v2.run_historical_job": False, + "v2.run_threat_hunting_job": False, "v2.search_security_monitoring_histsignals": False, "v2.create_dataset": False, "v2.delete_dataset": False, diff --git a/src/datadog_api_client/v2/api/security_monitoring_api.py b/src/datadog_api_client/v2/api/security_monitoring_api.py index 1aef9ceb5a..8167c65eee 100644 --- a/src/datadog_api_client/v2/api/security_monitoring_api.py +++ b/src/datadog_api_client/v2/api/security_monitoring_api.py @@ -102,11 +102,11 @@ from datadog_api_client.v2.model.security_monitoring_signal_state_update_request import ( SecurityMonitoringSignalStateUpdateRequest, ) -from datadog_api_client.v2.model.list_historical_jobs_response import ListHistoricalJobsResponse +from datadog_api_client.v2.model.list_threat_hunting_jobs_response import ListThreatHuntingJobsResponse from datadog_api_client.v2.model.job_create_response import JobCreateResponse -from datadog_api_client.v2.model.run_historical_job_request import RunHistoricalJobRequest +from datadog_api_client.v2.model.run_threat_hunting_job_request import RunThreatHuntingJobRequest from datadog_api_client.v2.model.convert_job_results_to_signals_request import ConvertJobResultsToSignalsRequest -from datadog_api_client.v2.model.historical_job_response import HistoricalJobResponse +from datadog_api_client.v2.model.threat_hunting_job_response import ThreatHuntingJobResponse class SecurityMonitoringApi: @@ -119,12 +119,12 @@ def __init__(self, api_client=None): api_client = ApiClient(Configuration()) self.api_client = api_client - self._cancel_historical_job_endpoint = _Endpoint( + self._cancel_threat_hunting_job_endpoint = _Endpoint( settings={ "response_type": None, "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], - "endpoint_path": "/api/v2/siem-historical-detections/jobs/{job_id}/cancel", - "operation_id": "cancel_historical_job", + "endpoint_path": "/api/v2/siem-threat-hunting/jobs/{job_id}/cancel", + "operation_id": "cancel_threat_hunting_job", "http_method": "PATCH", "version": "v2", }, @@ -169,7 +169,7 @@ def __init__(self, api_client=None): settings={ "response_type": None, "auth": ["apiKeyAuth", "appKeyAuth"], - "endpoint_path": "/api/v2/siem-historical-detections/jobs/signal_convert", + "endpoint_path": "/api/v2/siem-threat-hunting/jobs/signal_convert", "operation_id": "convert_job_result_to_signal", "http_method": "POST", "version": "v2", @@ -354,29 +354,6 @@ def __init__(self, api_client=None): api_client=api_client, ) - self._delete_historical_job_endpoint = _Endpoint( - settings={ - "response_type": None, - "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], - "endpoint_path": "/api/v2/siem-historical-detections/jobs/{job_id}", - "operation_id": "delete_historical_job", - "http_method": "DELETE", - "version": "v2", - }, - params_map={ - "job_id": { - "required": True, - "openapi_types": (str,), - "attribute": "job_id", - "location": "path", - }, - }, - headers_map={ - "accept": ["*/*"], - }, - api_client=api_client, - ) - self._delete_security_filter_endpoint = _Endpoint( settings={ "response_type": None, @@ -469,6 +446,29 @@ def __init__(self, api_client=None): api_client=api_client, ) + self._delete_threat_hunting_job_endpoint = _Endpoint( + settings={ + "response_type": None, + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/siem-threat-hunting/jobs/{job_id}", + "operation_id": "delete_threat_hunting_job", + "http_method": "DELETE", + "version": "v2", + }, + params_map={ + "job_id": { + "required": True, + "openapi_types": (str,), + "attribute": "job_id", + "location": "path", + }, + }, + headers_map={ + "accept": ["*/*"], + }, + api_client=api_client, + ) + self._delete_vulnerability_notification_rule_endpoint = _Endpoint( settings={ "response_type": None, @@ -630,29 +630,6 @@ def __init__(self, api_client=None): api_client=api_client, ) - self._get_historical_job_endpoint = _Endpoint( - settings={ - "response_type": (HistoricalJobResponse,), - "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], - "endpoint_path": "/api/v2/siem-historical-detections/jobs/{job_id}", - "operation_id": "get_historical_job", - "http_method": "GET", - "version": "v2", - }, - params_map={ - "job_id": { - "required": True, - "openapi_types": (str,), - "attribute": "job_id", - "location": "path", - }, - }, - headers_map={ - "accept": ["application/json"], - }, - api_client=api_client, - ) - self._get_resource_evaluation_filters_endpoint = _Endpoint( settings={ "response_type": (GetResourceEvaluationFiltersResponse,), @@ -784,7 +761,7 @@ def __init__(self, api_client=None): settings={ "response_type": (SecurityMonitoringSignalResponse,), "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], - "endpoint_path": "/api/v2/siem-historical-detections/histsignals/{histsignal_id}", + "endpoint_path": "/api/v2/siem-threat-hunting/histsignals/{histsignal_id}", "operation_id": "get_security_monitoring_histsignal", "http_method": "GET", "version": "v2", @@ -807,7 +784,7 @@ def __init__(self, api_client=None): settings={ "response_type": (SecurityMonitoringSignalsListResponse,), "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], - "endpoint_path": "/api/v2/siem-historical-detections/jobs/{job_id}/histsignals", + "endpoint_path": "/api/v2/siem-threat-hunting/jobs/{job_id}/histsignals", "operation_id": "get_security_monitoring_histsignals_by_job_id", "http_method": "GET", "version": "v2", @@ -1010,6 +987,29 @@ def __init__(self, api_client=None): api_client=api_client, ) + self._get_threat_hunting_job_endpoint = _Endpoint( + settings={ + "response_type": (ThreatHuntingJobResponse,), + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/siem-threat-hunting/jobs/{job_id}", + "operation_id": "get_threat_hunting_job", + "http_method": "GET", + "version": "v2", + }, + params_map={ + "job_id": { + "required": True, + "openapi_types": (str,), + "attribute": "job_id", + "location": "path", + }, + }, + headers_map={ + "accept": ["application/json"], + }, + api_client=api_client, + ) + self._get_vulnerability_notification_rule_endpoint = _Endpoint( settings={ "response_type": (NotificationRuleResponse,), @@ -1209,43 +1209,6 @@ def __init__(self, api_client=None): api_client=api_client, ) - self._list_historical_jobs_endpoint = _Endpoint( - settings={ - "response_type": (ListHistoricalJobsResponse,), - "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], - "endpoint_path": "/api/v2/siem-historical-detections/jobs", - "operation_id": "list_historical_jobs", - "http_method": "GET", - "version": "v2", - }, - params_map={ - "page_size": { - "openapi_types": (int,), - "attribute": "page[size]", - "location": "query", - }, - "page_number": { - "openapi_types": (int,), - "attribute": "page[number]", - "location": "query", - }, - "sort": { - "openapi_types": (str,), - "attribute": "sort", - "location": "query", - }, - "filter_query": { - "openapi_types": (str,), - "attribute": "filter[query]", - "location": "query", - }, - }, - headers_map={ - "accept": ["application/json"], - }, - api_client=api_client, - ) - self._list_scanned_assets_metadata_endpoint = _Endpoint( settings={ "response_type": (ScannedAssetsMetadata,), @@ -1316,7 +1279,7 @@ def __init__(self, api_client=None): settings={ "response_type": (SecurityMonitoringSignalsListResponse,), "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], - "endpoint_path": "/api/v2/siem-historical-detections/histsignals", + "endpoint_path": "/api/v2/siem-threat-hunting/histsignals", "operation_id": "list_security_monitoring_histsignals", "http_method": "GET", "version": "v2", @@ -1461,6 +1424,43 @@ def __init__(self, api_client=None): api_client=api_client, ) + self._list_threat_hunting_jobs_endpoint = _Endpoint( + settings={ + "response_type": (ListThreatHuntingJobsResponse,), + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/siem-threat-hunting/jobs", + "operation_id": "list_threat_hunting_jobs", + "http_method": "GET", + "version": "v2", + }, + params_map={ + "page_size": { + "openapi_types": (int,), + "attribute": "page[size]", + "location": "query", + }, + "page_number": { + "openapi_types": (int,), + "attribute": "page[number]", + "location": "query", + }, + "sort": { + "openapi_types": (str,), + "attribute": "sort", + "location": "query", + }, + "filter_query": { + "openapi_types": (str,), + "attribute": "filter[query]", + "location": "query", + }, + }, + headers_map={ + "accept": ["application/json"], + }, + api_client=api_client, + ) + self._list_vulnerabilities_endpoint = _Endpoint( settings={ "response_type": (ListVulnerabilitiesResponse,), @@ -1880,19 +1880,19 @@ def __init__(self, api_client=None): api_client=api_client, ) - self._run_historical_job_endpoint = _Endpoint( + self._run_threat_hunting_job_endpoint = _Endpoint( settings={ "response_type": (JobCreateResponse,), "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], - "endpoint_path": "/api/v2/siem-historical-detections/jobs", - "operation_id": "run_historical_job", + "endpoint_path": "/api/v2/siem-threat-hunting/jobs", + "operation_id": "run_threat_hunting_job", "http_method": "POST", "version": "v2", }, params_map={ "body": { "required": True, - "openapi_types": (RunHistoricalJobRequest,), + "openapi_types": (RunThreatHuntingJobRequest,), "location": "body", }, }, @@ -1904,7 +1904,7 @@ def __init__(self, api_client=None): settings={ "response_type": (SecurityMonitoringSignalsListResponse,), "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], - "endpoint_path": "/api/v2/siem-historical-detections/histsignals/search", + "endpoint_path": "/api/v2/siem-threat-hunting/histsignals/search", "operation_id": "search_security_monitoring_histsignals", "http_method": "GET", "version": "v2", @@ -2154,13 +2154,13 @@ def __init__(self, api_client=None): api_client=api_client, ) - def cancel_historical_job( + def cancel_threat_hunting_job( self, job_id: str, ) -> None: - """Cancel a historical job. + """Cancel a threat hunting job. - Cancel a historical job. + Cancel a threat hunting job. :param job_id: The ID of the job. :type job_id: str @@ -2169,7 +2169,7 @@ def cancel_historical_job( kwargs: Dict[str, Any] = {} kwargs["job_id"] = job_id - return self._cancel_historical_job_endpoint.call_with_http_info(**kwargs) + return self._cancel_threat_hunting_job_endpoint.call_with_http_info(**kwargs) def convert_existing_security_monitoring_rule( self, @@ -2358,23 +2358,6 @@ def delete_custom_framework( return self._delete_custom_framework_endpoint.call_with_http_info(**kwargs) - def delete_historical_job( - self, - job_id: str, - ) -> None: - """Delete an existing job. - - Delete an existing job. - - :param job_id: The ID of the job. - :type job_id: str - :rtype: None - """ - kwargs: Dict[str, Any] = {} - kwargs["job_id"] = job_id - - return self._delete_historical_job_endpoint.call_with_http_info(**kwargs) - def delete_security_filter( self, security_filter_id: str, @@ -2443,6 +2426,23 @@ def delete_signal_notification_rule( return self._delete_signal_notification_rule_endpoint.call_with_http_info(**kwargs) + def delete_threat_hunting_job( + self, + job_id: str, + ) -> None: + """Delete an existing job. + + Delete an existing job. + + :param job_id: The ID of the job. + :type job_id: str + :rtype: None + """ + kwargs: Dict[str, Any] = {} + kwargs["job_id"] = job_id + + return self._delete_threat_hunting_job_endpoint.call_with_http_info(**kwargs) + def delete_vulnerability_notification_rule( self, id: str, @@ -2572,23 +2572,6 @@ def get_finding( return self._get_finding_endpoint.call_with_http_info(**kwargs) - def get_historical_job( - self, - job_id: str, - ) -> HistoricalJobResponse: - """Get a job's details. - - Get a job's details. - - :param job_id: The ID of the job. - :type job_id: str - :rtype: HistoricalJobResponse - """ - kwargs: Dict[str, Any] = {} - kwargs["job_id"] = job_id - - return self._get_historical_job_endpoint.call_with_http_info(**kwargs) - def get_resource_evaluation_filters( self, *, @@ -2713,7 +2696,7 @@ def get_security_monitoring_histsignal( Get a hist signal's details. - :param histsignal_id: The ID of the historical signal. + :param histsignal_id: The ID of the threat hunting signal. :type histsignal_id: str :rtype: SecurityMonitoringSignalResponse """ @@ -2894,6 +2877,23 @@ def get_suppressions_affecting_rule( return self._get_suppressions_affecting_rule_endpoint.call_with_http_info(**kwargs) + def get_threat_hunting_job( + self, + job_id: str, + ) -> ThreatHuntingJobResponse: + """Get a job's details. + + Get a job's details. + + :param job_id: The ID of the job. + :type job_id: str + :rtype: ThreatHuntingJobResponse + """ + kwargs: Dict[str, Any] = {} + kwargs["job_id"] = job_id + + return self._get_threat_hunting_job_endpoint.call_with_http_info(**kwargs) + def get_vulnerability_notification_rule( self, id: str, @@ -3259,43 +3259,6 @@ def list_findings_with_pagination( } return endpoint.call_with_http_info_paginated(pagination) - def list_historical_jobs( - self, - *, - page_size: Union[int, UnsetType] = unset, - page_number: Union[int, UnsetType] = unset, - sort: Union[str, UnsetType] = unset, - filter_query: Union[str, UnsetType] = unset, - ) -> ListHistoricalJobsResponse: - """List historical jobs. - - List historical jobs. - - :param page_size: Size for a given page. The maximum allowed value is 100. - :type page_size: int, optional - :param page_number: Specific page number to return. - :type page_number: int, optional - :param sort: The order of the jobs in results. - :type sort: str, optional - :param filter_query: Query used to filter items from the fetched list. - :type filter_query: str, optional - :rtype: ListHistoricalJobsResponse - """ - kwargs: Dict[str, Any] = {} - if page_size is not unset: - kwargs["page_size"] = page_size - - if page_number is not unset: - kwargs["page_number"] = page_number - - if sort is not unset: - kwargs["sort"] = sort - - if filter_query is not unset: - kwargs["filter_query"] = filter_query - - return self._list_historical_jobs_endpoint.call_with_http_info(**kwargs) - def list_scanned_assets_metadata( self, *, @@ -3631,6 +3594,43 @@ def list_security_monitoring_suppressions( return self._list_security_monitoring_suppressions_endpoint.call_with_http_info(**kwargs) + def list_threat_hunting_jobs( + self, + *, + page_size: Union[int, UnsetType] = unset, + page_number: Union[int, UnsetType] = unset, + sort: Union[str, UnsetType] = unset, + filter_query: Union[str, UnsetType] = unset, + ) -> ListThreatHuntingJobsResponse: + """List threat hunting jobs. + + List threat hunting jobs. + + :param page_size: Size for a given page. The maximum allowed value is 100. + :type page_size: int, optional + :param page_number: Specific page number to return. + :type page_number: int, optional + :param sort: The order of the jobs in results. + :type sort: str, optional + :param filter_query: Query used to filter items from the fetched list. + :type filter_query: str, optional + :rtype: ListThreatHuntingJobsResponse + """ + kwargs: Dict[str, Any] = {} + if page_size is not unset: + kwargs["page_size"] = page_size + + if page_number is not unset: + kwargs["page_number"] = page_number + + if sort is not unset: + kwargs["sort"] = sort + + if filter_query is not unset: + kwargs["filter_query"] = filter_query + + return self._list_threat_hunting_jobs_endpoint.call_with_http_info(**kwargs) + def list_vulnerabilities( self, *, @@ -4180,21 +4180,21 @@ def patch_vulnerability_notification_rule( return self._patch_vulnerability_notification_rule_endpoint.call_with_http_info(**kwargs) - def run_historical_job( + def run_threat_hunting_job( self, - body: RunHistoricalJobRequest, + body: RunThreatHuntingJobRequest, ) -> JobCreateResponse: - """Run a historical job. + """Run a threat hunting job. - Run a historical job. + Run a threat hunting job. - :type body: RunHistoricalJobRequest + :type body: RunThreatHuntingJobRequest :rtype: JobCreateResponse """ kwargs: Dict[str, Any] = {} kwargs["body"] = body - return self._run_historical_job_endpoint.call_with_http_info(**kwargs) + return self._run_threat_hunting_job_endpoint.call_with_http_info(**kwargs) def search_security_monitoring_histsignals( self, diff --git a/src/datadog_api_client/v2/model/convert_job_results_to_signals_attributes.py b/src/datadog_api_client/v2/model/convert_job_results_to_signals_attributes.py index 652df1f137..c3cb45b4be 100644 --- a/src/datadog_api_client/v2/model/convert_job_results_to_signals_attributes.py +++ b/src/datadog_api_client/v2/model/convert_job_results_to_signals_attributes.py @@ -48,7 +48,7 @@ def __init__( **kwargs, ): """ - Attributes for converting historical job results to signals. + Attributes for converting threat hunting job results to signals. :param id: Request ID. :type id: str, optional diff --git a/src/datadog_api_client/v2/model/convert_job_results_to_signals_data.py b/src/datadog_api_client/v2/model/convert_job_results_to_signals_data.py index f1884bc7b8..6398be556d 100644 --- a/src/datadog_api_client/v2/model/convert_job_results_to_signals_data.py +++ b/src/datadog_api_client/v2/model/convert_job_results_to_signals_data.py @@ -47,9 +47,9 @@ def __init__( **kwargs, ): """ - Data for converting historical job results to signals. + Data for converting threat hunting job results to signals. - :param attributes: Attributes for converting historical job results to signals. + :param attributes: Attributes for converting threat hunting job results to signals. :type attributes: ConvertJobResultsToSignalsAttributes, optional :param type: Type of payload. diff --git a/src/datadog_api_client/v2/model/convert_job_results_to_signals_request.py b/src/datadog_api_client/v2/model/convert_job_results_to_signals_request.py index 3e56f3c27c..5735a692d5 100644 --- a/src/datadog_api_client/v2/model/convert_job_results_to_signals_request.py +++ b/src/datadog_api_client/v2/model/convert_job_results_to_signals_request.py @@ -32,9 +32,9 @@ def openapi_types(_): def __init__(self_, data: Union[ConvertJobResultsToSignalsData, UnsetType] = unset, **kwargs): """ - Request for converting historical job results to signals. + Request for converting threat hunting job results to signals. - :param data: Data for converting historical job results to signals. + :param data: Data for converting threat hunting job results to signals. :type data: ConvertJobResultsToSignalsData, optional """ if data is not unset: diff --git a/src/datadog_api_client/v2/model/job_create_response.py b/src/datadog_api_client/v2/model/job_create_response.py index f9e0749616..4a4e8ccb2f 100644 --- a/src/datadog_api_client/v2/model/job_create_response.py +++ b/src/datadog_api_client/v2/model/job_create_response.py @@ -32,7 +32,7 @@ def openapi_types(_): def __init__(self_, data: Union[JobCreateResponseData, UnsetType] = unset, **kwargs): """ - Run a historical job response. + Run a threat hunting job response. :param data: The definition of ``JobCreateResponseData`` object. :type data: JobCreateResponseData, optional diff --git a/src/datadog_api_client/v2/model/job_create_response_data.py b/src/datadog_api_client/v2/model/job_create_response_data.py index 999c81dfeb..4da567f23e 100644 --- a/src/datadog_api_client/v2/model/job_create_response_data.py +++ b/src/datadog_api_client/v2/model/job_create_response_data.py @@ -14,17 +14,17 @@ if TYPE_CHECKING: - from datadog_api_client.v2.model.historical_job_data_type import HistoricalJobDataType + from datadog_api_client.v2.model.threat_hunting_job_data_type import ThreatHuntingJobDataType class JobCreateResponseData(ModelNormal): @cached_property def openapi_types(_): - from datadog_api_client.v2.model.historical_job_data_type import HistoricalJobDataType + from datadog_api_client.v2.model.threat_hunting_job_data_type import ThreatHuntingJobDataType return { "id": (str,), - "type": (HistoricalJobDataType,), + "type": (ThreatHuntingJobDataType,), } attribute_map = { @@ -33,7 +33,7 @@ def openapi_types(_): } def __init__( - self_, id: Union[str, UnsetType] = unset, type: Union[HistoricalJobDataType, UnsetType] = unset, **kwargs + self_, id: Union[str, UnsetType] = unset, type: Union[ThreatHuntingJobDataType, UnsetType] = unset, **kwargs ): """ The definition of ``JobCreateResponseData`` object. @@ -42,7 +42,7 @@ def __init__( :type id: str, optional :param type: Type of payload. - :type type: HistoricalJobDataType, optional + :type type: ThreatHuntingJobDataType, optional """ if id is not unset: kwargs["id"] = id diff --git a/src/datadog_api_client/v2/model/job_definition.py b/src/datadog_api_client/v2/model/job_definition.py index dfbbe9241c..0d32769c61 100644 --- a/src/datadog_api_client/v2/model/job_definition.py +++ b/src/datadog_api_client/v2/model/job_definition.py @@ -16,8 +16,8 @@ if TYPE_CHECKING: from datadog_api_client.v2.model.calculated_field import CalculatedField from datadog_api_client.v2.model.security_monitoring_rule_case_create import SecurityMonitoringRuleCaseCreate - from datadog_api_client.v2.model.historical_job_options import HistoricalJobOptions - from datadog_api_client.v2.model.historical_job_query import HistoricalJobQuery + from datadog_api_client.v2.model.threat_hunting_job_options import ThreatHuntingJobOptions + from datadog_api_client.v2.model.threat_hunting_job_query import ThreatHuntingJobQuery from datadog_api_client.v2.model.security_monitoring_reference_table import SecurityMonitoringReferenceTable from datadog_api_client.v2.model.security_monitoring_third_party_rule_case_create import ( SecurityMonitoringThirdPartyRuleCaseCreate, @@ -29,8 +29,8 @@ class JobDefinition(ModelNormal): def openapi_types(_): from datadog_api_client.v2.model.calculated_field import CalculatedField from datadog_api_client.v2.model.security_monitoring_rule_case_create import SecurityMonitoringRuleCaseCreate - from datadog_api_client.v2.model.historical_job_options import HistoricalJobOptions - from datadog_api_client.v2.model.historical_job_query import HistoricalJobQuery + from datadog_api_client.v2.model.threat_hunting_job_options import ThreatHuntingJobOptions + from datadog_api_client.v2.model.threat_hunting_job_query import ThreatHuntingJobQuery from datadog_api_client.v2.model.security_monitoring_reference_table import SecurityMonitoringReferenceTable from datadog_api_client.v2.model.security_monitoring_third_party_rule_case_create import ( SecurityMonitoringThirdPartyRuleCaseCreate, @@ -44,8 +44,8 @@ def openapi_types(_): "index": (str,), "message": (str,), "name": (str,), - "options": (HistoricalJobOptions,), - "queries": ([HistoricalJobQuery],), + "options": (ThreatHuntingJobOptions,), + "queries": ([ThreatHuntingJobQuery],), "reference_tables": ([SecurityMonitoringReferenceTable],), "tags": ([str],), "third_party_cases": ([SecurityMonitoringThirdPartyRuleCaseCreate],), @@ -77,11 +77,11 @@ def __init__( index: str, message: str, name: str, - queries: List[HistoricalJobQuery], + queries: List[ThreatHuntingJobQuery], to: int, calculated_fields: Union[List[CalculatedField], UnsetType] = unset, group_signals_by: Union[List[str], UnsetType] = unset, - options: Union[HistoricalJobOptions, UnsetType] = unset, + options: Union[ThreatHuntingJobOptions, UnsetType] = unset, reference_tables: Union[List[SecurityMonitoringReferenceTable], UnsetType] = unset, tags: Union[List[str], UnsetType] = unset, third_party_cases: Union[List[SecurityMonitoringThirdPartyRuleCaseCreate], UnsetType] = unset, @@ -89,7 +89,7 @@ def __init__( **kwargs, ): """ - Definition of a historical job. + Definition of a threat hunting job. :param calculated_fields: Calculated fields. :type calculated_fields: [CalculatedField], optional @@ -113,10 +113,10 @@ def __init__( :type name: str :param options: Job options. - :type options: HistoricalJobOptions, optional + :type options: ThreatHuntingJobOptions, optional :param queries: Queries for selecting logs analyzed by the job. - :type queries: [HistoricalJobQuery] + :type queries: [ThreatHuntingJobQuery] :param reference_tables: Reference tables used in the queries. :type reference_tables: [SecurityMonitoringReferenceTable], optional diff --git a/src/datadog_api_client/v2/model/job_definition_from_rule.py b/src/datadog_api_client/v2/model/job_definition_from_rule.py index fc6c3c033f..d2df5da040 100644 --- a/src/datadog_api_client/v2/model/job_definition_from_rule.py +++ b/src/datadog_api_client/v2/model/job_definition_from_rule.py @@ -36,7 +36,7 @@ def __init__( self_, _from: int, id: str, index: str, to: int, notifications: Union[List[str], UnsetType] = unset, **kwargs ): """ - Definition of a historical job based on a security monitoring rule. + Definition of a threat hunting job based on a security monitoring rule. :param _from: Starting time of data analyzed by the job. :type _from: int diff --git a/src/datadog_api_client/v2/model/list_historical_jobs_response.py b/src/datadog_api_client/v2/model/list_historical_jobs_response.py deleted file mode 100644 index ef3fa4ae23..0000000000 --- a/src/datadog_api_client/v2/model/list_historical_jobs_response.py +++ /dev/null @@ -1,56 +0,0 @@ -# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. -# This product includes software developed at Datadog (https://www.datadoghq.com/). -# Copyright 2019-Present Datadog, Inc. -from __future__ import annotations - -from typing import List, Union, TYPE_CHECKING - -from datadog_api_client.model_utils import ( - ModelNormal, - cached_property, - unset, - UnsetType, -) - - -if TYPE_CHECKING: - from datadog_api_client.v2.model.historical_job_response_data import HistoricalJobResponseData - from datadog_api_client.v2.model.historical_job_list_meta import HistoricalJobListMeta - - -class ListHistoricalJobsResponse(ModelNormal): - @cached_property - def openapi_types(_): - from datadog_api_client.v2.model.historical_job_response_data import HistoricalJobResponseData - from datadog_api_client.v2.model.historical_job_list_meta import HistoricalJobListMeta - - return { - "data": ([HistoricalJobResponseData],), - "meta": (HistoricalJobListMeta,), - } - - attribute_map = { - "data": "data", - "meta": "meta", - } - - def __init__( - self_, - data: Union[List[HistoricalJobResponseData], UnsetType] = unset, - meta: Union[HistoricalJobListMeta, UnsetType] = unset, - **kwargs, - ): - """ - List of historical jobs. - - :param data: Array containing the list of historical jobs. - :type data: [HistoricalJobResponseData], optional - - :param meta: Metadata about the list of jobs. - :type meta: HistoricalJobListMeta, optional - """ - if data is not unset: - kwargs["data"] = data - if meta is not unset: - kwargs["meta"] = meta - super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/list_threat_hunting_jobs_response.py b/src/datadog_api_client/v2/model/list_threat_hunting_jobs_response.py new file mode 100644 index 0000000000..72a42ecdf4 --- /dev/null +++ b/src/datadog_api_client/v2/model/list_threat_hunting_jobs_response.py @@ -0,0 +1,56 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import List, Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.threat_hunting_job_response_data import ThreatHuntingJobResponseData + from datadog_api_client.v2.model.threat_hunting_job_list_meta import ThreatHuntingJobListMeta + + +class ListThreatHuntingJobsResponse(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.threat_hunting_job_response_data import ThreatHuntingJobResponseData + from datadog_api_client.v2.model.threat_hunting_job_list_meta import ThreatHuntingJobListMeta + + return { + "data": ([ThreatHuntingJobResponseData],), + "meta": (ThreatHuntingJobListMeta,), + } + + attribute_map = { + "data": "data", + "meta": "meta", + } + + def __init__( + self_, + data: Union[List[ThreatHuntingJobResponseData], UnsetType] = unset, + meta: Union[ThreatHuntingJobListMeta, UnsetType] = unset, + **kwargs, + ): + """ + List of threat hunting jobs. + + :param data: Array containing the list of threat hunting jobs. + :type data: [ThreatHuntingJobResponseData], optional + + :param meta: Metadata about the list of jobs. + :type meta: ThreatHuntingJobListMeta, optional + """ + if data is not unset: + kwargs["data"] = data + if meta is not unset: + kwargs["meta"] = meta + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/run_historical_job_request_data.py b/src/datadog_api_client/v2/model/run_historical_job_request_data.py deleted file mode 100644 index a3525bb5b6..0000000000 --- a/src/datadog_api_client/v2/model/run_historical_job_request_data.py +++ /dev/null @@ -1,56 +0,0 @@ -# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. -# This product includes software developed at Datadog (https://www.datadoghq.com/). -# Copyright 2019-Present Datadog, Inc. -from __future__ import annotations - -from typing import Union, TYPE_CHECKING - -from datadog_api_client.model_utils import ( - ModelNormal, - cached_property, - unset, - UnsetType, -) - - -if TYPE_CHECKING: - from datadog_api_client.v2.model.run_historical_job_request_attributes import RunHistoricalJobRequestAttributes - from datadog_api_client.v2.model.run_historical_job_request_data_type import RunHistoricalJobRequestDataType - - -class RunHistoricalJobRequestData(ModelNormal): - @cached_property - def openapi_types(_): - from datadog_api_client.v2.model.run_historical_job_request_attributes import RunHistoricalJobRequestAttributes - from datadog_api_client.v2.model.run_historical_job_request_data_type import RunHistoricalJobRequestDataType - - return { - "attributes": (RunHistoricalJobRequestAttributes,), - "type": (RunHistoricalJobRequestDataType,), - } - - attribute_map = { - "attributes": "attributes", - "type": "type", - } - - def __init__( - self_, - attributes: Union[RunHistoricalJobRequestAttributes, UnsetType] = unset, - type: Union[RunHistoricalJobRequestDataType, UnsetType] = unset, - **kwargs, - ): - """ - Data for running a historical job request. - - :param attributes: Run a historical job request. - :type attributes: RunHistoricalJobRequestAttributes, optional - - :param type: Type of data. - :type type: RunHistoricalJobRequestDataType, optional - """ - if attributes is not unset: - kwargs["attributes"] = attributes - if type is not unset: - kwargs["type"] = type - super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/run_historical_job_request.py b/src/datadog_api_client/v2/model/run_threat_hunting_job_request.py similarity index 53% rename from src/datadog_api_client/v2/model/run_historical_job_request.py rename to src/datadog_api_client/v2/model/run_threat_hunting_job_request.py index f0a01475fa..ea31a26145 100644 --- a/src/datadog_api_client/v2/model/run_historical_job_request.py +++ b/src/datadog_api_client/v2/model/run_threat_hunting_job_request.py @@ -14,28 +14,28 @@ if TYPE_CHECKING: - from datadog_api_client.v2.model.run_historical_job_request_data import RunHistoricalJobRequestData + from datadog_api_client.v2.model.run_threat_hunting_job_request_data import RunThreatHuntingJobRequestData -class RunHistoricalJobRequest(ModelNormal): +class RunThreatHuntingJobRequest(ModelNormal): @cached_property def openapi_types(_): - from datadog_api_client.v2.model.run_historical_job_request_data import RunHistoricalJobRequestData + from datadog_api_client.v2.model.run_threat_hunting_job_request_data import RunThreatHuntingJobRequestData return { - "data": (RunHistoricalJobRequestData,), + "data": (RunThreatHuntingJobRequestData,), } attribute_map = { "data": "data", } - def __init__(self_, data: Union[RunHistoricalJobRequestData, UnsetType] = unset, **kwargs): + def __init__(self_, data: Union[RunThreatHuntingJobRequestData, UnsetType] = unset, **kwargs): """ - Run a historical job request. + Run a threat hunting job request. - :param data: Data for running a historical job request. - :type data: RunHistoricalJobRequestData, optional + :param data: Data for running a threat hunting job request. + :type data: RunThreatHuntingJobRequestData, optional """ if data is not unset: kwargs["data"] = data diff --git a/src/datadog_api_client/v2/model/run_historical_job_request_attributes.py b/src/datadog_api_client/v2/model/run_threat_hunting_job_request_attributes.py similarity index 87% rename from src/datadog_api_client/v2/model/run_historical_job_request_attributes.py rename to src/datadog_api_client/v2/model/run_threat_hunting_job_request_attributes.py index 11de4c972a..c7f3c7ece8 100644 --- a/src/datadog_api_client/v2/model/run_historical_job_request_attributes.py +++ b/src/datadog_api_client/v2/model/run_threat_hunting_job_request_attributes.py @@ -18,7 +18,7 @@ from datadog_api_client.v2.model.job_definition import JobDefinition -class RunHistoricalJobRequestAttributes(ModelNormal): +class RunThreatHuntingJobRequestAttributes(ModelNormal): @cached_property def openapi_types(_): from datadog_api_client.v2.model.job_definition_from_rule import JobDefinitionFromRule @@ -44,15 +44,15 @@ def __init__( **kwargs, ): """ - Run a historical job request. + Run a threat hunting job request. - :param from_rule: Definition of a historical job based on a security monitoring rule. + :param from_rule: Definition of a threat hunting job based on a security monitoring rule. :type from_rule: JobDefinitionFromRule, optional :param id: Request ID. :type id: str, optional - :param job_definition: Definition of a historical job. + :param job_definition: Definition of a threat hunting job. :type job_definition: JobDefinition, optional """ if from_rule is not unset: diff --git a/src/datadog_api_client/v2/model/run_threat_hunting_job_request_data.py b/src/datadog_api_client/v2/model/run_threat_hunting_job_request_data.py new file mode 100644 index 0000000000..e39b4c6e2a --- /dev/null +++ b/src/datadog_api_client/v2/model/run_threat_hunting_job_request_data.py @@ -0,0 +1,62 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.run_threat_hunting_job_request_attributes import ( + RunThreatHuntingJobRequestAttributes, + ) + from datadog_api_client.v2.model.run_threat_hunting_job_request_data_type import RunThreatHuntingJobRequestDataType + + +class RunThreatHuntingJobRequestData(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.run_threat_hunting_job_request_attributes import ( + RunThreatHuntingJobRequestAttributes, + ) + from datadog_api_client.v2.model.run_threat_hunting_job_request_data_type import ( + RunThreatHuntingJobRequestDataType, + ) + + return { + "attributes": (RunThreatHuntingJobRequestAttributes,), + "type": (RunThreatHuntingJobRequestDataType,), + } + + attribute_map = { + "attributes": "attributes", + "type": "type", + } + + def __init__( + self_, + attributes: Union[RunThreatHuntingJobRequestAttributes, UnsetType] = unset, + type: Union[RunThreatHuntingJobRequestDataType, UnsetType] = unset, + **kwargs, + ): + """ + Data for running a threat hunting job request. + + :param attributes: Run a threat hunting job request. + :type attributes: RunThreatHuntingJobRequestAttributes, optional + + :param type: Type of data. + :type type: RunThreatHuntingJobRequestDataType, optional + """ + if attributes is not unset: + kwargs["attributes"] = attributes + if type is not unset: + kwargs["type"] = type + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/run_historical_job_request_data_type.py b/src/datadog_api_client/v2/model/run_threat_hunting_job_request_data_type.py similarity index 76% rename from src/datadog_api_client/v2/model/run_historical_job_request_data_type.py rename to src/datadog_api_client/v2/model/run_threat_hunting_job_request_data_type.py index 1ec2f5f6f5..496a32764b 100644 --- a/src/datadog_api_client/v2/model/run_historical_job_request_data_type.py +++ b/src/datadog_api_client/v2/model/run_threat_hunting_job_request_data_type.py @@ -12,7 +12,7 @@ from typing import ClassVar -class RunHistoricalJobRequestDataType(ModelSimple): +class RunThreatHuntingJobRequestDataType(ModelSimple): """ Type of data. @@ -23,7 +23,7 @@ class RunHistoricalJobRequestDataType(ModelSimple): allowed_values = { "historicalDetectionsJobCreate", } - HISTORICALDETECTIONSJOBCREATE: ClassVar["RunHistoricalJobRequestDataType"] + HISTORICALDETECTIONSJOBCREATE: ClassVar["RunThreatHuntingJobRequestDataType"] @cached_property def openapi_types(_): @@ -32,6 +32,6 @@ def openapi_types(_): } -RunHistoricalJobRequestDataType.HISTORICALDETECTIONSJOBCREATE = RunHistoricalJobRequestDataType( +RunThreatHuntingJobRequestDataType.HISTORICALDETECTIONSJOBCREATE = RunThreatHuntingJobRequestDataType( "historicalDetectionsJobCreate" ) diff --git a/src/datadog_api_client/v2/model/historical_job_data_type.py b/src/datadog_api_client/v2/model/threat_hunting_job_data_type.py similarity index 77% rename from src/datadog_api_client/v2/model/historical_job_data_type.py rename to src/datadog_api_client/v2/model/threat_hunting_job_data_type.py index 47255ed1f4..a3f4bd3657 100644 --- a/src/datadog_api_client/v2/model/historical_job_data_type.py +++ b/src/datadog_api_client/v2/model/threat_hunting_job_data_type.py @@ -12,7 +12,7 @@ from typing import ClassVar -class HistoricalJobDataType(ModelSimple): +class ThreatHuntingJobDataType(ModelSimple): """ Type of payload. @@ -23,7 +23,7 @@ class HistoricalJobDataType(ModelSimple): allowed_values = { "historicalDetectionsJob", } - HISTORICALDETECTIONSJOB: ClassVar["HistoricalJobDataType"] + HISTORICALDETECTIONSJOB: ClassVar["ThreatHuntingJobDataType"] @cached_property def openapi_types(_): @@ -32,4 +32,4 @@ def openapi_types(_): } -HistoricalJobDataType.HISTORICALDETECTIONSJOB = HistoricalJobDataType("historicalDetectionsJob") +ThreatHuntingJobDataType.HISTORICALDETECTIONSJOB = ThreatHuntingJobDataType("historicalDetectionsJob") diff --git a/src/datadog_api_client/v2/model/historical_job_list_meta.py b/src/datadog_api_client/v2/model/threat_hunting_job_list_meta.py similarity index 95% rename from src/datadog_api_client/v2/model/historical_job_list_meta.py rename to src/datadog_api_client/v2/model/threat_hunting_job_list_meta.py index 4d6b3cb496..a752934c91 100644 --- a/src/datadog_api_client/v2/model/historical_job_list_meta.py +++ b/src/datadog_api_client/v2/model/threat_hunting_job_list_meta.py @@ -13,7 +13,7 @@ ) -class HistoricalJobListMeta(ModelNormal): +class ThreatHuntingJobListMeta(ModelNormal): validations = { "total_count": { "inclusive_maximum": 2147483647, diff --git a/src/datadog_api_client/v2/model/historical_job_options.py b/src/datadog_api_client/v2/model/threat_hunting_job_options.py similarity index 99% rename from src/datadog_api_client/v2/model/historical_job_options.py rename to src/datadog_api_client/v2/model/threat_hunting_job_options.py index 2d5971a47a..09c69dc9f7 100644 --- a/src/datadog_api_client/v2/model/historical_job_options.py +++ b/src/datadog_api_client/v2/model/threat_hunting_job_options.py @@ -38,7 +38,7 @@ ) -class HistoricalJobOptions(ModelNormal): +class ThreatHuntingJobOptions(ModelNormal): @cached_property def openapi_types(_): from datadog_api_client.v2.model.security_monitoring_rule_detection_method import ( diff --git a/src/datadog_api_client/v2/model/historical_job_query.py b/src/datadog_api_client/v2/model/threat_hunting_job_query.py similarity index 97% rename from src/datadog_api_client/v2/model/historical_job_query.py rename to src/datadog_api_client/v2/model/threat_hunting_job_query.py index ed3575f7ce..93584317ba 100644 --- a/src/datadog_api_client/v2/model/historical_job_query.py +++ b/src/datadog_api_client/v2/model/threat_hunting_job_query.py @@ -22,7 +22,7 @@ ) -class HistoricalJobQuery(ModelNormal): +class ThreatHuntingJobQuery(ModelNormal): @cached_property def openapi_types(_): from datadog_api_client.v2.model.security_monitoring_rule_query_aggregation import ( @@ -67,7 +67,7 @@ def __init__( **kwargs, ): """ - Query for selecting logs analyzed by the historical job. + Query for selecting logs analyzed by the threat hunting job. :param aggregation: The aggregation type. :type aggregation: SecurityMonitoringRuleQueryAggregation, optional diff --git a/src/datadog_api_client/v2/model/historical_job_response.py b/src/datadog_api_client/v2/model/threat_hunting_job_response.py similarity index 55% rename from src/datadog_api_client/v2/model/historical_job_response.py rename to src/datadog_api_client/v2/model/threat_hunting_job_response.py index e0fc283d76..c6cef6cc8b 100644 --- a/src/datadog_api_client/v2/model/historical_job_response.py +++ b/src/datadog_api_client/v2/model/threat_hunting_job_response.py @@ -14,28 +14,28 @@ if TYPE_CHECKING: - from datadog_api_client.v2.model.historical_job_response_data import HistoricalJobResponseData + from datadog_api_client.v2.model.threat_hunting_job_response_data import ThreatHuntingJobResponseData -class HistoricalJobResponse(ModelNormal): +class ThreatHuntingJobResponse(ModelNormal): @cached_property def openapi_types(_): - from datadog_api_client.v2.model.historical_job_response_data import HistoricalJobResponseData + from datadog_api_client.v2.model.threat_hunting_job_response_data import ThreatHuntingJobResponseData return { - "data": (HistoricalJobResponseData,), + "data": (ThreatHuntingJobResponseData,), } attribute_map = { "data": "data", } - def __init__(self_, data: Union[HistoricalJobResponseData, UnsetType] = unset, **kwargs): + def __init__(self_, data: Union[ThreatHuntingJobResponseData, UnsetType] = unset, **kwargs): """ - Historical job response. + Threat hunting job response. - :param data: Historical job response data. - :type data: HistoricalJobResponseData, optional + :param data: Threat hunting job response data. + :type data: ThreatHuntingJobResponseData, optional """ if data is not unset: kwargs["data"] = data diff --git a/src/datadog_api_client/v2/model/historical_job_response_attributes.py b/src/datadog_api_client/v2/model/threat_hunting_job_response_attributes.py similarity index 95% rename from src/datadog_api_client/v2/model/historical_job_response_attributes.py rename to src/datadog_api_client/v2/model/threat_hunting_job_response_attributes.py index a321065cf9..eaade810c1 100644 --- a/src/datadog_api_client/v2/model/historical_job_response_attributes.py +++ b/src/datadog_api_client/v2/model/threat_hunting_job_response_attributes.py @@ -17,7 +17,7 @@ from datadog_api_client.v2.model.job_definition import JobDefinition -class HistoricalJobResponseAttributes(ModelNormal): +class ThreatHuntingJobResponseAttributes(ModelNormal): @cached_property def openapi_types(_): from datadog_api_client.v2.model.job_definition import JobDefinition @@ -57,7 +57,7 @@ def __init__( **kwargs, ): """ - Historical job attributes. + Threat hunting job attributes. :param created_at: Time when the job was created. :type created_at: str, optional @@ -71,7 +71,7 @@ def __init__( :param created_from_rule_id: ID of the rule used to create the job (if it is created from a rule). :type created_from_rule_id: str, optional - :param job_definition: Definition of a historical job. + :param job_definition: Definition of a threat hunting job. :type job_definition: JobDefinition, optional :param job_name: Job name. diff --git a/src/datadog_api_client/v2/model/historical_job_response_data.py b/src/datadog_api_client/v2/model/threat_hunting_job_response_data.py similarity index 52% rename from src/datadog_api_client/v2/model/historical_job_response_data.py rename to src/datadog_api_client/v2/model/threat_hunting_job_response_data.py index 0858e99467..28b59926aa 100644 --- a/src/datadog_api_client/v2/model/historical_job_response_data.py +++ b/src/datadog_api_client/v2/model/threat_hunting_job_response_data.py @@ -14,20 +14,22 @@ if TYPE_CHECKING: - from datadog_api_client.v2.model.historical_job_response_attributes import HistoricalJobResponseAttributes - from datadog_api_client.v2.model.historical_job_data_type import HistoricalJobDataType + from datadog_api_client.v2.model.threat_hunting_job_response_attributes import ThreatHuntingJobResponseAttributes + from datadog_api_client.v2.model.threat_hunting_job_data_type import ThreatHuntingJobDataType -class HistoricalJobResponseData(ModelNormal): +class ThreatHuntingJobResponseData(ModelNormal): @cached_property def openapi_types(_): - from datadog_api_client.v2.model.historical_job_response_attributes import HistoricalJobResponseAttributes - from datadog_api_client.v2.model.historical_job_data_type import HistoricalJobDataType + from datadog_api_client.v2.model.threat_hunting_job_response_attributes import ( + ThreatHuntingJobResponseAttributes, + ) + from datadog_api_client.v2.model.threat_hunting_job_data_type import ThreatHuntingJobDataType return { - "attributes": (HistoricalJobResponseAttributes,), + "attributes": (ThreatHuntingJobResponseAttributes,), "id": (str,), - "type": (HistoricalJobDataType,), + "type": (ThreatHuntingJobDataType,), } attribute_map = { @@ -38,22 +40,22 @@ def openapi_types(_): def __init__( self_, - attributes: Union[HistoricalJobResponseAttributes, UnsetType] = unset, + attributes: Union[ThreatHuntingJobResponseAttributes, UnsetType] = unset, id: Union[str, UnsetType] = unset, - type: Union[HistoricalJobDataType, UnsetType] = unset, + type: Union[ThreatHuntingJobDataType, UnsetType] = unset, **kwargs, ): """ - Historical job response data. + Threat hunting job response data. - :param attributes: Historical job attributes. - :type attributes: HistoricalJobResponseAttributes, optional + :param attributes: Threat hunting job attributes. + :type attributes: ThreatHuntingJobResponseAttributes, optional :param id: ID of the job. :type id: str, optional :param type: Type of payload. - :type type: HistoricalJobDataType, optional + :type type: ThreatHuntingJobDataType, optional """ if attributes is not unset: kwargs["attributes"] = attributes diff --git a/src/datadog_api_client/v2/models/__init__.py b/src/datadog_api_client/v2/models/__init__.py index 436cf9f45f..b34ed37bbd 100644 --- a/src/datadog_api_client/v2/models/__init__.py +++ b/src/datadog_api_client/v2/models/__init__.py @@ -1748,13 +1748,6 @@ from datadog_api_client.v2.model.http_token_auth_type import HTTPTokenAuthType from datadog_api_client.v2.model.http_token_auth_update import HTTPTokenAuthUpdate from datadog_api_client.v2.model.http_token_update import HTTPTokenUpdate -from datadog_api_client.v2.model.historical_job_data_type import HistoricalJobDataType -from datadog_api_client.v2.model.historical_job_list_meta import HistoricalJobListMeta -from datadog_api_client.v2.model.historical_job_options import HistoricalJobOptions -from datadog_api_client.v2.model.historical_job_query import HistoricalJobQuery -from datadog_api_client.v2.model.historical_job_response import HistoricalJobResponse -from datadog_api_client.v2.model.historical_job_response_attributes import HistoricalJobResponseAttributes -from datadog_api_client.v2.model.historical_job_response_data import HistoricalJobResponseData from datadog_api_client.v2.model.hourly_usage import HourlyUsage from datadog_api_client.v2.model.hourly_usage_attributes import HourlyUsageAttributes from datadog_api_client.v2.model.hourly_usage_measurement import HourlyUsageMeasurement @@ -2145,7 +2138,6 @@ from datadog_api_client.v2.model.list_findings_meta import ListFindingsMeta from datadog_api_client.v2.model.list_findings_page import ListFindingsPage from datadog_api_client.v2.model.list_findings_response import ListFindingsResponse -from datadog_api_client.v2.model.list_historical_jobs_response import ListHistoricalJobsResponse from datadog_api_client.v2.model.list_kind_catalog_response import ListKindCatalogResponse from datadog_api_client.v2.model.list_pipelines_response import ListPipelinesResponse from datadog_api_client.v2.model.list_pipelines_response_meta import ListPipelinesResponseMeta @@ -2160,6 +2152,7 @@ from datadog_api_client.v2.model.list_tags_response_data_attributes import ListTagsResponseDataAttributes from datadog_api_client.v2.model.list_teams_include import ListTeamsInclude from datadog_api_client.v2.model.list_teams_sort import ListTeamsSort +from datadog_api_client.v2.model.list_threat_hunting_jobs_response import ListThreatHuntingJobsResponse from datadog_api_client.v2.model.list_vulnerabilities_response import ListVulnerabilitiesResponse from datadog_api_client.v2.model.list_vulnerable_assets_response import ListVulnerableAssetsResponse from datadog_api_client.v2.model.log import Log @@ -3629,10 +3622,10 @@ from datadog_api_client.v2.model.rum_retention_filters_order_request import RumRetentionFiltersOrderRequest from datadog_api_client.v2.model.rum_retention_filters_order_response import RumRetentionFiltersOrderResponse from datadog_api_client.v2.model.rum_retention_filters_response import RumRetentionFiltersResponse -from datadog_api_client.v2.model.run_historical_job_request import RunHistoricalJobRequest -from datadog_api_client.v2.model.run_historical_job_request_attributes import RunHistoricalJobRequestAttributes -from datadog_api_client.v2.model.run_historical_job_request_data import RunHistoricalJobRequestData -from datadog_api_client.v2.model.run_historical_job_request_data_type import RunHistoricalJobRequestDataType +from datadog_api_client.v2.model.run_threat_hunting_job_request import RunThreatHuntingJobRequest +from datadog_api_client.v2.model.run_threat_hunting_job_request_attributes import RunThreatHuntingJobRequestAttributes +from datadog_api_client.v2.model.run_threat_hunting_job_request_data import RunThreatHuntingJobRequestData +from datadog_api_client.v2.model.run_threat_hunting_job_request_data_type import RunThreatHuntingJobRequestDataType from datadog_api_client.v2.model.saml_assertion_attribute import SAMLAssertionAttribute from datadog_api_client.v2.model.saml_assertion_attribute_attributes import SAMLAssertionAttributeAttributes from datadog_api_client.v2.model.saml_assertion_attributes_type import SAMLAssertionAttributesType @@ -4411,6 +4404,13 @@ from datadog_api_client.v2.model.teams_response_links import TeamsResponseLinks from datadog_api_client.v2.model.teams_response_meta import TeamsResponseMeta from datadog_api_client.v2.model.teams_response_meta_pagination import TeamsResponseMetaPagination +from datadog_api_client.v2.model.threat_hunting_job_data_type import ThreatHuntingJobDataType +from datadog_api_client.v2.model.threat_hunting_job_list_meta import ThreatHuntingJobListMeta +from datadog_api_client.v2.model.threat_hunting_job_options import ThreatHuntingJobOptions +from datadog_api_client.v2.model.threat_hunting_job_query import ThreatHuntingJobQuery +from datadog_api_client.v2.model.threat_hunting_job_response import ThreatHuntingJobResponse +from datadog_api_client.v2.model.threat_hunting_job_response_attributes import ThreatHuntingJobResponseAttributes +from datadog_api_client.v2.model.threat_hunting_job_response_data import ThreatHuntingJobResponseData from datadog_api_client.v2.model.time_restriction import TimeRestriction from datadog_api_client.v2.model.time_restrictions import TimeRestrictions from datadog_api_client.v2.model.timeline_cell import TimelineCell @@ -5990,13 +5990,6 @@ "HTTPTokenAuthType", "HTTPTokenAuthUpdate", "HTTPTokenUpdate", - "HistoricalJobDataType", - "HistoricalJobListMeta", - "HistoricalJobOptions", - "HistoricalJobQuery", - "HistoricalJobResponse", - "HistoricalJobResponseAttributes", - "HistoricalJobResponseData", "HourlyUsage", "HourlyUsageAttributes", "HourlyUsageMeasurement", @@ -6317,7 +6310,6 @@ "ListFindingsMeta", "ListFindingsPage", "ListFindingsResponse", - "ListHistoricalJobsResponse", "ListKindCatalogResponse", "ListPipelinesResponse", "ListPipelinesResponseMeta", @@ -6332,6 +6324,7 @@ "ListTagsResponseDataAttributes", "ListTeamsInclude", "ListTeamsSort", + "ListThreatHuntingJobsResponse", "ListVulnerabilitiesResponse", "ListVulnerableAssetsResponse", "Log", @@ -7281,10 +7274,10 @@ "RumRetentionFiltersOrderRequest", "RumRetentionFiltersOrderResponse", "RumRetentionFiltersResponse", - "RunHistoricalJobRequest", - "RunHistoricalJobRequestAttributes", - "RunHistoricalJobRequestData", - "RunHistoricalJobRequestDataType", + "RunThreatHuntingJobRequest", + "RunThreatHuntingJobRequestAttributes", + "RunThreatHuntingJobRequestData", + "RunThreatHuntingJobRequestDataType", "SAMLAssertionAttribute", "SAMLAssertionAttributeAttributes", "SAMLAssertionAttributesType", @@ -7839,6 +7832,13 @@ "TeamsResponseLinks", "TeamsResponseMeta", "TeamsResponseMetaPagination", + "ThreatHuntingJobDataType", + "ThreatHuntingJobListMeta", + "ThreatHuntingJobOptions", + "ThreatHuntingJobQuery", + "ThreatHuntingJobResponse", + "ThreatHuntingJobResponseAttributes", + "ThreatHuntingJobResponseData", "TimeRestriction", "TimeRestrictions", "TimelineCell", diff --git a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_bad_request_response.frozen b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_bad_request_response.frozen index bf92f15d9d..633b88ea1a 100644 --- a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_bad_request_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_bad_request_response.frozen @@ -1 +1 @@ -2024-11-08T09:54:38.539Z \ No newline at end of file +2025-10-24T14:24:00.041Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_bad_request_response.yaml b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_bad_request_response.yaml index da62aa4acb..d5dd4e35d2 100644 --- a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_bad_request_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_bad_request_response.yaml @@ -5,7 +5,7 @@ interactions: accept: - '*/*' method: PATCH - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/inva-lid/cancel + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/inva-lid/cancel response: body: string: '{"errors":[{"status":"400","detail":"invalid jobId"}]}' diff --git a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_not_found_response.frozen b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_not_found_response.frozen index 8bf8faeef3..213014e1d2 100644 --- a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_not_found_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_not_found_response.frozen @@ -1 +1 @@ -2024-11-08T09:54:39.006Z \ No newline at end of file +2025-10-24T14:24:00.856Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_not_found_response.yaml b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_not_found_response.yaml index cd28894027..ba24e0ad9d 100644 --- a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_not_found_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_not_found_response.yaml @@ -5,11 +5,10 @@ interactions: accept: - '*/*' method: PATCH - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93/cancel + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93/cancel response: body: - string: '{"errors":[{"status":"404","title":"Not Found","detail":"Job 8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93 - was not found."}]}' + string: '{"errors":[{"status":"404","detail":"Not Found"}]}' headers: content-type: - application/vnd.api+json diff --git a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_ok_response.frozen b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_ok_response.frozen index 8eee63f586..9b9326abb8 100644 --- a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_ok_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_ok_response.frozen @@ -1 +1 @@ -2024-11-08T09:54:39.082Z \ No newline at end of file +2025-10-24T14:24:00.975Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_ok_response.yaml b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_ok_response.yaml index ebe1db17b5..0b4be6fc32 100644 --- a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_ok_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_ok_response.yaml @@ -9,10 +9,10 @@ interactions: content-type: - application/json method: POST - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs response: body: - string: '{"data":{"id":"e332b07e-d573-45fa-b2df-9a1bcc27f17e","type":"historicalDetectionsJob"}}' + string: '{"data":{"id":"cafe565c-106b-486e-ad21-a712656723b4","type":"historicalDetectionsJob"}}' headers: content-type: - application/vnd.api+json @@ -25,7 +25,7 @@ interactions: accept: - '*/*' method: PATCH - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/e332b07e-d573-45fa-b2df-9a1bcc27f17e/cancel + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/cafe565c-106b-486e-ad21-a712656723b4/cancel response: body: string: '' diff --git a/tests/v2/cassettes/test_scenarios/test_convert_a_job_result_to_a_signal_returns_bad_request_response.frozen b/tests/v2/cassettes/test_scenarios/test_convert_a_job_result_to_a_signal_returns_bad_request_response.frozen index b819957f31..ba1f583e59 100644 --- a/tests/v2/cassettes/test_scenarios/test_convert_a_job_result_to_a_signal_returns_bad_request_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_convert_a_job_result_to_a_signal_returns_bad_request_response.frozen @@ -1 +1 @@ -2024-11-08T09:54:39.280Z \ No newline at end of file +2025-10-24T14:24:01.235Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_convert_a_job_result_to_a_signal_returns_bad_request_response.yaml b/tests/v2/cassettes/test_scenarios/test_convert_a_job_result_to_a_signal_returns_bad_request_response.yaml index 43a4136bb1..e6f3aef95f 100644 --- a/tests/v2/cassettes/test_scenarios/test_convert_a_job_result_to_a_signal_returns_bad_request_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_convert_a_job_result_to_a_signal_returns_bad_request_response.yaml @@ -8,7 +8,7 @@ interactions: content-type: - application/json method: POST - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/signal_convert + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/signal_convert response: body: string: '{"errors":[{"status":"400","title":"Generic Error","detail":"empty diff --git a/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_bad_request_response.frozen b/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_bad_request_response.frozen index 553556ed2e..cf2f32dfa3 100644 --- a/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_bad_request_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_bad_request_response.frozen @@ -1 +1 @@ -2024-11-08T09:54:39.371Z \ No newline at end of file +2025-10-24T14:24:01.339Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_bad_request_response.yaml b/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_bad_request_response.yaml index 12382ec2f4..6e3c15ecdb 100644 --- a/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_bad_request_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_bad_request_response.yaml @@ -5,7 +5,7 @@ interactions: accept: - '*/*' method: DELETE - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/inva-lid + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/inva-lid response: body: string: '{"errors":[{"status":"400","title":"Generic Error","detail":"invalid diff --git a/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_not_found_response.frozen b/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_not_found_response.frozen index e02fd6acb1..68a6b0aca2 100644 --- a/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_not_found_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_not_found_response.frozen @@ -1 +1 @@ -2024-11-08T09:54:39.455Z \ No newline at end of file +2025-10-24T14:24:01.428Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_not_found_response.yaml b/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_not_found_response.yaml index 663461488f..3259a6ae5b 100644 --- a/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_not_found_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_not_found_response.yaml @@ -5,11 +5,10 @@ interactions: accept: - '*/*' method: DELETE - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93 + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93 response: body: - string: '{"errors":[{"status":"404","title":"Not Found","detail":"Job 8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93 - was not found."}]}' + string: '{"errors":[{"status":"404","detail":"Not Found"}]}' headers: content-type: - application/vnd.api+json diff --git a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_bad_request_response.frozen b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_bad_request_response.frozen index 14e9603485..fa7eb2eaf3 100644 --- a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_bad_request_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_bad_request_response.frozen @@ -1 +1 @@ -2024-11-08T09:54:39.538Z \ No newline at end of file +2025-10-24T14:24:01.540Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_bad_request_response.yaml b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_bad_request_response.yaml index 8c1258a2d4..47fed264c6 100644 --- a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_bad_request_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_bad_request_response.yaml @@ -5,7 +5,7 @@ interactions: accept: - application/json method: GET - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/inva-lid + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/inva-lid response: body: string: '{"errors":[{"status":"400","detail":"invalid jobId"}]}' diff --git a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_not_found_response.frozen b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_not_found_response.frozen index 5cc9a16c87..8b7389cc8b 100644 --- a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_not_found_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_not_found_response.frozen @@ -1 +1 @@ -2024-11-08T09:54:39.611Z \ No newline at end of file +2025-10-24T14:24:01.618Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_not_found_response.yaml b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_not_found_response.yaml index e6615feaed..7ffa2328f0 100644 --- a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_not_found_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_not_found_response.yaml @@ -5,7 +5,7 @@ interactions: accept: - application/json method: GET - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93 + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93 response: body: string: '{"errors":[{"status":"404","title":"Not Found","detail":"Job 8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93 diff --git a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_ok_response.frozen b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_ok_response.frozen index 34c6fa0684..6994ed2707 100644 --- a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_ok_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_ok_response.frozen @@ -1 +1 @@ -2024-12-18T17:02:38.823Z \ No newline at end of file +2025-10-24T14:24:01.707Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_ok_response.yaml b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_ok_response.yaml index ea013bc0d8..8b3b19cb1a 100644 --- a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_ok_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_ok_response.yaml @@ -9,10 +9,10 @@ interactions: content-type: - application/json method: POST - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs response: body: - string: '{"data":{"id":"fa90e7ac-998d-4bf4-9d32-2e831a1e9479","type":"historicalDetectionsJob"}}' + string: '{"data":{"id":"071b3516-4072-44d9-9288-d4adaa1db921","type":"historicalDetectionsJob"}}' headers: content-type: - application/vnd.api+json @@ -25,17 +25,17 @@ interactions: accept: - application/json method: GET - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/fa90e7ac-998d-4bf4-9d32-2e831a1e9479 + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/071b3516-4072-44d9-9288-d4adaa1db921 response: body: - string: '{"data":{"id":"fa90e7ac-998d-4bf4-9d32-2e831a1e9479","type":"historicalDetectionsJob","attributes":{"createdAt":"2024-12-18 - 17:02:39.551791+00","createdByHandle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca","createdByName":"CI + string: '{"data":{"id":"071b3516-4072-44d9-9288-d4adaa1db921","type":"historicalDetectionsJob","attributes":{"createdAt":"2025-10-24 + 14:24:02.057923+00","createdByHandle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca","createdByName":"CI Account","jobDefinition":{"from":1730387522611,"to":1730387532611,"index":"main","name":"Excessive number of failed attempts.","cases":[{"name":"Condition 1","status":"info","notifications":[],"condition":"a - \u003e 1"}],"queries":[{"query":"source:non_existing_src_weekend","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":""}],"options":{"evaluationWindow":900,"detectionMethod":"threshold","maxSignalDuration":86400,"keepAlive":3600},"message":"A + \u003e 1"}],"queries":[{"query":"source:non_existing_src_weekend","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"","dataSource":"logs"}],"options":{"evaluationWindow":900,"detectionMethod":"threshold","maxSignalDuration":86400,"keepAlive":3600},"message":"A large number of failed login attempts.","tags":[],"type":"log_detection"},"jobName":"Excessive - number of failed attempts.","jobStatus":"pending","modifiedAt":"2024-12-18 - 17:02:39.551791+00"}}}' + number of failed attempts.","jobStatus":"pending","modifiedAt":"2025-10-24 + 14:24:02.057923+00"}}}' headers: content-type: - application/vnd.api+json diff --git a/tests/v2/cassettes/test_scenarios/test_list_historical_jobs_returns_ok_response.frozen b/tests/v2/cassettes/test_scenarios/test_list_historical_jobs_returns_ok_response.frozen index b139681f64..2c0d4ff4e3 100644 --- a/tests/v2/cassettes/test_scenarios/test_list_historical_jobs_returns_ok_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_list_historical_jobs_returns_ok_response.frozen @@ -1 +1 @@ -2024-12-18T17:02:39.880Z \ No newline at end of file +2025-10-24T14:24:02.188Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_list_historical_jobs_returns_ok_response.yaml b/tests/v2/cassettes/test_scenarios/test_list_historical_jobs_returns_ok_response.yaml index d4ef944bd7..4658577128 100644 --- a/tests/v2/cassettes/test_scenarios/test_list_historical_jobs_returns_ok_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_list_historical_jobs_returns_ok_response.yaml @@ -9,10 +9,10 @@ interactions: content-type: - application/json method: POST - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs response: body: - string: '{"data":{"id":"7b16f110-0ce9-46cd-9dad-b658ced2ac50","type":"historicalDetectionsJob"}}' + string: '{"data":{"id":"e935c6c8-ba76-4ebf-8770-bb772a5ec1ed","type":"historicalDetectionsJob"}}' headers: content-type: - application/vnd.api+json @@ -25,17 +25,17 @@ interactions: accept: - application/json method: GET - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs?filter%5Bquery%5D=id%3A7b16f110-0ce9-46cd-9dad-b658ced2ac50 + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs?filter%5Bquery%5D=id%3Ae935c6c8-ba76-4ebf-8770-bb772a5ec1ed response: body: - string: '{"data":[{"id":"7b16f110-0ce9-46cd-9dad-b658ced2ac50","type":"historicalDetectionsJob","attributes":{"createdAt":"2024-12-18 - 17:02:40.144396+00","createdByHandle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca","createdByName":"CI + string: '{"data":[{"id":"e935c6c8-ba76-4ebf-8770-bb772a5ec1ed","type":"historicalDetectionsJob","attributes":{"createdAt":"2025-10-24 + 14:24:02.256887+00","createdByHandle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca","createdByName":"CI Account","jobDefinition":{"from":1730387522611,"to":1730387532611,"index":"main","name":"Excessive number of failed attempts.","cases":[{"name":"Condition 1","status":"info","notifications":[],"condition":"a - \u003e 1"}],"queries":[{"query":"source:non_existing_src_weekend","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":""}],"options":{"evaluationWindow":900,"detectionMethod":"threshold","maxSignalDuration":86400,"keepAlive":3600},"message":"A + \u003e 1"}],"queries":[{"query":"source:non_existing_src_weekend","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"","dataSource":"logs"}],"options":{"evaluationWindow":900,"detectionMethod":"threshold","maxSignalDuration":86400,"keepAlive":3600},"message":"A large number of failed login attempts.","tags":[],"type":"log_detection"},"jobName":"Excessive - number of failed attempts.","jobStatus":"pending","modifiedAt":"2024-12-18 - 17:02:40.144396+00"}}],"meta":{"totalCount":1}}' + number of failed attempts.","jobStatus":"pending","modifiedAt":"2025-10-24 + 14:24:02.256887+00"}}],"meta":{"totalCount":1}}' headers: content-type: - application/vnd.api+json diff --git a/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_bad_request_response.frozen b/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_bad_request_response.frozen deleted file mode 100644 index 9720094d00..0000000000 --- a/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_bad_request_response.frozen +++ /dev/null @@ -1 +0,0 @@ -2024-11-08T09:54:40.114Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_not_found_response.frozen b/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_not_found_response.frozen deleted file mode 100644 index 376ccf5d38..0000000000 --- a/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_not_found_response.frozen +++ /dev/null @@ -1 +0,0 @@ -2025-06-26T16:57:47.524Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_status_created_response.frozen b/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_status_created_response.frozen deleted file mode 100644 index 3e9fdecb99..0000000000 --- a/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_status_created_response.frozen +++ /dev/null @@ -1 +0,0 @@ -2024-11-08T09:54:40.272Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_bad_request_response.frozen b/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_bad_request_response.frozen new file mode 100644 index 0000000000..3776cfacfd --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_bad_request_response.frozen @@ -0,0 +1 @@ +2025-10-24T14:24:02.385Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_bad_request_response.yaml b/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_bad_request_response.yaml similarity index 93% rename from tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_bad_request_response.yaml rename to tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_bad_request_response.yaml index cf9e68a816..b84ecf5c83 100644 --- a/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_bad_request_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_bad_request_response.yaml @@ -9,7 +9,7 @@ interactions: content-type: - application/json method: POST - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs response: body: string: '{"errors":["input_validation_error(Field ''index'' is invalid: Invalid diff --git a/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_not_found_response.frozen b/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_not_found_response.frozen new file mode 100644 index 0000000000..9cda11fb15 --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_not_found_response.frozen @@ -0,0 +1 @@ +2025-10-24T14:24:02.486Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_not_found_response.yaml b/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_not_found_response.yaml similarity index 87% rename from tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_not_found_response.yaml rename to tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_not_found_response.yaml index 7413b27ce3..9894fb9b0e 100644 --- a/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_not_found_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_not_found_response.yaml @@ -7,7 +7,7 @@ interactions: content-type: - application/json method: POST - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs response: body: string: '{"errors":[{"status":"404","title":"Not Found"}]}' diff --git a/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_status_created_response.frozen b/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_status_created_response.frozen new file mode 100644 index 0000000000..f914d8b241 --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_status_created_response.frozen @@ -0,0 +1 @@ +2025-10-24T14:24:02.570Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_status_created_response.yaml b/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_status_created_response.yaml similarity index 82% rename from tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_status_created_response.yaml rename to tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_status_created_response.yaml index 61d4379382..4b75aae355 100644 --- a/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_status_created_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_status_created_response.yaml @@ -9,10 +9,10 @@ interactions: content-type: - application/json method: POST - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs response: body: - string: '{"data":{"id":"6f4c9c40-782b-4d14-900f-65ccc02389db","type":"historicalDetectionsJob"}}' + string: '{"data":{"id":"6ff7a8ce-a0d1-4ea3-8cc9-e9c52cda0d24","type":"historicalDetectionsJob"}}' headers: content-type: - application/vnd.api+json diff --git a/tests/v2/features/given.json b/tests/v2/features/given.json index a4ab9c24bd..7c9df160aa 100644 --- a/tests/v2/features/given.json +++ b/tests/v2/features/given.json @@ -1086,10 +1086,10 @@ "value": "{\n \"data\": {\n \"type\": \"historicalDetectionsJobCreate\",\n \"attributes\": {\n \"jobDefinition\": {\n \"type\": \"log_detection\",\n \"name\": \"Excessive number of failed attempts.\",\n \"queries\": [\n {\n \"query\": \"source:non_existing_src_weekend\",\n \"aggregation\": \"count\",\n \"groupByFields\": [],\n \"distinctFields\": []\n }\n ],\n \"cases\": [\n {\n \"name\": \"Condition 1\",\n \"status\": \"info\",\n \"notifications\": [],\n \"condition\": \"a > 1\"\n }\n ],\n \"options\": {\n \"keepAlive\": 3600,\n \"maxSignalDuration\": 86400,\n \"evaluationWindow\": 900\n },\n \"message\": \"A large number of failed login attempts.\",\n \"tags\": [],\n \"from\": 1730387522611,\n \"to\": 1730387532611,\n \"index\": \"main\"\n }\n }\n }\n}" } ], - "step": "there is a valid \"historical_job\" in the system", - "key": "historical_job", + "step": "there is a valid \"threat_hunting_job\" in the system", + "key": "threat_hunting_job", "tag": "Security Monitoring", - "operationId": "RunHistoricalJob" + "operationId": "RunThreatHuntingJob" }, { "parameters": [ diff --git a/tests/v2/features/security_monitoring.feature b/tests/v2/features/security_monitoring.feature index 8e5e22baad..703fc3e460 100644 --- a/tests/v2/features/security_monitoring.feature +++ b/tests/v2/features/security_monitoring.feature @@ -11,38 +11,62 @@ Feature: Security Monitoring @team:DataDog/k9-cloud-security-platform Scenario: Cancel a historical job returns "Bad Request" response - Given operation "CancelHistoricalJob" enabled - And new "CancelHistoricalJob" request + Given operation "CancelThreatHuntingJob" enabled + And new "CancelThreatHuntingJob" request And request contains "job_id" parameter with value "inva-lid" When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-security-platform - Scenario: Cancel a historical job returns "Conflict" response - Given operation "CancelHistoricalJob" enabled - And new "CancelHistoricalJob" request - And request contains "job_id" parameter from "REPLACE.ME" - When the request is sent - Then the response status is 409 Conflict - @team:DataDog/k9-cloud-security-platform Scenario: Cancel a historical job returns "Not Found" response - Given operation "CancelHistoricalJob" enabled - And new "CancelHistoricalJob" request + Given operation "CancelThreatHuntingJob" enabled + And new "CancelThreatHuntingJob" request And request contains "job_id" parameter with value "8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93" When the request is sent Then the response status is 404 Not Found @team:DataDog/k9-cloud-security-platform Scenario: Cancel a historical job returns "OK" response - Given operation "CancelHistoricalJob" enabled - And operation "RunHistoricalJob" enabled - And new "CancelHistoricalJob" request - And there is a valid "historical_job" in the system - And request contains "job_id" parameter from "historical_job.data.id" + Given operation "CancelThreatHuntingJob" enabled + And operation "RunThreatHuntingJob" enabled + And new "CancelThreatHuntingJob" request + And there is a valid "threat_hunting_job" in the system + And request contains "job_id" parameter from "threat_hunting_job.data.id" When the request is sent Then the response status is 204 No Content + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Cancel a threat hunting job returns "Bad Request" response + Given operation "CancelThreatHuntingJob" enabled + And new "CancelThreatHuntingJob" request + And request contains "job_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Cancel a threat hunting job returns "Conflict" response + Given operation "CancelThreatHuntingJob" enabled + And new "CancelThreatHuntingJob" request + And request contains "job_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 409 Conflict + + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Cancel a threat hunting job returns "Not Found" response + Given operation "CancelThreatHuntingJob" enabled + And new "CancelThreatHuntingJob" request + And request contains "job_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 404 Not Found + + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Cancel a threat hunting job returns "OK" response + Given operation "CancelThreatHuntingJob" enabled + And new "CancelThreatHuntingJob" request + And request contains "job_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 204 OK + @generated @skip @team:DataDog/k9-cloud-security-platform Scenario: Change the related incidents of a security signal returns "Bad Request" response Given new "EditSecurityMonitoringSignalIncidents" request @@ -477,32 +501,32 @@ Feature: Security Monitoring @team:DataDog/k9-cloud-security-platform Scenario: Delete an existing job returns "Bad Request" response - Given operation "DeleteHistoricalJob" enabled - And new "DeleteHistoricalJob" request + Given operation "DeleteThreatHuntingJob" enabled + And new "DeleteThreatHuntingJob" request And request contains "job_id" parameter with value "inva-lid" When the request is sent Then the response status is 400 Bad Request @generated @skip @team:DataDog/k9-cloud-security-platform Scenario: Delete an existing job returns "Conflict" response - Given operation "DeleteHistoricalJob" enabled - And new "DeleteHistoricalJob" request + Given operation "DeleteThreatHuntingJob" enabled + And new "DeleteThreatHuntingJob" request And request contains "job_id" parameter from "REPLACE.ME" When the request is sent Then the response status is 409 Conflict @team:DataDog/k9-cloud-security-platform Scenario: Delete an existing job returns "Not Found" response - Given operation "DeleteHistoricalJob" enabled - And new "DeleteHistoricalJob" request + Given operation "DeleteThreatHuntingJob" enabled + And new "DeleteThreatHuntingJob" request And request contains "job_id" parameter with value "8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93" When the request is sent Then the response status is 404 Not Found @generated @skip @team:DataDog/k9-cloud-security-platform Scenario: Delete an existing job returns "OK" response - Given operation "DeleteHistoricalJob" enabled - And new "DeleteHistoricalJob" request + Given operation "DeleteThreatHuntingJob" enabled + And new "DeleteThreatHuntingJob" request And request contains "job_id" parameter from "REPLACE.ME" When the request is sent Then the response status is 204 OK @@ -627,27 +651,27 @@ Feature: Security Monitoring @team:DataDog/k9-cloud-security-platform Scenario: Get a job's details returns "Bad Request" response - Given operation "GetHistoricalJob" enabled - And new "GetHistoricalJob" request + Given operation "GetThreatHuntingJob" enabled + And new "GetThreatHuntingJob" request And request contains "job_id" parameter with value "inva-lid" When the request is sent Then the response status is 400 Bad Request @team:DataDog/k9-cloud-security-platform Scenario: Get a job's details returns "Not Found" response - Given operation "GetHistoricalJob" enabled - And new "GetHistoricalJob" request + Given operation "GetThreatHuntingJob" enabled + And new "GetThreatHuntingJob" request And request contains "job_id" parameter with value "8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93" When the request is sent Then the response status is 404 Not Found @team:DataDog/k9-cloud-security-platform Scenario: Get a job's details returns "OK" response - Given operation "GetHistoricalJob" enabled - And operation "RunHistoricalJob" enabled - And new "GetHistoricalJob" request - And there is a valid "historical_job" in the system - And request contains "job_id" parameter from "historical_job.data.id" + Given operation "GetThreatHuntingJob" enabled + And operation "RunThreatHuntingJob" enabled + And new "GetThreatHuntingJob" request + And there is a valid "threat_hunting_job" in the system + And request contains "job_id" parameter from "threat_hunting_job.data.id" When the request is sent Then the response status is 200 OK @@ -1021,20 +1045,13 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-security-platform - Scenario: List historical jobs returns "Bad Request" response - Given operation "ListHistoricalJobs" enabled - And new "ListHistoricalJobs" request - When the request is sent - Then the response status is 400 Bad Request - @team:DataDog/k9-cloud-security-platform Scenario: List historical jobs returns "OK" response - Given operation "ListHistoricalJobs" enabled - And operation "RunHistoricalJob" enabled - And new "ListHistoricalJobs" request - And there is a valid "historical_job" in the system - And request contains "filter[query]" parameter with value "id:{{historical_job.data.id}}" + Given operation "ListThreatHuntingJobs" enabled + And operation "RunThreatHuntingJob" enabled + And new "ListThreatHuntingJobs" request + And there is a valid "threat_hunting_job" in the system + And request contains "filter[query]" parameter with value "id:{{threat_hunting_job.data.id}}" When the request is sent Then the response status is 200 OK @@ -1088,6 +1105,20 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: List threat hunting jobs returns "Bad Request" response + Given operation "ListThreatHuntingJobs" enabled + And new "ListThreatHuntingJobs" request + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: List threat hunting jobs returns "OK" response + Given operation "ListThreatHuntingJobs" enabled + And new "ListThreatHuntingJobs" request + When the request is sent + Then the response status is 200 OK + @generated @skip @team:DataDog/asm-vm Scenario: List vulnerabilities returns "Bad request: The server cannot process the request due to invalid syntax in the request." response Given operation "ListVulnerabilities" enabled @@ -1265,25 +1296,25 @@ Feature: Security Monitoring Then the response status is 422 The server cannot process the request because it contains invalid data. @team:DataDog/k9-cloud-security-platform - Scenario: Run a historical job returns "Bad Request" response - Given operation "RunHistoricalJob" enabled - And new "RunHistoricalJob" request + Scenario: Run a threat hunting job returns "Bad Request" response + Given operation "RunThreatHuntingJob" enabled + And new "RunThreatHuntingJob" request And body with value {"data":{"type":"historicalDetectionsJobCreate","attributes":{"jobDefinition":{"type":"log_detection","name":"Excessive number of failed attempts.","queries":[{"query":"source:non_existing_src_weekend","aggregation":"count","groupByFields":[],"distinctFields":[]}],"cases":[{"name":"Condition 1","status":"info","notifications":[],"condition":"a > 1"}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"evaluationWindow":900},"message":"A large number of failed login attempts.","tags":[],"from":1730387522611,"to":1730391122611,"index":"non_existing_index"}}}} When the request is sent Then the response status is 400 Bad Request @team:DataDog/k9-cloud-security-platform - Scenario: Run a historical job returns "Not Found" response - Given operation "RunHistoricalJob" enabled - And new "RunHistoricalJob" request + Scenario: Run a threat hunting job returns "Not Found" response + Given operation "RunThreatHuntingJob" enabled + And new "RunThreatHuntingJob" request And body with value {"data": { "type": "historicalDetectionsJobCreate", "attributes": {"fromRule": {"from": 1730201035064, "id": "non-existng", "index": "main", "notifications": [], "to": 1730204635115}}}} When the request is sent Then the response status is 404 Not Found @team:DataDog/k9-cloud-security-platform - Scenario: Run a historical job returns "Status created" response - Given operation "RunHistoricalJob" enabled - And new "RunHistoricalJob" request + Scenario: Run a threat hunting job returns "Status created" response + Given operation "RunThreatHuntingJob" enabled + And new "RunThreatHuntingJob" request And body with value {"data":{"type":"historicalDetectionsJobCreate","attributes":{"jobDefinition":{"type":"log_detection","name":"Excessive number of failed attempts.","queries":[{"query":"source:non_existing_src_weekend","aggregation":"count","groupByFields":[],"distinctFields":[]}],"cases":[{"name":"Condition 1","status":"info","notifications":[],"condition":"a > 1"}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"evaluationWindow":900},"message":"A large number of failed login attempts.","tags":[],"from":1730387522611,"to":1730387532611,"index":"main"}}}} When the request is sent Then the response status is 201 Status created diff --git a/tests/v2/features/undo.json b/tests/v2/features/undo.json index 5f2144f5fb..eb1380ab6b 100644 --- a/tests/v2/features/undo.json +++ b/tests/v2/features/undo.json @@ -3909,13 +3909,13 @@ "type": "safe" } }, - "ListHistoricalJobs": { + "ListThreatHuntingJobs": { "tag": "Security Monitoring", "undo": { "type": "safe" } }, - "RunHistoricalJob": { + "RunThreatHuntingJob": { "tag": "Security Monitoring", "undo": { "type": "idempotent" @@ -3927,19 +3927,19 @@ "type": "idempotent" } }, - "DeleteHistoricalJob": { + "DeleteThreatHuntingJob": { "tag": "Security Monitoring", "undo": { "type": "idempotent" } }, - "GetHistoricalJob": { + "GetThreatHuntingJob": { "tag": "Security Monitoring", "undo": { "type": "safe" } }, - "CancelHistoricalJob": { + "CancelThreatHuntingJob": { "tag": "Security Monitoring", "undo": { "type": "idempotent"