diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 59c7b8b08efc..be9a2271b2b3 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -458,20 +458,6 @@ components: items: $ref: '#/components/schemas/GetIssueIncludeQueryParameterItem' type: array - HistoricalJobID: - description: The ID of the job. - in: path - name: job_id - required: true - schema: - type: string - HistoricalSignalID: - description: The ID of the historical signal. - in: path - name: histsignal_id - required: true - schema: - type: string IncidentAttachmentFilterQueryParameter: description: Specifies which types of attachments are included in the response. explode: false @@ -1091,6 +1077,20 @@ components: required: true schema: type: string + ThreatHuntingJobID: + description: The ID of the job. + in: path + name: job_id + required: true + schema: + type: string + ThreatHuntingSignalID: + description: The ID of the threat hunting signal. + in: path + name: histsignal_id + required: true + schema: + type: string UserID: description: The ID of the user. in: path @@ -11815,7 +11815,7 @@ components: - GZIP - DEFLATE ConvertJobResultsToSignalsAttributes: - description: Attributes for converting historical job results to signals. + description: Attributes for converting threat hunting job results to signals. properties: id: description: Request ID. @@ -11847,7 +11847,7 @@ components: - notifications type: object ConvertJobResultsToSignalsData: - description: Data for converting historical job results to signals. + description: Data for converting threat hunting job results to signals. properties: attributes: $ref: '#/components/schemas/ConvertJobResultsToSignalsAttributes' @@ -11862,7 +11862,7 @@ components: x-enum-varnames: - HISTORICALDETECTIONSJOBRESULTSIGNALCONVERSION ConvertJobResultsToSignalsRequest: - description: Request for converting historical job results to signals. + description: Request for converting threat hunting job results to signals. properties: data: $ref: '#/components/schemas/ConvertJobResultsToSignalsData' @@ -22191,130 +22191,6 @@ components: - type - value type: object - HistoricalJobDataType: - description: Type of payload. - enum: - - historicalDetectionsJob - type: string - x-enum-varnames: - - HISTORICALDETECTIONSJOB - HistoricalJobListMeta: - description: Metadata about the list of jobs. - properties: - totalCount: - description: Number of jobs in the list. - format: int32 - maximum: 2147483647 - type: integer - type: object - HistoricalJobOptions: - description: Job options. - properties: - detectionMethod: - $ref: '#/components/schemas/SecurityMonitoringRuleDetectionMethod' - evaluationWindow: - $ref: '#/components/schemas/SecurityMonitoringRuleEvaluationWindow' - impossibleTravelOptions: - $ref: '#/components/schemas/SecurityMonitoringRuleImpossibleTravelOptions' - keepAlive: - $ref: '#/components/schemas/SecurityMonitoringRuleKeepAlive' - maxSignalDuration: - $ref: '#/components/schemas/SecurityMonitoringRuleMaxSignalDuration' - newValueOptions: - $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptions' - sequenceDetectionOptions: - $ref: '#/components/schemas/SecurityMonitoringRuleSequenceDetectionOptions' - thirdPartyRuleOptions: - $ref: '#/components/schemas/SecurityMonitoringRuleThirdPartyOptions' - type: object - HistoricalJobQuery: - description: Query for selecting logs analyzed by the historical job. - properties: - aggregation: - $ref: '#/components/schemas/SecurityMonitoringRuleQueryAggregation' - dataSource: - $ref: '#/components/schemas/SecurityMonitoringStandardDataSource' - distinctFields: - description: Field for which the cardinality is measured. Sent as an array. - items: - description: Field. - type: string - type: array - groupByFields: - description: Fields to group by. - items: - description: Field. - type: string - type: array - hasOptionalGroupByFields: - default: false - description: When false, events without a group-by value are ignored by - the query. When true, events with missing group-by fields are processed - with `N/A`, replacing the missing values. - example: false - type: boolean - metrics: - description: Group of target fields to aggregate over when using the sum, - max, geo data, or new value aggregations. The sum, max, and geo data aggregations - only accept one value in this list, whereas the new value aggregation - accepts up to five values. - items: - description: Field. - type: string - type: array - name: - description: Name of the query. - type: string - query: - description: Query to run on logs. - example: a > 3 - type: string - type: object - HistoricalJobResponse: - description: Historical job response. - properties: - data: - $ref: '#/components/schemas/HistoricalJobResponseData' - type: object - HistoricalJobResponseAttributes: - description: Historical job attributes. - properties: - createdAt: - description: Time when the job was created. - type: string - createdByHandle: - description: The handle of the user who created the job. - type: string - createdByName: - description: The name of the user who created the job. - type: string - createdFromRuleId: - description: ID of the rule used to create the job (if it is created from - a rule). - type: string - jobDefinition: - $ref: '#/components/schemas/JobDefinition' - jobName: - description: Job name. - type: string - jobStatus: - description: Job status. - type: string - modifiedAt: - description: Last modification time of the job. - type: string - type: object - HistoricalJobResponseData: - description: Historical job response data. - properties: - attributes: - $ref: '#/components/schemas/HistoricalJobResponseAttributes' - id: - description: ID of the job. - type: string - type: - $ref: '#/components/schemas/HistoricalJobDataType' - type: object HourlyUsage: description: Hourly usage for a product family for an org. properties: @@ -26495,7 +26371,7 @@ components: type: string type: object JobCreateResponse: - description: Run a historical job response. + description: Run a threat hunting job response. properties: data: $ref: '#/components/schemas/JobCreateResponseData' @@ -26507,10 +26383,10 @@ components: description: ID of the created job. type: string type: - $ref: '#/components/schemas/HistoricalJobDataType' + $ref: '#/components/schemas/ThreatHuntingJobDataType' type: object JobDefinition: - description: Definition of a historical job. + description: Definition of a threat hunting job. properties: calculatedFields: description: Calculated fields. @@ -26549,11 +26425,11 @@ components: example: Excessive number of failed attempts. type: string options: - $ref: '#/components/schemas/HistoricalJobOptions' + $ref: '#/components/schemas/ThreatHuntingJobOptions' queries: description: Queries for selecting logs analyzed by the job. items: - $ref: '#/components/schemas/HistoricalJobQuery' + $ref: '#/components/schemas/ThreatHuntingJobQuery' type: array referenceTables: description: Reference tables used in the queries. @@ -26590,7 +26466,8 @@ components: - message type: object JobDefinitionFromRule: - description: Definition of a historical job based on a security monitoring rule. + description: Definition of a threat hunting job based on a security monitoring + rule. properties: from: description: Starting time of data analyzed by the job. @@ -27290,17 +27167,6 @@ components: - data - meta type: object - ListHistoricalJobsResponse: - description: List of historical jobs. - properties: - data: - description: Array containing the list of historical jobs. - items: - $ref: '#/components/schemas/HistoricalJobResponseData' - type: array - meta: - $ref: '#/components/schemas/HistoricalJobListMeta' - type: object ListKindCatalogResponse: description: List kind response. properties: @@ -27468,6 +27334,17 @@ components: - _NAME - USER_COUNT - _USER_COUNT + ListThreatHuntingJobsResponse: + description: List of threat hunting jobs. + properties: + data: + description: Array containing the list of threat hunting jobs. + items: + $ref: '#/components/schemas/ThreatHuntingJobResponseData' + type: array + meta: + $ref: '#/components/schemas/ThreatHuntingJobListMeta' + type: object ListVulnerabilitiesResponse: description: The expected response schema when listing vulnerabilities. properties: @@ -41523,14 +41400,18 @@ components: $ref: '#/components/schemas/RumRetentionFilterData' type: array type: object - RunHistoricalJobRequest: - description: Run a historical job request. + RunRetentionFilterName: + description: The name of a RUM retention filter. + example: Retention filter for session + type: string + RunThreatHuntingJobRequest: + description: Run a threat hunting job request. properties: data: - $ref: '#/components/schemas/RunHistoricalJobRequestData' + $ref: '#/components/schemas/RunThreatHuntingJobRequestData' type: object - RunHistoricalJobRequestAttributes: - description: Run a historical job request. + RunThreatHuntingJobRequestAttributes: + description: Run a threat hunting job request. properties: fromRule: $ref: '#/components/schemas/JobDefinitionFromRule' @@ -41540,25 +41421,21 @@ components: jobDefinition: $ref: '#/components/schemas/JobDefinition' type: object - RunHistoricalJobRequestData: - description: Data for running a historical job request. + RunThreatHuntingJobRequestData: + description: Data for running a threat hunting job request. properties: attributes: - $ref: '#/components/schemas/RunHistoricalJobRequestAttributes' + $ref: '#/components/schemas/RunThreatHuntingJobRequestAttributes' type: - $ref: '#/components/schemas/RunHistoricalJobRequestDataType' + $ref: '#/components/schemas/RunThreatHuntingJobRequestDataType' type: object - RunHistoricalJobRequestDataType: + RunThreatHuntingJobRequestDataType: description: Type of data. enum: - historicalDetectionsJobCreate type: string x-enum-varnames: - HISTORICALDETECTIONSJOBCREATE - RunRetentionFilterName: - description: The name of a RUM retention filter. - example: Retention filter for session - type: string SAMLAssertionAttribute: description: SAML assertion attribute. properties: @@ -50443,6 +50320,130 @@ components: description: Offset type. type: string type: object + ThreatHuntingJobDataType: + description: Type of payload. + enum: + - historicalDetectionsJob + type: string + x-enum-varnames: + - HISTORICALDETECTIONSJOB + ThreatHuntingJobListMeta: + description: Metadata about the list of jobs. + properties: + totalCount: + description: Number of jobs in the list. + format: int32 + maximum: 2147483647 + type: integer + type: object + ThreatHuntingJobOptions: + description: Job options. + properties: + detectionMethod: + $ref: '#/components/schemas/SecurityMonitoringRuleDetectionMethod' + evaluationWindow: + $ref: '#/components/schemas/SecurityMonitoringRuleEvaluationWindow' + impossibleTravelOptions: + $ref: '#/components/schemas/SecurityMonitoringRuleImpossibleTravelOptions' + keepAlive: + $ref: '#/components/schemas/SecurityMonitoringRuleKeepAlive' + maxSignalDuration: + $ref: '#/components/schemas/SecurityMonitoringRuleMaxSignalDuration' + newValueOptions: + $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptions' + sequenceDetectionOptions: + $ref: '#/components/schemas/SecurityMonitoringRuleSequenceDetectionOptions' + thirdPartyRuleOptions: + $ref: '#/components/schemas/SecurityMonitoringRuleThirdPartyOptions' + type: object + ThreatHuntingJobQuery: + description: Query for selecting logs analyzed by the threat hunting job. + properties: + aggregation: + $ref: '#/components/schemas/SecurityMonitoringRuleQueryAggregation' + dataSource: + $ref: '#/components/schemas/SecurityMonitoringStandardDataSource' + distinctFields: + description: Field for which the cardinality is measured. Sent as an array. + items: + description: Field. + type: string + type: array + groupByFields: + description: Fields to group by. + items: + description: Field. + type: string + type: array + hasOptionalGroupByFields: + default: false + description: When false, events without a group-by value are ignored by + the query. When true, events with missing group-by fields are processed + with `N/A`, replacing the missing values. + example: false + type: boolean + metrics: + description: Group of target fields to aggregate over when using the sum, + max, geo data, or new value aggregations. The sum, max, and geo data aggregations + only accept one value in this list, whereas the new value aggregation + accepts up to five values. + items: + description: Field. + type: string + type: array + name: + description: Name of the query. + type: string + query: + description: Query to run on logs. + example: a > 3 + type: string + type: object + ThreatHuntingJobResponse: + description: Threat hunting job response. + properties: + data: + $ref: '#/components/schemas/ThreatHuntingJobResponseData' + type: object + ThreatHuntingJobResponseAttributes: + description: Threat hunting job attributes. + properties: + createdAt: + description: Time when the job was created. + type: string + createdByHandle: + description: The handle of the user who created the job. + type: string + createdByName: + description: The name of the user who created the job. + type: string + createdFromRuleId: + description: ID of the rule used to create the job (if it is created from + a rule). + type: string + jobDefinition: + $ref: '#/components/schemas/JobDefinition' + jobName: + description: Job name. + type: string + jobStatus: + description: Job status. + type: string + modifiedAt: + description: Last modification time of the job. + type: string + type: object + ThreatHuntingJobResponseData: + description: Threat hunting job response data. + properties: + attributes: + $ref: '#/components/schemas/ThreatHuntingJobResponseAttributes' + id: + description: ID of the job. + type: string + type: + $ref: '#/components/schemas/ThreatHuntingJobDataType' + type: object TimeAggregation: description: 'Time aggregation period (in seconds) is used to aggregate the results of the notification rule evaluation. @@ -76493,7 +76494,7 @@ paths: permissions: - incident_settings_write x-unstable: '**Note**: This endpoint is deprecated.' - /api/v2/siem-historical-detections/histsignals: + /api/v2/siem-threat-hunting/histsignals: get: description: List hist signals. operationId: ListSecurityMonitoringHistsignals @@ -76534,7 +76535,7 @@ paths: x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' - /api/v2/siem-historical-detections/histsignals/search: + /api/v2/siem-threat-hunting/histsignals/search: get: description: Search hist signals. operationId: SearchSecurityMonitoringHistsignals @@ -76574,12 +76575,12 @@ paths: x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' - /api/v2/siem-historical-detections/histsignals/{histsignal_id}: + /api/v2/siem-threat-hunting/histsignals/{histsignal_id}: get: description: Get a hist signal's details. operationId: GetSecurityMonitoringHistsignal parameters: - - $ref: '#/components/parameters/HistoricalSignalID' + - $ref: '#/components/parameters/ThreatHuntingSignalID' responses: '200': content: @@ -76610,10 +76611,10 @@ paths: x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' - /api/v2/siem-historical-detections/jobs: + /api/v2/siem-threat-hunting/jobs: get: - description: List historical jobs. - operationId: ListHistoricalJobs + description: List threat hunting jobs. + operationId: ListThreatHuntingJobs parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' @@ -76636,7 +76637,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/ListHistoricalJobsResponse' + $ref: '#/components/schemas/ListThreatHuntingJobsResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' @@ -76648,20 +76649,20 @@ paths: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] - summary: List historical jobs + summary: List threat hunting jobs tags: - Security Monitoring x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' post: - description: Run a historical job. - operationId: RunHistoricalJob + description: Run a threat hunting job. + operationId: RunThreatHuntingJob requestBody: content: application/json: schema: - $ref: '#/components/schemas/RunHistoricalJobRequest' + $ref: '#/components/schemas/RunThreatHuntingJobRequest' required: true responses: '201': @@ -76685,7 +76686,7 @@ paths: appKeyAuth: [] - AuthZ: - security_monitoring_rules_write - summary: Run a historical job + summary: Run a threat hunting job tags: - Security Monitoring x-codegen-request-body-name: body @@ -76696,7 +76697,7 @@ paths: x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' - /api/v2/siem-historical-detections/jobs/signal_convert: + /api/v2/siem-threat-hunting/jobs/signal_convert: post: description: Convert a job result to a signal. operationId: ConvertJobResultToSignal @@ -76730,12 +76731,12 @@ paths: x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' - /api/v2/siem-historical-detections/jobs/{job_id}: + /api/v2/siem-threat-hunting/jobs/{job_id}: delete: description: Delete an existing job. - operationId: DeleteHistoricalJob + operationId: DeleteThreatHuntingJob parameters: - - $ref: '#/components/parameters/HistoricalJobID' + - $ref: '#/components/parameters/ThreatHuntingJobID' responses: '204': description: OK @@ -76763,15 +76764,15 @@ paths: Please check the documentation regularly for updates.' get: description: Get a job's details. - operationId: GetHistoricalJob + operationId: GetThreatHuntingJob parameters: - - $ref: '#/components/parameters/HistoricalJobID' + - $ref: '#/components/parameters/ThreatHuntingJobID' responses: '200': content: application/json: schema: - $ref: '#/components/schemas/HistoricalJobResponse' + $ref: '#/components/schemas/ThreatHuntingJobResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' @@ -76796,12 +76797,12 @@ paths: x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' - /api/v2/siem-historical-detections/jobs/{job_id}/cancel: + /api/v2/siem-threat-hunting/jobs/{job_id}/cancel: patch: - description: Cancel a historical job. - operationId: CancelHistoricalJob + description: Cancel a threat hunting job. + operationId: CancelThreatHuntingJob parameters: - - $ref: '#/components/parameters/HistoricalJobID' + - $ref: '#/components/parameters/ThreatHuntingJobID' responses: '204': description: OK @@ -76822,7 +76823,7 @@ paths: appKeyAuth: [] - AuthZ: - security_monitoring_rules_write - summary: Cancel a historical job + summary: Cancel a threat hunting job tags: - Security Monitoring x-permission: @@ -76832,12 +76833,12 @@ paths: x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' - /api/v2/siem-historical-detections/jobs/{job_id}/histsignals: + /api/v2/siem-threat-hunting/jobs/{job_id}/histsignals: get: description: Get a job's hist signals. operationId: GetSecurityMonitoringHistsignalsByJobId parameters: - - $ref: '#/components/parameters/HistoricalJobID' + - $ref: '#/components/parameters/ThreatHuntingJobID' - $ref: '#/components/parameters/QueryFilterSearch' - $ref: '#/components/parameters/QueryFilterFrom' - $ref: '#/components/parameters/QueryFilterTo' diff --git a/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Bad-Request-response.frozen b/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Bad-Request-response.frozen index bf92f15d9de1..633b88ea1af7 100644 --- a/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Bad-Request-response.frozen +++ b/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Bad-Request-response.frozen @@ -1 +1 @@ -2024-11-08T09:54:38.539Z \ No newline at end of file +2025-10-24T14:24:00.041Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Bad-Request-response.yml b/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Bad-Request-response.yml index 79c9c9f69624..f895d763968c 100644 --- a/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Bad-Request-response.yml +++ b/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Bad-Request-response.yml @@ -1,12 +1,12 @@ http_interactions: -- recorded_at: Fri, 08 Nov 2024 09:54:38 GMT +- recorded_at: Fri, 24 Oct 2025 14:24:00 GMT request: body: null headers: Accept: - '*/*' method: PATCH - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/inva-lid/cancel + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/inva-lid/cancel response: body: encoding: UTF-8 diff --git a/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Not-Found-response.frozen b/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Not-Found-response.frozen index 8bf8faeef387..213014e1d2da 100644 --- a/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Not-Found-response.frozen +++ b/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Not-Found-response.frozen @@ -1 +1 @@ -2024-11-08T09:54:39.006Z \ No newline at end of file +2025-10-24T14:24:00.856Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Not-Found-response.yml b/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Not-Found-response.yml index f074f156a185..db7a512ee1e9 100644 --- a/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Not-Found-response.yml +++ b/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-Not-Found-response.yml @@ -1,17 +1,16 @@ http_interactions: -- recorded_at: Fri, 08 Nov 2024 09:54:39 GMT +- recorded_at: Fri, 24 Oct 2025 14:24:00 GMT request: body: null headers: Accept: - '*/*' method: PATCH - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93/cancel + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93/cancel response: body: encoding: UTF-8 - string: '{"errors":[{"status":"404","title":"Not Found","detail":"Job 8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93 - was not found."}]}' + string: '{"errors":[{"status":"404","detail":"Not Found"}]}' headers: Content-Type: - application/vnd.api+json diff --git a/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-OK-response.frozen b/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-OK-response.frozen index 8eee63f586c2..9b9326abb8c1 100644 --- a/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-OK-response.frozen +++ b/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-OK-response.frozen @@ -1 +1 @@ -2024-11-08T09:54:39.082Z \ No newline at end of file +2025-10-24T14:24:00.975Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-OK-response.yml b/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-OK-response.yml index ce37fbaaa230..443f56ef276e 100644 --- a/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-OK-response.yml +++ b/cassettes/features/v2/security_monitoring/Cancel-a-historical-job-returns-OK-response.yml @@ -1,5 +1,5 @@ http_interactions: -- recorded_at: Fri, 08 Nov 2024 09:54:39 GMT +- recorded_at: Fri, 24 Oct 2025 14:24:00 GMT request: body: encoding: UTF-8 @@ -13,25 +13,25 @@ http_interactions: Content-Type: - application/json method: POST - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs response: body: encoding: UTF-8 - string: '{"data":{"id":"e332b07e-d573-45fa-b2df-9a1bcc27f17e","type":"historicalDetectionsJob"}}' + string: '{"data":{"id":"cafe565c-106b-486e-ad21-a712656723b4","type":"historicalDetectionsJob"}}' headers: Content-Type: - application/vnd.api+json status: code: 201 message: Created -- recorded_at: Fri, 08 Nov 2024 09:54:39 GMT +- recorded_at: Fri, 24 Oct 2025 14:24:00 GMT request: body: null headers: Accept: - '*/*' method: PATCH - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/e332b07e-d573-45fa-b2df-9a1bcc27f17e/cancel + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/cafe565c-106b-486e-ad21-a712656723b4/cancel response: body: encoding: UTF-8 diff --git a/cassettes/features/v2/security_monitoring/Convert-a-job-result-to-a-signal-returns-Bad-Request-response.frozen b/cassettes/features/v2/security_monitoring/Convert-a-job-result-to-a-signal-returns-Bad-Request-response.frozen index b819957f316f..ba1f583e595e 100644 --- a/cassettes/features/v2/security_monitoring/Convert-a-job-result-to-a-signal-returns-Bad-Request-response.frozen +++ b/cassettes/features/v2/security_monitoring/Convert-a-job-result-to-a-signal-returns-Bad-Request-response.frozen @@ -1 +1 @@ -2024-11-08T09:54:39.280Z \ No newline at end of file +2025-10-24T14:24:01.235Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Convert-a-job-result-to-a-signal-returns-Bad-Request-response.yml b/cassettes/features/v2/security_monitoring/Convert-a-job-result-to-a-signal-returns-Bad-Request-response.yml index 8efbfdddcd62..92c52113c683 100644 --- a/cassettes/features/v2/security_monitoring/Convert-a-job-result-to-a-signal-returns-Bad-Request-response.yml +++ b/cassettes/features/v2/security_monitoring/Convert-a-job-result-to-a-signal-returns-Bad-Request-response.yml @@ -1,5 +1,5 @@ http_interactions: -- recorded_at: Fri, 08 Nov 2024 09:54:39 GMT +- recorded_at: Fri, 24 Oct 2025 14:24:01 GMT request: body: encoding: UTF-8 @@ -11,7 +11,7 @@ http_interactions: Content-Type: - application/json method: POST - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/signal_convert + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/signal_convert response: body: encoding: UTF-8 diff --git a/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Bad-Request-response.frozen b/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Bad-Request-response.frozen index 553556ed2e11..cf2f32dfa3e6 100644 --- a/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Bad-Request-response.frozen +++ b/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Bad-Request-response.frozen @@ -1 +1 @@ -2024-11-08T09:54:39.371Z \ No newline at end of file +2025-10-24T14:24:01.339Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Bad-Request-response.yml b/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Bad-Request-response.yml index 7165607cab4f..43da7b391b7a 100644 --- a/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Bad-Request-response.yml +++ b/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Bad-Request-response.yml @@ -1,12 +1,12 @@ http_interactions: -- recorded_at: Fri, 08 Nov 2024 09:54:39 GMT +- recorded_at: Fri, 24 Oct 2025 14:24:01 GMT request: body: null headers: Accept: - '*/*' method: DELETE - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/inva-lid + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/inva-lid response: body: encoding: UTF-8 diff --git a/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Not-Found-response.frozen b/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Not-Found-response.frozen index e02fd6acb101..68a6b0aca243 100644 --- a/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Not-Found-response.frozen +++ b/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Not-Found-response.frozen @@ -1 +1 @@ -2024-11-08T09:54:39.455Z \ No newline at end of file +2025-10-24T14:24:01.428Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Not-Found-response.yml b/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Not-Found-response.yml index f74e18850ef1..ae9c9ee4fbbe 100644 --- a/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Not-Found-response.yml +++ b/cassettes/features/v2/security_monitoring/Delete-an-existing-job-returns-Not-Found-response.yml @@ -1,17 +1,16 @@ http_interactions: -- recorded_at: Fri, 08 Nov 2024 09:54:39 GMT +- recorded_at: Fri, 24 Oct 2025 14:24:01 GMT request: body: null headers: Accept: - '*/*' method: DELETE - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93 + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93 response: body: encoding: UTF-8 - string: '{"errors":[{"status":"404","title":"Not Found","detail":"Job 8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93 - was not found."}]}' + string: '{"errors":[{"status":"404","detail":"Not Found"}]}' headers: Content-Type: - application/vnd.api+json diff --git a/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Bad-Request-response.frozen b/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Bad-Request-response.frozen index 14e96034851f..fa7eb2eaf3b7 100644 --- a/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Bad-Request-response.frozen +++ b/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Bad-Request-response.frozen @@ -1 +1 @@ -2024-11-08T09:54:39.538Z \ No newline at end of file +2025-10-24T14:24:01.540Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Bad-Request-response.yml b/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Bad-Request-response.yml index 25e14da80811..e263e9bd04e5 100644 --- a/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Bad-Request-response.yml +++ b/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Bad-Request-response.yml @@ -1,12 +1,12 @@ http_interactions: -- recorded_at: Fri, 08 Nov 2024 09:54:39 GMT +- recorded_at: Fri, 24 Oct 2025 14:24:01 GMT request: body: null headers: Accept: - application/json method: GET - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/inva-lid + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/inva-lid response: body: encoding: UTF-8 diff --git a/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Not-Found-response.frozen b/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Not-Found-response.frozen index 5cc9a16c8792..8b7389cc8ba1 100644 --- a/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Not-Found-response.frozen +++ b/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Not-Found-response.frozen @@ -1 +1 @@ -2024-11-08T09:54:39.611Z \ No newline at end of file +2025-10-24T14:24:01.618Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Not-Found-response.yml b/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Not-Found-response.yml index 552b217b46e0..f1d76aacaa14 100644 --- a/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Not-Found-response.yml +++ b/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-Not-Found-response.yml @@ -1,12 +1,12 @@ http_interactions: -- recorded_at: Fri, 08 Nov 2024 09:54:39 GMT +- recorded_at: Fri, 24 Oct 2025 14:24:01 GMT request: body: null headers: Accept: - application/json method: GET - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93 + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93 response: body: encoding: UTF-8 diff --git a/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-OK-response.frozen b/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-OK-response.frozen index 34c6fa068485..6994ed270704 100644 --- a/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-OK-response.frozen +++ b/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-OK-response.frozen @@ -1 +1 @@ -2024-12-18T17:02:38.823Z \ No newline at end of file +2025-10-24T14:24:01.707Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-OK-response.yml b/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-OK-response.yml index 42026a4affaf..1c98e8a5c4a1 100644 --- a/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-OK-response.yml +++ b/cassettes/features/v2/security_monitoring/Get-a-job-s-details-returns-OK-response.yml @@ -1,5 +1,5 @@ http_interactions: -- recorded_at: Wed, 18 Dec 2024 17:02:38 GMT +- recorded_at: Fri, 24 Oct 2025 14:24:01 GMT request: body: encoding: UTF-8 @@ -13,36 +13,36 @@ http_interactions: Content-Type: - application/json method: POST - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs response: body: encoding: UTF-8 - string: '{"data":{"id":"fa90e7ac-998d-4bf4-9d32-2e831a1e9479","type":"historicalDetectionsJob"}}' + string: '{"data":{"id":"071b3516-4072-44d9-9288-d4adaa1db921","type":"historicalDetectionsJob"}}' headers: Content-Type: - application/vnd.api+json status: code: 201 message: Created -- recorded_at: Wed, 18 Dec 2024 17:02:38 GMT +- recorded_at: Fri, 24 Oct 2025 14:24:01 GMT request: body: null headers: Accept: - application/json method: GET - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/fa90e7ac-998d-4bf4-9d32-2e831a1e9479 + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/071b3516-4072-44d9-9288-d4adaa1db921 response: body: encoding: UTF-8 - string: '{"data":{"id":"fa90e7ac-998d-4bf4-9d32-2e831a1e9479","type":"historicalDetectionsJob","attributes":{"createdAt":"2024-12-18 - 17:02:39.551791+00","createdByHandle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca","createdByName":"CI + string: '{"data":{"id":"071b3516-4072-44d9-9288-d4adaa1db921","type":"historicalDetectionsJob","attributes":{"createdAt":"2025-10-24 + 14:24:02.057923+00","createdByHandle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca","createdByName":"CI Account","jobDefinition":{"from":1730387522611,"to":1730387532611,"index":"main","name":"Excessive number of failed attempts.","cases":[{"name":"Condition 1","status":"info","notifications":[],"condition":"a - \u003e 1"}],"queries":[{"query":"source:non_existing_src_weekend","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":""}],"options":{"evaluationWindow":900,"detectionMethod":"threshold","maxSignalDuration":86400,"keepAlive":3600},"message":"A + \u003e 1"}],"queries":[{"query":"source:non_existing_src_weekend","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"","dataSource":"logs"}],"options":{"evaluationWindow":900,"detectionMethod":"threshold","maxSignalDuration":86400,"keepAlive":3600},"message":"A large number of failed login attempts.","tags":[],"type":"log_detection"},"jobName":"Excessive - number of failed attempts.","jobStatus":"pending","modifiedAt":"2024-12-18 - 17:02:39.551791+00"}}}' + number of failed attempts.","jobStatus":"pending","modifiedAt":"2025-10-24 + 14:24:02.057923+00"}}}' headers: Content-Type: - application/vnd.api+json diff --git a/cassettes/features/v2/security_monitoring/List-historical-jobs-returns-OK-response.frozen b/cassettes/features/v2/security_monitoring/List-historical-jobs-returns-OK-response.frozen index b139681f6487..2c0d4ff4e334 100644 --- a/cassettes/features/v2/security_monitoring/List-historical-jobs-returns-OK-response.frozen +++ b/cassettes/features/v2/security_monitoring/List-historical-jobs-returns-OK-response.frozen @@ -1 +1 @@ -2024-12-18T17:02:39.880Z \ No newline at end of file +2025-10-24T14:24:02.188Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/List-historical-jobs-returns-OK-response.yml b/cassettes/features/v2/security_monitoring/List-historical-jobs-returns-OK-response.yml index 240be933d3fe..6d6f21b6ecd9 100644 --- a/cassettes/features/v2/security_monitoring/List-historical-jobs-returns-OK-response.yml +++ b/cassettes/features/v2/security_monitoring/List-historical-jobs-returns-OK-response.yml @@ -1,5 +1,5 @@ http_interactions: -- recorded_at: Wed, 18 Dec 2024 17:02:39 GMT +- recorded_at: Fri, 24 Oct 2025 14:24:02 GMT request: body: encoding: UTF-8 @@ -13,36 +13,36 @@ http_interactions: Content-Type: - application/json method: POST - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs response: body: encoding: UTF-8 - string: '{"data":{"id":"7b16f110-0ce9-46cd-9dad-b658ced2ac50","type":"historicalDetectionsJob"}}' + string: '{"data":{"id":"e935c6c8-ba76-4ebf-8770-bb772a5ec1ed","type":"historicalDetectionsJob"}}' headers: Content-Type: - application/vnd.api+json status: code: 201 message: Created -- recorded_at: Wed, 18 Dec 2024 17:02:39 GMT +- recorded_at: Fri, 24 Oct 2025 14:24:02 GMT request: body: null headers: Accept: - application/json method: GET - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs?filter%5Bquery%5D=id%3A7b16f110-0ce9-46cd-9dad-b658ced2ac50 + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs?filter%5Bquery%5D=id%3Ae935c6c8-ba76-4ebf-8770-bb772a5ec1ed response: body: encoding: UTF-8 - string: '{"data":[{"id":"7b16f110-0ce9-46cd-9dad-b658ced2ac50","type":"historicalDetectionsJob","attributes":{"createdAt":"2024-12-18 - 17:02:40.144396+00","createdByHandle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca","createdByName":"CI + string: '{"data":[{"id":"e935c6c8-ba76-4ebf-8770-bb772a5ec1ed","type":"historicalDetectionsJob","attributes":{"createdAt":"2025-10-24 + 14:24:02.256887+00","createdByHandle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca","createdByName":"CI Account","jobDefinition":{"from":1730387522611,"to":1730387532611,"index":"main","name":"Excessive number of failed attempts.","cases":[{"name":"Condition 1","status":"info","notifications":[],"condition":"a - \u003e 1"}],"queries":[{"query":"source:non_existing_src_weekend","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":""}],"options":{"evaluationWindow":900,"detectionMethod":"threshold","maxSignalDuration":86400,"keepAlive":3600},"message":"A + \u003e 1"}],"queries":[{"query":"source:non_existing_src_weekend","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"","dataSource":"logs"}],"options":{"evaluationWindow":900,"detectionMethod":"threshold","maxSignalDuration":86400,"keepAlive":3600},"message":"A large number of failed login attempts.","tags":[],"type":"log_detection"},"jobName":"Excessive - number of failed attempts.","jobStatus":"pending","modifiedAt":"2024-12-18 - 17:02:40.144396+00"}}],"meta":{"totalCount":1}}' + number of failed attempts.","jobStatus":"pending","modifiedAt":"2025-10-24 + 14:24:02.256887+00"}}],"meta":{"totalCount":1}}' headers: Content-Type: - application/vnd.api+json diff --git a/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Bad-Request-response.frozen b/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Bad-Request-response.frozen deleted file mode 100644 index 9720094d0008..000000000000 --- a/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Bad-Request-response.frozen +++ /dev/null @@ -1 +0,0 @@ -2024-11-08T09:54:40.114Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Not-Found-response.frozen b/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Not-Found-response.frozen deleted file mode 100644 index 376ccf5d386a..000000000000 --- a/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Not-Found-response.frozen +++ /dev/null @@ -1 +0,0 @@ -2025-06-26T16:57:47.524Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Status-created-response.frozen b/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Status-created-response.frozen deleted file mode 100644 index 3e9fdecb999c..000000000000 --- a/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Status-created-response.frozen +++ /dev/null @@ -1 +0,0 @@ -2024-11-08T09:54:40.272Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Run-a-threat-hunting-job-returns-Bad-Request-response.frozen b/cassettes/features/v2/security_monitoring/Run-a-threat-hunting-job-returns-Bad-Request-response.frozen new file mode 100644 index 000000000000..3776cfacfd88 --- /dev/null +++ b/cassettes/features/v2/security_monitoring/Run-a-threat-hunting-job-returns-Bad-Request-response.frozen @@ -0,0 +1 @@ +2025-10-24T14:24:02.385Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Bad-Request-response.yml b/cassettes/features/v2/security_monitoring/Run-a-threat-hunting-job-returns-Bad-Request-response.yml similarity index 90% rename from cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Bad-Request-response.yml rename to cassettes/features/v2/security_monitoring/Run-a-threat-hunting-job-returns-Bad-Request-response.yml index 661147177bd5..beaf266e4070 100644 --- a/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Bad-Request-response.yml +++ b/cassettes/features/v2/security_monitoring/Run-a-threat-hunting-job-returns-Bad-Request-response.yml @@ -1,5 +1,5 @@ http_interactions: -- recorded_at: Fri, 08 Nov 2024 09:54:40 GMT +- recorded_at: Fri, 24 Oct 2025 14:24:02 GMT request: body: encoding: UTF-8 @@ -13,7 +13,7 @@ http_interactions: Content-Type: - application/json method: POST - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs response: body: encoding: UTF-8 diff --git a/cassettes/features/v2/security_monitoring/Run-a-threat-hunting-job-returns-Not-Found-response.frozen b/cassettes/features/v2/security_monitoring/Run-a-threat-hunting-job-returns-Not-Found-response.frozen new file mode 100644 index 000000000000..9cda11fb1516 --- /dev/null +++ b/cassettes/features/v2/security_monitoring/Run-a-threat-hunting-job-returns-Not-Found-response.frozen @@ -0,0 +1 @@ +2025-10-24T14:24:02.486Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Not-Found-response.yml b/cassettes/features/v2/security_monitoring/Run-a-threat-hunting-job-returns-Not-Found-response.yml similarity index 83% rename from cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Not-Found-response.yml rename to cassettes/features/v2/security_monitoring/Run-a-threat-hunting-job-returns-Not-Found-response.yml index 4a25e9387314..439622a51080 100644 --- a/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Not-Found-response.yml +++ b/cassettes/features/v2/security_monitoring/Run-a-threat-hunting-job-returns-Not-Found-response.yml @@ -1,5 +1,5 @@ http_interactions: -- recorded_at: Thu, 26 Jun 2025 16:57:47 GMT +- recorded_at: Fri, 24 Oct 2025 14:24:02 GMT request: body: encoding: UTF-8 @@ -10,7 +10,7 @@ http_interactions: Content-Type: - application/json method: POST - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs response: body: encoding: UTF-8 diff --git a/cassettes/features/v2/security_monitoring/Run-a-threat-hunting-job-returns-Status-created-response.frozen b/cassettes/features/v2/security_monitoring/Run-a-threat-hunting-job-returns-Status-created-response.frozen new file mode 100644 index 000000000000..f914d8b24128 --- /dev/null +++ b/cassettes/features/v2/security_monitoring/Run-a-threat-hunting-job-returns-Status-created-response.frozen @@ -0,0 +1 @@ +2025-10-24T14:24:02.570Z \ No newline at end of file diff --git a/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Status-created-response.yml b/cassettes/features/v2/security_monitoring/Run-a-threat-hunting-job-returns-Status-created-response.yml similarity index 81% rename from cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Status-created-response.yml rename to cassettes/features/v2/security_monitoring/Run-a-threat-hunting-job-returns-Status-created-response.yml index 2452135f356f..078474844c3b 100644 --- a/cassettes/features/v2/security_monitoring/Run-a-historical-job-returns-Status-created-response.yml +++ b/cassettes/features/v2/security_monitoring/Run-a-threat-hunting-job-returns-Status-created-response.yml @@ -1,5 +1,5 @@ http_interactions: -- recorded_at: Fri, 08 Nov 2024 09:54:40 GMT +- recorded_at: Fri, 24 Oct 2025 14:24:02 GMT request: body: encoding: UTF-8 @@ -13,11 +13,11 @@ http_interactions: Content-Type: - application/json method: POST - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs + uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs response: body: encoding: UTF-8 - string: '{"data":{"id":"6f4c9c40-782b-4d14-900f-65ccc02389db","type":"historicalDetectionsJob"}}' + string: '{"data":{"id":"6ff7a8ce-a0d1-4ea3-8cc9-e9c52cda0d24","type":"historicalDetectionsJob"}}' headers: Content-Type: - application/vnd.api+json diff --git a/examples/v2/security-monitoring/CancelHistoricalJob.rb b/examples/v2/security-monitoring/CancelHistoricalJob.rb deleted file mode 100644 index df53e38ced96..000000000000 --- a/examples/v2/security-monitoring/CancelHistoricalJob.rb +++ /dev/null @@ -1,12 +0,0 @@ -# Cancel a historical job returns "OK" response - -require "datadog_api_client" -DatadogAPIClient.configure do |config| - config.unstable_operations["v2.cancel_historical_job".to_sym] = true - config.unstable_operations["v2.run_historical_job".to_sym] = true -end -api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new - -# there is a valid "historical_job" in the system -HISTORICAL_JOB_DATA_ID = ENV["HISTORICAL_JOB_DATA_ID"] -api_instance.cancel_historical_job(HISTORICAL_JOB_DATA_ID) diff --git a/examples/v2/security-monitoring/CancelThreatHuntingJob.rb b/examples/v2/security-monitoring/CancelThreatHuntingJob.rb new file mode 100644 index 000000000000..1a627aa07bdd --- /dev/null +++ b/examples/v2/security-monitoring/CancelThreatHuntingJob.rb @@ -0,0 +1,8 @@ +# Cancel a threat hunting job returns "OK" response + +require "datadog_api_client" +DatadogAPIClient.configure do |config| + config.unstable_operations["v2.cancel_threat_hunting_job".to_sym] = true +end +api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new +api_instance.cancel_threat_hunting_job("job_id") diff --git a/examples/v2/security-monitoring/CancelThreatHuntingJob_1945505845.rb b/examples/v2/security-monitoring/CancelThreatHuntingJob_1945505845.rb new file mode 100644 index 000000000000..e5edcd080156 --- /dev/null +++ b/examples/v2/security-monitoring/CancelThreatHuntingJob_1945505845.rb @@ -0,0 +1,12 @@ +# Cancel a historical job returns "OK" response + +require "datadog_api_client" +DatadogAPIClient.configure do |config| + config.unstable_operations["v2.cancel_threat_hunting_job".to_sym] = true + config.unstable_operations["v2.run_threat_hunting_job".to_sym] = true +end +api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new + +# there is a valid "threat_hunting_job" in the system +THREAT_HUNTING_JOB_DATA_ID = ENV["THREAT_HUNTING_JOB_DATA_ID"] +api_instance.cancel_threat_hunting_job(THREAT_HUNTING_JOB_DATA_ID) diff --git a/examples/v2/security-monitoring/DeleteHistoricalJob.rb b/examples/v2/security-monitoring/DeleteThreatHuntingJob.rb similarity index 59% rename from examples/v2/security-monitoring/DeleteHistoricalJob.rb rename to examples/v2/security-monitoring/DeleteThreatHuntingJob.rb index 42a09848cc76..97369e1bccb6 100644 --- a/examples/v2/security-monitoring/DeleteHistoricalJob.rb +++ b/examples/v2/security-monitoring/DeleteThreatHuntingJob.rb @@ -2,7 +2,7 @@ require "datadog_api_client" DatadogAPIClient.configure do |config| - config.unstable_operations["v2.delete_historical_job".to_sym] = true + config.unstable_operations["v2.delete_threat_hunting_job".to_sym] = true end api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new -api_instance.delete_historical_job("job_id") +api_instance.delete_threat_hunting_job("job_id") diff --git a/examples/v2/security-monitoring/GetHistoricalJob.rb b/examples/v2/security-monitoring/GetHistoricalJob.rb deleted file mode 100644 index d9a1b76ec918..000000000000 --- a/examples/v2/security-monitoring/GetHistoricalJob.rb +++ /dev/null @@ -1,12 +0,0 @@ -# Get a job's details returns "OK" response - -require "datadog_api_client" -DatadogAPIClient.configure do |config| - config.unstable_operations["v2.get_historical_job".to_sym] = true - config.unstable_operations["v2.run_historical_job".to_sym] = true -end -api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new - -# there is a valid "historical_job" in the system -HISTORICAL_JOB_DATA_ID = ENV["HISTORICAL_JOB_DATA_ID"] -p api_instance.get_historical_job(HISTORICAL_JOB_DATA_ID) diff --git a/examples/v2/security-monitoring/GetThreatHuntingJob.rb b/examples/v2/security-monitoring/GetThreatHuntingJob.rb new file mode 100644 index 000000000000..071f039e6707 --- /dev/null +++ b/examples/v2/security-monitoring/GetThreatHuntingJob.rb @@ -0,0 +1,12 @@ +# Get a job's details returns "OK" response + +require "datadog_api_client" +DatadogAPIClient.configure do |config| + config.unstable_operations["v2.get_threat_hunting_job".to_sym] = true + config.unstable_operations["v2.run_threat_hunting_job".to_sym] = true +end +api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new + +# there is a valid "threat_hunting_job" in the system +THREAT_HUNTING_JOB_DATA_ID = ENV["THREAT_HUNTING_JOB_DATA_ID"] +p api_instance.get_threat_hunting_job(THREAT_HUNTING_JOB_DATA_ID) diff --git a/examples/v2/security-monitoring/ListHistoricalJobs.rb b/examples/v2/security-monitoring/ListHistoricalJobs.rb deleted file mode 100644 index 4649a1901ea2..000000000000 --- a/examples/v2/security-monitoring/ListHistoricalJobs.rb +++ /dev/null @@ -1,15 +0,0 @@ -# List historical jobs returns "OK" response - -require "datadog_api_client" -DatadogAPIClient.configure do |config| - config.unstable_operations["v2.list_historical_jobs".to_sym] = true - config.unstable_operations["v2.run_historical_job".to_sym] = true -end -api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new - -# there is a valid "historical_job" in the system -HISTORICAL_JOB_DATA_ID = ENV["HISTORICAL_JOB_DATA_ID"] -opts = { - filter_query: "id:string", -} -p api_instance.list_historical_jobs(opts) diff --git a/examples/v2/security-monitoring/ListThreatHuntingJobs.rb b/examples/v2/security-monitoring/ListThreatHuntingJobs.rb new file mode 100644 index 000000000000..d1cdeebd4646 --- /dev/null +++ b/examples/v2/security-monitoring/ListThreatHuntingJobs.rb @@ -0,0 +1,8 @@ +# List threat hunting jobs returns "OK" response + +require "datadog_api_client" +DatadogAPIClient.configure do |config| + config.unstable_operations["v2.list_threat_hunting_jobs".to_sym] = true +end +api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new +p api_instance.list_threat_hunting_jobs() diff --git a/examples/v2/security-monitoring/ListThreatHuntingJobs_1365512061.rb b/examples/v2/security-monitoring/ListThreatHuntingJobs_1365512061.rb new file mode 100644 index 000000000000..9338fde452e3 --- /dev/null +++ b/examples/v2/security-monitoring/ListThreatHuntingJobs_1365512061.rb @@ -0,0 +1,15 @@ +# List historical jobs returns "OK" response + +require "datadog_api_client" +DatadogAPIClient.configure do |config| + config.unstable_operations["v2.list_threat_hunting_jobs".to_sym] = true + config.unstable_operations["v2.run_threat_hunting_job".to_sym] = true +end +api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new + +# there is a valid "threat_hunting_job" in the system +THREAT_HUNTING_JOB_DATA_ID = ENV["THREAT_HUNTING_JOB_DATA_ID"] +opts = { + filter_query: "id:string", +} +p api_instance.list_threat_hunting_jobs(opts) diff --git a/examples/v2/security-monitoring/RunHistoricalJob.rb b/examples/v2/security-monitoring/RunThreatHuntingJob.rb similarity index 68% rename from examples/v2/security-monitoring/RunHistoricalJob.rb rename to examples/v2/security-monitoring/RunThreatHuntingJob.rb index f4e8904f907d..3d0e7eb0c0ff 100644 --- a/examples/v2/security-monitoring/RunHistoricalJob.rb +++ b/examples/v2/security-monitoring/RunThreatHuntingJob.rb @@ -1,20 +1,20 @@ -# Run a historical job returns "Status created" response +# Run a threat hunting job returns "Status created" response require "datadog_api_client" DatadogAPIClient.configure do |config| - config.unstable_operations["v2.run_historical_job".to_sym] = true + config.unstable_operations["v2.run_threat_hunting_job".to_sym] = true end api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new -body = DatadogAPIClient::V2::RunHistoricalJobRequest.new({ - data: DatadogAPIClient::V2::RunHistoricalJobRequestData.new({ - type: DatadogAPIClient::V2::RunHistoricalJobRequestDataType::HISTORICALDETECTIONSJOBCREATE, - attributes: DatadogAPIClient::V2::RunHistoricalJobRequestAttributes.new({ +body = DatadogAPIClient::V2::RunThreatHuntingJobRequest.new({ + data: DatadogAPIClient::V2::RunThreatHuntingJobRequestData.new({ + type: DatadogAPIClient::V2::RunThreatHuntingJobRequestDataType::HISTORICALDETECTIONSJOBCREATE, + attributes: DatadogAPIClient::V2::RunThreatHuntingJobRequestAttributes.new({ job_definition: DatadogAPIClient::V2::JobDefinition.new({ type: "log_detection", name: "Excessive number of failed attempts.", queries: [ - DatadogAPIClient::V2::HistoricalJobQuery.new({ + DatadogAPIClient::V2::ThreatHuntingJobQuery.new({ query: "source:non_existing_src_weekend", aggregation: DatadogAPIClient::V2::SecurityMonitoringRuleQueryAggregation::COUNT, group_by_fields: [], @@ -29,7 +29,7 @@ condition: "a > 1", }), ], - options: DatadogAPIClient::V2::HistoricalJobOptions.new({ + options: DatadogAPIClient::V2::ThreatHuntingJobOptions.new({ keep_alive: DatadogAPIClient::V2::SecurityMonitoringRuleKeepAlive::ONE_HOUR, max_signal_duration: DatadogAPIClient::V2::SecurityMonitoringRuleMaxSignalDuration::ONE_DAY, evaluation_window: DatadogAPIClient::V2::SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES, @@ -43,4 +43,4 @@ }), }), }) -p api_instance.run_historical_job(body) +p api_instance.run_threat_hunting_job(body) diff --git a/features/scenarios_model_mapping.rb b/features/scenarios_model_mapping.rb index 16aca0402c24..612eaa0f8aa2 100644 --- a/features/scenarios_model_mapping.rb +++ b/features/scenarios_model_mapping.rb @@ -1580,25 +1580,25 @@ "v2.GetSecurityMonitoringHistsignal" => { "histsignal_id" => "String", }, - "v2.ListHistoricalJobs" => { + "v2.ListThreatHuntingJobs" => { "page_size" => "Integer", "page_number" => "Integer", "sort" => "String", "filter_query" => "String", }, - "v2.RunHistoricalJob" => { - "body" => "RunHistoricalJobRequest", + "v2.RunThreatHuntingJob" => { + "body" => "RunThreatHuntingJobRequest", }, "v2.ConvertJobResultToSignal" => { "body" => "ConvertJobResultsToSignalsRequest", }, - "v2.DeleteHistoricalJob" => { + "v2.DeleteThreatHuntingJob" => { "job_id" => "String", }, - "v2.GetHistoricalJob" => { + "v2.GetThreatHuntingJob" => { "job_id" => "String", }, - "v2.CancelHistoricalJob" => { + "v2.CancelThreatHuntingJob" => { "job_id" => "String", }, "v2.GetSecurityMonitoringHistsignalsByJobId" => { diff --git a/features/v2/given.json b/features/v2/given.json index a4ab9c24bd17..7c9df160aade 100644 --- a/features/v2/given.json +++ b/features/v2/given.json @@ -1086,10 +1086,10 @@ "value": "{\n \"data\": {\n \"type\": \"historicalDetectionsJobCreate\",\n \"attributes\": {\n \"jobDefinition\": {\n \"type\": \"log_detection\",\n \"name\": \"Excessive number of failed attempts.\",\n \"queries\": [\n {\n \"query\": \"source:non_existing_src_weekend\",\n \"aggregation\": \"count\",\n \"groupByFields\": [],\n \"distinctFields\": []\n }\n ],\n \"cases\": [\n {\n \"name\": \"Condition 1\",\n \"status\": \"info\",\n \"notifications\": [],\n \"condition\": \"a > 1\"\n }\n ],\n \"options\": {\n \"keepAlive\": 3600,\n \"maxSignalDuration\": 86400,\n \"evaluationWindow\": 900\n },\n \"message\": \"A large number of failed login attempts.\",\n \"tags\": [],\n \"from\": 1730387522611,\n \"to\": 1730387532611,\n \"index\": \"main\"\n }\n }\n }\n}" } ], - "step": "there is a valid \"historical_job\" in the system", - "key": "historical_job", + "step": "there is a valid \"threat_hunting_job\" in the system", + "key": "threat_hunting_job", "tag": "Security Monitoring", - "operationId": "RunHistoricalJob" + "operationId": "RunThreatHuntingJob" }, { "parameters": [ diff --git a/features/v2/security_monitoring.feature b/features/v2/security_monitoring.feature index 8e5e22baade8..703fc3e460f9 100644 --- a/features/v2/security_monitoring.feature +++ b/features/v2/security_monitoring.feature @@ -11,38 +11,62 @@ Feature: Security Monitoring @team:DataDog/k9-cloud-security-platform Scenario: Cancel a historical job returns "Bad Request" response - Given operation "CancelHistoricalJob" enabled - And new "CancelHistoricalJob" request + Given operation "CancelThreatHuntingJob" enabled + And new "CancelThreatHuntingJob" request And request contains "job_id" parameter with value "inva-lid" When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-security-platform - Scenario: Cancel a historical job returns "Conflict" response - Given operation "CancelHistoricalJob" enabled - And new "CancelHistoricalJob" request - And request contains "job_id" parameter from "REPLACE.ME" - When the request is sent - Then the response status is 409 Conflict - @team:DataDog/k9-cloud-security-platform Scenario: Cancel a historical job returns "Not Found" response - Given operation "CancelHistoricalJob" enabled - And new "CancelHistoricalJob" request + Given operation "CancelThreatHuntingJob" enabled + And new "CancelThreatHuntingJob" request And request contains "job_id" parameter with value "8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93" When the request is sent Then the response status is 404 Not Found @team:DataDog/k9-cloud-security-platform Scenario: Cancel a historical job returns "OK" response - Given operation "CancelHistoricalJob" enabled - And operation "RunHistoricalJob" enabled - And new "CancelHistoricalJob" request - And there is a valid "historical_job" in the system - And request contains "job_id" parameter from "historical_job.data.id" + Given operation "CancelThreatHuntingJob" enabled + And operation "RunThreatHuntingJob" enabled + And new "CancelThreatHuntingJob" request + And there is a valid "threat_hunting_job" in the system + And request contains "job_id" parameter from "threat_hunting_job.data.id" When the request is sent Then the response status is 204 No Content + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Cancel a threat hunting job returns "Bad Request" response + Given operation "CancelThreatHuntingJob" enabled + And new "CancelThreatHuntingJob" request + And request contains "job_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Cancel a threat hunting job returns "Conflict" response + Given operation "CancelThreatHuntingJob" enabled + And new "CancelThreatHuntingJob" request + And request contains "job_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 409 Conflict + + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Cancel a threat hunting job returns "Not Found" response + Given operation "CancelThreatHuntingJob" enabled + And new "CancelThreatHuntingJob" request + And request contains "job_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 404 Not Found + + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Cancel a threat hunting job returns "OK" response + Given operation "CancelThreatHuntingJob" enabled + And new "CancelThreatHuntingJob" request + And request contains "job_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 204 OK + @generated @skip @team:DataDog/k9-cloud-security-platform Scenario: Change the related incidents of a security signal returns "Bad Request" response Given new "EditSecurityMonitoringSignalIncidents" request @@ -477,32 +501,32 @@ Feature: Security Monitoring @team:DataDog/k9-cloud-security-platform Scenario: Delete an existing job returns "Bad Request" response - Given operation "DeleteHistoricalJob" enabled - And new "DeleteHistoricalJob" request + Given operation "DeleteThreatHuntingJob" enabled + And new "DeleteThreatHuntingJob" request And request contains "job_id" parameter with value "inva-lid" When the request is sent Then the response status is 400 Bad Request @generated @skip @team:DataDog/k9-cloud-security-platform Scenario: Delete an existing job returns "Conflict" response - Given operation "DeleteHistoricalJob" enabled - And new "DeleteHistoricalJob" request + Given operation "DeleteThreatHuntingJob" enabled + And new "DeleteThreatHuntingJob" request And request contains "job_id" parameter from "REPLACE.ME" When the request is sent Then the response status is 409 Conflict @team:DataDog/k9-cloud-security-platform Scenario: Delete an existing job returns "Not Found" response - Given operation "DeleteHistoricalJob" enabled - And new "DeleteHistoricalJob" request + Given operation "DeleteThreatHuntingJob" enabled + And new "DeleteThreatHuntingJob" request And request contains "job_id" parameter with value "8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93" When the request is sent Then the response status is 404 Not Found @generated @skip @team:DataDog/k9-cloud-security-platform Scenario: Delete an existing job returns "OK" response - Given operation "DeleteHistoricalJob" enabled - And new "DeleteHistoricalJob" request + Given operation "DeleteThreatHuntingJob" enabled + And new "DeleteThreatHuntingJob" request And request contains "job_id" parameter from "REPLACE.ME" When the request is sent Then the response status is 204 OK @@ -627,27 +651,27 @@ Feature: Security Monitoring @team:DataDog/k9-cloud-security-platform Scenario: Get a job's details returns "Bad Request" response - Given operation "GetHistoricalJob" enabled - And new "GetHistoricalJob" request + Given operation "GetThreatHuntingJob" enabled + And new "GetThreatHuntingJob" request And request contains "job_id" parameter with value "inva-lid" When the request is sent Then the response status is 400 Bad Request @team:DataDog/k9-cloud-security-platform Scenario: Get a job's details returns "Not Found" response - Given operation "GetHistoricalJob" enabled - And new "GetHistoricalJob" request + Given operation "GetThreatHuntingJob" enabled + And new "GetThreatHuntingJob" request And request contains "job_id" parameter with value "8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93" When the request is sent Then the response status is 404 Not Found @team:DataDog/k9-cloud-security-platform Scenario: Get a job's details returns "OK" response - Given operation "GetHistoricalJob" enabled - And operation "RunHistoricalJob" enabled - And new "GetHistoricalJob" request - And there is a valid "historical_job" in the system - And request contains "job_id" parameter from "historical_job.data.id" + Given operation "GetThreatHuntingJob" enabled + And operation "RunThreatHuntingJob" enabled + And new "GetThreatHuntingJob" request + And there is a valid "threat_hunting_job" in the system + And request contains "job_id" parameter from "threat_hunting_job.data.id" When the request is sent Then the response status is 200 OK @@ -1021,20 +1045,13 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-security-platform - Scenario: List historical jobs returns "Bad Request" response - Given operation "ListHistoricalJobs" enabled - And new "ListHistoricalJobs" request - When the request is sent - Then the response status is 400 Bad Request - @team:DataDog/k9-cloud-security-platform Scenario: List historical jobs returns "OK" response - Given operation "ListHistoricalJobs" enabled - And operation "RunHistoricalJob" enabled - And new "ListHistoricalJobs" request - And there is a valid "historical_job" in the system - And request contains "filter[query]" parameter with value "id:{{historical_job.data.id}}" + Given operation "ListThreatHuntingJobs" enabled + And operation "RunThreatHuntingJob" enabled + And new "ListThreatHuntingJobs" request + And there is a valid "threat_hunting_job" in the system + And request contains "filter[query]" parameter with value "id:{{threat_hunting_job.data.id}}" When the request is sent Then the response status is 200 OK @@ -1088,6 +1105,20 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: List threat hunting jobs returns "Bad Request" response + Given operation "ListThreatHuntingJobs" enabled + And new "ListThreatHuntingJobs" request + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: List threat hunting jobs returns "OK" response + Given operation "ListThreatHuntingJobs" enabled + And new "ListThreatHuntingJobs" request + When the request is sent + Then the response status is 200 OK + @generated @skip @team:DataDog/asm-vm Scenario: List vulnerabilities returns "Bad request: The server cannot process the request due to invalid syntax in the request." response Given operation "ListVulnerabilities" enabled @@ -1265,25 +1296,25 @@ Feature: Security Monitoring Then the response status is 422 The server cannot process the request because it contains invalid data. @team:DataDog/k9-cloud-security-platform - Scenario: Run a historical job returns "Bad Request" response - Given operation "RunHistoricalJob" enabled - And new "RunHistoricalJob" request + Scenario: Run a threat hunting job returns "Bad Request" response + Given operation "RunThreatHuntingJob" enabled + And new "RunThreatHuntingJob" request And body with value {"data":{"type":"historicalDetectionsJobCreate","attributes":{"jobDefinition":{"type":"log_detection","name":"Excessive number of failed attempts.","queries":[{"query":"source:non_existing_src_weekend","aggregation":"count","groupByFields":[],"distinctFields":[]}],"cases":[{"name":"Condition 1","status":"info","notifications":[],"condition":"a > 1"}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"evaluationWindow":900},"message":"A large number of failed login attempts.","tags":[],"from":1730387522611,"to":1730391122611,"index":"non_existing_index"}}}} When the request is sent Then the response status is 400 Bad Request @team:DataDog/k9-cloud-security-platform - Scenario: Run a historical job returns "Not Found" response - Given operation "RunHistoricalJob" enabled - And new "RunHistoricalJob" request + Scenario: Run a threat hunting job returns "Not Found" response + Given operation "RunThreatHuntingJob" enabled + And new "RunThreatHuntingJob" request And body with value {"data": { "type": "historicalDetectionsJobCreate", "attributes": {"fromRule": {"from": 1730201035064, "id": "non-existng", "index": "main", "notifications": [], "to": 1730204635115}}}} When the request is sent Then the response status is 404 Not Found @team:DataDog/k9-cloud-security-platform - Scenario: Run a historical job returns "Status created" response - Given operation "RunHistoricalJob" enabled - And new "RunHistoricalJob" request + Scenario: Run a threat hunting job returns "Status created" response + Given operation "RunThreatHuntingJob" enabled + And new "RunThreatHuntingJob" request And body with value {"data":{"type":"historicalDetectionsJobCreate","attributes":{"jobDefinition":{"type":"log_detection","name":"Excessive number of failed attempts.","queries":[{"query":"source:non_existing_src_weekend","aggregation":"count","groupByFields":[],"distinctFields":[]}],"cases":[{"name":"Condition 1","status":"info","notifications":[],"condition":"a > 1"}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"evaluationWindow":900},"message":"A large number of failed login attempts.","tags":[],"from":1730387522611,"to":1730387532611,"index":"main"}}}} When the request is sent Then the response status is 201 Status created diff --git a/features/v2/undo.json b/features/v2/undo.json index 5f2144f5fb2d..eb1380ab6b86 100644 --- a/features/v2/undo.json +++ b/features/v2/undo.json @@ -3909,13 +3909,13 @@ "type": "safe" } }, - "ListHistoricalJobs": { + "ListThreatHuntingJobs": { "tag": "Security Monitoring", "undo": { "type": "safe" } }, - "RunHistoricalJob": { + "RunThreatHuntingJob": { "tag": "Security Monitoring", "undo": { "type": "idempotent" @@ -3927,19 +3927,19 @@ "type": "idempotent" } }, - "DeleteHistoricalJob": { + "DeleteThreatHuntingJob": { "tag": "Security Monitoring", "undo": { "type": "idempotent" } }, - "GetHistoricalJob": { + "GetThreatHuntingJob": { "tag": "Security Monitoring", "undo": { "type": "safe" } }, - "CancelHistoricalJob": { + "CancelThreatHuntingJob": { "tag": "Security Monitoring", "undo": { "type": "idempotent" diff --git a/lib/datadog_api_client/configuration.rb b/lib/datadog_api_client/configuration.rb index 8519edb2cd00..c398248b2a0b 100644 --- a/lib/datadog_api_client/configuration.rb +++ b/lib/datadog_api_client/configuration.rb @@ -198,24 +198,24 @@ def initialize "v2.get_open_api": false, "v2.list_apis": false, "v2.update_open_api": false, - "v2.cancel_historical_job": false, + "v2.cancel_threat_hunting_job": false, "v2.convert_job_result_to_signal": false, - "v2.delete_historical_job": false, + "v2.delete_threat_hunting_job": false, "v2.get_finding": false, - "v2.get_historical_job": false, "v2.get_rule_version_history": false, "v2.get_sbom": false, "v2.get_security_monitoring_histsignal": false, "v2.get_security_monitoring_histsignals_by_job_id": false, + "v2.get_threat_hunting_job": false, "v2.list_assets_sbo_ms": false, "v2.list_findings": false, - "v2.list_historical_jobs": false, "v2.list_scanned_assets_metadata": false, "v2.list_security_monitoring_histsignals": false, + "v2.list_threat_hunting_jobs": false, "v2.list_vulnerabilities": false, "v2.list_vulnerable_assets": false, "v2.mute_findings": false, - "v2.run_historical_job": false, + "v2.run_threat_hunting_job": false, "v2.search_security_monitoring_histsignals": false, "v2.create_dataset": false, "v2.delete_dataset": false, diff --git a/lib/datadog_api_client/inflector.rb b/lib/datadog_api_client/inflector.rb index 7b1476d73ed9..e43e80707bc0 100644 --- a/lib/datadog_api_client/inflector.rb +++ b/lib/datadog_api_client/inflector.rb @@ -2260,13 +2260,6 @@ def overrides "v2.grey_noise_integration_type" => "GreyNoiseIntegrationType", "v2.grey_noise_integration_update" => "GreyNoiseIntegrationUpdate", "v2.group_scalar_column" => "GroupScalarColumn", - "v2.historical_job_data_type" => "HistoricalJobDataType", - "v2.historical_job_list_meta" => "HistoricalJobListMeta", - "v2.historical_job_options" => "HistoricalJobOptions", - "v2.historical_job_query" => "HistoricalJobQuery", - "v2.historical_job_response" => "HistoricalJobResponse", - "v2.historical_job_response_attributes" => "HistoricalJobResponseAttributes", - "v2.historical_job_response_data" => "HistoricalJobResponseData", "v2.hourly_usage" => "HourlyUsage", "v2.hourly_usage_attributes" => "HourlyUsageAttributes", "v2.hourly_usage_measurement" => "HourlyUsageMeasurement", @@ -2602,7 +2595,6 @@ def overrides "v2.list_findings_meta" => "ListFindingsMeta", "v2.list_findings_page" => "ListFindingsPage", "v2.list_findings_response" => "ListFindingsResponse", - "v2.list_historical_jobs_response" => "ListHistoricalJobsResponse", "v2.list_kind_catalog_response" => "ListKindCatalogResponse", "v2.list_pipelines_response" => "ListPipelinesResponse", "v2.list_pipelines_response_meta" => "ListPipelinesResponseMeta", @@ -2617,6 +2609,7 @@ def overrides "v2.list_tags_response_data_attributes" => "ListTagsResponseDataAttributes", "v2.list_teams_include" => "ListTeamsInclude", "v2.list_teams_sort" => "ListTeamsSort", + "v2.list_threat_hunting_jobs_response" => "ListThreatHuntingJobsResponse", "v2.list_vulnerabilities_response" => "ListVulnerabilitiesResponse", "v2.list_vulnerable_assets_response" => "ListVulnerableAssetsResponse", "v2.log" => "Log", @@ -3559,10 +3552,10 @@ def overrides "v2.rum_sort" => "RUMSort", "v2.rum_sort_order" => "RUMSortOrder", "v2.rum_warning" => "RUMWarning", - "v2.run_historical_job_request" => "RunHistoricalJobRequest", - "v2.run_historical_job_request_attributes" => "RunHistoricalJobRequestAttributes", - "v2.run_historical_job_request_data" => "RunHistoricalJobRequestData", - "v2.run_historical_job_request_data_type" => "RunHistoricalJobRequestDataType", + "v2.run_threat_hunting_job_request" => "RunThreatHuntingJobRequest", + "v2.run_threat_hunting_job_request_attributes" => "RunThreatHuntingJobRequestAttributes", + "v2.run_threat_hunting_job_request_data" => "RunThreatHuntingJobRequestData", + "v2.run_threat_hunting_job_request_data_type" => "RunThreatHuntingJobRequestDataType", "v2.saml_assertion_attribute" => "SAMLAssertionAttribute", "v2.saml_assertion_attribute_attributes" => "SAMLAssertionAttributeAttributes", "v2.saml_assertion_attributes_type" => "SAMLAssertionAttributesType", @@ -4111,6 +4104,13 @@ def overrides "v2.team_update_attributes" => "TeamUpdateAttributes", "v2.team_update_relationships" => "TeamUpdateRelationships", "v2.team_update_request" => "TeamUpdateRequest", + "v2.threat_hunting_job_data_type" => "ThreatHuntingJobDataType", + "v2.threat_hunting_job_list_meta" => "ThreatHuntingJobListMeta", + "v2.threat_hunting_job_options" => "ThreatHuntingJobOptions", + "v2.threat_hunting_job_query" => "ThreatHuntingJobQuery", + "v2.threat_hunting_job_response" => "ThreatHuntingJobResponse", + "v2.threat_hunting_job_response_attributes" => "ThreatHuntingJobResponseAttributes", + "v2.threat_hunting_job_response_data" => "ThreatHuntingJobResponseData", "v2.timeline_cell" => "TimelineCell", "v2.timeline_cell_author" => "TimelineCellAuthor", "v2.timeline_cell_author_user" => "TimelineCellAuthorUser", diff --git a/lib/datadog_api_client/v2/api/security_monitoring_api.rb b/lib/datadog_api_client/v2/api/security_monitoring_api.rb index 66dc6a35854d..e970d68446c4 100644 --- a/lib/datadog_api_client/v2/api/security_monitoring_api.rb +++ b/lib/datadog_api_client/v2/api/security_monitoring_api.rb @@ -23,38 +23,38 @@ def initialize(api_client = DatadogAPIClient::APIClient.default) @api_client = api_client end - # Cancel a historical job. + # Cancel a threat hunting job. # - # @see #cancel_historical_job_with_http_info - def cancel_historical_job(job_id, opts = {}) - cancel_historical_job_with_http_info(job_id, opts) + # @see #cancel_threat_hunting_job_with_http_info + def cancel_threat_hunting_job(job_id, opts = {}) + cancel_threat_hunting_job_with_http_info(job_id, opts) nil end - # Cancel a historical job. + # Cancel a threat hunting job. # - # Cancel a historical job. + # Cancel a threat hunting job. # # @param job_id [String] The ID of the job. # @param opts [Hash] the optional parameters # @return [Array<(nil, Integer, Hash)>] nil, response status code and response headers - def cancel_historical_job_with_http_info(job_id, opts = {}) - unstable_enabled = @api_client.config.unstable_operations["v2.cancel_historical_job".to_sym] + def cancel_threat_hunting_job_with_http_info(job_id, opts = {}) + unstable_enabled = @api_client.config.unstable_operations["v2.cancel_threat_hunting_job".to_sym] if unstable_enabled - @api_client.config.logger.warn format("Using unstable operation '%s'", "v2.cancel_historical_job") + @api_client.config.logger.warn format("Using unstable operation '%s'", "v2.cancel_threat_hunting_job") else - raise DatadogAPIClient::APIError.new(message: format("Unstable operation '%s' is disabled", "v2.cancel_historical_job")) + raise DatadogAPIClient::APIError.new(message: format("Unstable operation '%s' is disabled", "v2.cancel_threat_hunting_job")) end if @api_client.config.debugging - @api_client.config.logger.debug 'Calling API: SecurityMonitoringAPI.cancel_historical_job ...' + @api_client.config.logger.debug 'Calling API: SecurityMonitoringAPI.cancel_threat_hunting_job ...' end # verify the required parameter 'job_id' is set if @api_client.config.client_side_validation && job_id.nil? - fail ArgumentError, "Missing the required parameter 'job_id' when calling SecurityMonitoringAPI.cancel_historical_job" + fail ArgumentError, "Missing the required parameter 'job_id' when calling SecurityMonitoringAPI.cancel_threat_hunting_job" end # resource path - local_var_path = '/api/v2/siem-historical-detections/jobs/{job_id}/cancel'.sub('{job_id}', CGI.escape(job_id.to_s).gsub('%2F', '/')) + local_var_path = '/api/v2/siem-threat-hunting/jobs/{job_id}/cancel'.sub('{job_id}', CGI.escape(job_id.to_s).gsub('%2F', '/')) # query parameters query_params = opts[:query_params] || {} @@ -77,7 +77,7 @@ def cancel_historical_job_with_http_info(job_id, opts = {}) auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth, :AuthZ] new_options = opts.merge( - :operation => :cancel_historical_job, + :operation => :cancel_threat_hunting_job, :header_params => header_params, :query_params => query_params, :form_params => form_params, @@ -89,7 +89,7 @@ def cancel_historical_job_with_http_info(job_id, opts = {}) data, status_code, headers = @api_client.call_api(Net::HTTP::Patch, local_var_path, new_options) if @api_client.config.debugging - @api_client.config.logger.debug "API called: SecurityMonitoringAPI#cancel_historical_job\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + @api_client.config.logger.debug "API called: SecurityMonitoringAPI#cancel_threat_hunting_job\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" end return data, status_code, headers end @@ -191,7 +191,7 @@ def convert_job_result_to_signal_with_http_info(body, opts = {}) fail ArgumentError, "Missing the required parameter 'body' when calling SecurityMonitoringAPI.convert_job_result_to_signal" end # resource path - local_var_path = '/api/v2/siem-historical-detections/jobs/signal_convert' + local_var_path = '/api/v2/siem-threat-hunting/jobs/signal_convert' # query parameters query_params = opts[:query_params] || {} @@ -776,77 +776,6 @@ def delete_custom_framework_with_http_info(handle, version, opts = {}) return data, status_code, headers end - # Delete an existing job. - # - # @see #delete_historical_job_with_http_info - def delete_historical_job(job_id, opts = {}) - delete_historical_job_with_http_info(job_id, opts) - nil - end - - # Delete an existing job. - # - # Delete an existing job. - # - # @param job_id [String] The ID of the job. - # @param opts [Hash] the optional parameters - # @return [Array<(nil, Integer, Hash)>] nil, response status code and response headers - def delete_historical_job_with_http_info(job_id, opts = {}) - unstable_enabled = @api_client.config.unstable_operations["v2.delete_historical_job".to_sym] - if unstable_enabled - @api_client.config.logger.warn format("Using unstable operation '%s'", "v2.delete_historical_job") - else - raise DatadogAPIClient::APIError.new(message: format("Unstable operation '%s' is disabled", "v2.delete_historical_job")) - end - - if @api_client.config.debugging - @api_client.config.logger.debug 'Calling API: SecurityMonitoringAPI.delete_historical_job ...' - end - # verify the required parameter 'job_id' is set - if @api_client.config.client_side_validation && job_id.nil? - fail ArgumentError, "Missing the required parameter 'job_id' when calling SecurityMonitoringAPI.delete_historical_job" - end - # resource path - local_var_path = '/api/v2/siem-historical-detections/jobs/{job_id}'.sub('{job_id}', CGI.escape(job_id.to_s).gsub('%2F', '/')) - - # query parameters - query_params = opts[:query_params] || {} - - # header parameters - header_params = opts[:header_params] || {} - # HTTP header 'Accept' (if needed) - header_params['Accept'] = @api_client.select_header_accept(['*/*']) - - # form parameters - form_params = opts[:form_params] || {} - - # http body (model) - post_body = opts[:debug_body] - - # return_type - return_type = opts[:debug_return_type] - - # auth_names - auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth, :AuthZ] - - new_options = opts.merge( - :operation => :delete_historical_job, - :header_params => header_params, - :query_params => query_params, - :form_params => form_params, - :body => post_body, - :auth_names => auth_names, - :return_type => return_type, - :api_version => "V2" - ) - - data, status_code, headers = @api_client.call_api(Net::HTTP::Delete, local_var_path, new_options) - if @api_client.config.debugging - @api_client.config.logger.debug "API called: SecurityMonitoringAPI#delete_historical_job\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" - end - return data, status_code, headers - end - # Delete a security filter. # # @see #delete_security_filter_with_http_info @@ -1107,6 +1036,77 @@ def delete_signal_notification_rule_with_http_info(id, opts = {}) return data, status_code, headers end + # Delete an existing job. + # + # @see #delete_threat_hunting_job_with_http_info + def delete_threat_hunting_job(job_id, opts = {}) + delete_threat_hunting_job_with_http_info(job_id, opts) + nil + end + + # Delete an existing job. + # + # Delete an existing job. + # + # @param job_id [String] The ID of the job. + # @param opts [Hash] the optional parameters + # @return [Array<(nil, Integer, Hash)>] nil, response status code and response headers + def delete_threat_hunting_job_with_http_info(job_id, opts = {}) + unstable_enabled = @api_client.config.unstable_operations["v2.delete_threat_hunting_job".to_sym] + if unstable_enabled + @api_client.config.logger.warn format("Using unstable operation '%s'", "v2.delete_threat_hunting_job") + else + raise DatadogAPIClient::APIError.new(message: format("Unstable operation '%s' is disabled", "v2.delete_threat_hunting_job")) + end + + if @api_client.config.debugging + @api_client.config.logger.debug 'Calling API: SecurityMonitoringAPI.delete_threat_hunting_job ...' + end + # verify the required parameter 'job_id' is set + if @api_client.config.client_side_validation && job_id.nil? + fail ArgumentError, "Missing the required parameter 'job_id' when calling SecurityMonitoringAPI.delete_threat_hunting_job" + end + # resource path + local_var_path = '/api/v2/siem-threat-hunting/jobs/{job_id}'.sub('{job_id}', CGI.escape(job_id.to_s).gsub('%2F', '/')) + + # query parameters + query_params = opts[:query_params] || {} + + # header parameters + header_params = opts[:header_params] || {} + # HTTP header 'Accept' (if needed) + header_params['Accept'] = @api_client.select_header_accept(['*/*']) + + # form parameters + form_params = opts[:form_params] || {} + + # http body (model) + post_body = opts[:debug_body] + + # return_type + return_type = opts[:debug_return_type] + + # auth_names + auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth, :AuthZ] + + new_options = opts.merge( + :operation => :delete_threat_hunting_job, + :header_params => header_params, + :query_params => query_params, + :form_params => form_params, + :body => post_body, + :auth_names => auth_names, + :return_type => return_type, + :api_version => "V2" + ) + + data, status_code, headers = @api_client.call_api(Net::HTTP::Delete, local_var_path, new_options) + if @api_client.config.debugging + @api_client.config.logger.debug "API called: SecurityMonitoringAPI#delete_threat_hunting_job\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + end + return data, status_code, headers + end + # Delete a vulnerability-based notification rule. # # @see #delete_vulnerability_notification_rule_with_http_info @@ -1534,77 +1534,6 @@ def get_finding_with_http_info(finding_id, opts = {}) return data, status_code, headers end - # Get a job's details. - # - # @see #get_historical_job_with_http_info - def get_historical_job(job_id, opts = {}) - data, _status_code, _headers = get_historical_job_with_http_info(job_id, opts) - data - end - - # Get a job's details. - # - # Get a job's details. - # - # @param job_id [String] The ID of the job. - # @param opts [Hash] the optional parameters - # @return [Array<(HistoricalJobResponse, Integer, Hash)>] HistoricalJobResponse data, response status code and response headers - def get_historical_job_with_http_info(job_id, opts = {}) - unstable_enabled = @api_client.config.unstable_operations["v2.get_historical_job".to_sym] - if unstable_enabled - @api_client.config.logger.warn format("Using unstable operation '%s'", "v2.get_historical_job") - else - raise DatadogAPIClient::APIError.new(message: format("Unstable operation '%s' is disabled", "v2.get_historical_job")) - end - - if @api_client.config.debugging - @api_client.config.logger.debug 'Calling API: SecurityMonitoringAPI.get_historical_job ...' - end - # verify the required parameter 'job_id' is set - if @api_client.config.client_side_validation && job_id.nil? - fail ArgumentError, "Missing the required parameter 'job_id' when calling SecurityMonitoringAPI.get_historical_job" - end - # resource path - local_var_path = '/api/v2/siem-historical-detections/jobs/{job_id}'.sub('{job_id}', CGI.escape(job_id.to_s).gsub('%2F', '/')) - - # query parameters - query_params = opts[:query_params] || {} - - # header parameters - header_params = opts[:header_params] || {} - # HTTP header 'Accept' (if needed) - header_params['Accept'] = @api_client.select_header_accept(['application/json']) - - # form parameters - form_params = opts[:form_params] || {} - - # http body (model) - post_body = opts[:debug_body] - - # return_type - return_type = opts[:debug_return_type] || 'HistoricalJobResponse' - - # auth_names - auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth, :AuthZ] - - new_options = opts.merge( - :operation => :get_historical_job, - :header_params => header_params, - :query_params => query_params, - :form_params => form_params, - :body => post_body, - :auth_names => auth_names, - :return_type => return_type, - :api_version => "V2" - ) - - data, status_code, headers = @api_client.call_api(Net::HTTP::Get, local_var_path, new_options) - if @api_client.config.debugging - @api_client.config.logger.debug "API called: SecurityMonitoringAPI#get_historical_job\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" - end - return data, status_code, headers - end - # List resource filters. # # @see #get_resource_evaluation_filters_with_http_info @@ -1916,7 +1845,7 @@ def get_security_monitoring_histsignal(histsignal_id, opts = {}) # # Get a hist signal's details. # - # @param histsignal_id [String] The ID of the historical signal. + # @param histsignal_id [String] The ID of the threat hunting signal. # @param opts [Hash] the optional parameters # @return [Array<(SecurityMonitoringSignalResponse, Integer, Hash)>] SecurityMonitoringSignalResponse data, response status code and response headers def get_security_monitoring_histsignal_with_http_info(histsignal_id, opts = {}) @@ -1935,7 +1864,7 @@ def get_security_monitoring_histsignal_with_http_info(histsignal_id, opts = {}) fail ArgumentError, "Missing the required parameter 'histsignal_id' when calling SecurityMonitoringAPI.get_security_monitoring_histsignal" end # resource path - local_var_path = '/api/v2/siem-historical-detections/histsignals/{histsignal_id}'.sub('{histsignal_id}', CGI.escape(histsignal_id.to_s).gsub('%2F', '/')) + local_var_path = '/api/v2/siem-threat-hunting/histsignals/{histsignal_id}'.sub('{histsignal_id}', CGI.escape(histsignal_id.to_s).gsub('%2F', '/')) # query parameters query_params = opts[:query_params] || {} @@ -2019,7 +1948,7 @@ def get_security_monitoring_histsignals_by_job_id_with_http_info(job_id, opts = fail ArgumentError, 'invalid value for "opts[:"page_limit"]" when calling SecurityMonitoringAPI.get_security_monitoring_histsignals_by_job_id, must be smaller than or equal to 1000.' end # resource path - local_var_path = '/api/v2/siem-historical-detections/jobs/{job_id}/histsignals'.sub('{job_id}', CGI.escape(job_id.to_s).gsub('%2F', '/')) + local_var_path = '/api/v2/siem-threat-hunting/jobs/{job_id}/histsignals'.sub('{job_id}', CGI.escape(job_id.to_s).gsub('%2F', '/')) # query parameters query_params = opts[:query_params] || {} @@ -2517,6 +2446,77 @@ def get_suppressions_affecting_rule_with_http_info(rule_id, opts = {}) return data, status_code, headers end + # Get a job's details. + # + # @see #get_threat_hunting_job_with_http_info + def get_threat_hunting_job(job_id, opts = {}) + data, _status_code, _headers = get_threat_hunting_job_with_http_info(job_id, opts) + data + end + + # Get a job's details. + # + # Get a job's details. + # + # @param job_id [String] The ID of the job. + # @param opts [Hash] the optional parameters + # @return [Array<(ThreatHuntingJobResponse, Integer, Hash)>] ThreatHuntingJobResponse data, response status code and response headers + def get_threat_hunting_job_with_http_info(job_id, opts = {}) + unstable_enabled = @api_client.config.unstable_operations["v2.get_threat_hunting_job".to_sym] + if unstable_enabled + @api_client.config.logger.warn format("Using unstable operation '%s'", "v2.get_threat_hunting_job") + else + raise DatadogAPIClient::APIError.new(message: format("Unstable operation '%s' is disabled", "v2.get_threat_hunting_job")) + end + + if @api_client.config.debugging + @api_client.config.logger.debug 'Calling API: SecurityMonitoringAPI.get_threat_hunting_job ...' + end + # verify the required parameter 'job_id' is set + if @api_client.config.client_side_validation && job_id.nil? + fail ArgumentError, "Missing the required parameter 'job_id' when calling SecurityMonitoringAPI.get_threat_hunting_job" + end + # resource path + local_var_path = '/api/v2/siem-threat-hunting/jobs/{job_id}'.sub('{job_id}', CGI.escape(job_id.to_s).gsub('%2F', '/')) + + # query parameters + query_params = opts[:query_params] || {} + + # header parameters + header_params = opts[:header_params] || {} + # HTTP header 'Accept' (if needed) + header_params['Accept'] = @api_client.select_header_accept(['application/json']) + + # form parameters + form_params = opts[:form_params] || {} + + # http body (model) + post_body = opts[:debug_body] + + # return_type + return_type = opts[:debug_return_type] || 'ThreatHuntingJobResponse' + + # auth_names + auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth, :AuthZ] + + new_options = opts.merge( + :operation => :get_threat_hunting_job, + :header_params => header_params, + :query_params => query_params, + :form_params => form_params, + :body => post_body, + :auth_names => auth_names, + :return_type => return_type, + :api_version => "V2" + ) + + data, status_code, headers = @api_client.call_api(Net::HTTP::Get, local_var_path, new_options) + if @api_client.config.debugging + @api_client.config.logger.debug "API called: SecurityMonitoringAPI#get_threat_hunting_job\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + end + return data, status_code, headers + end + # Get details of a vulnerability notification rule. # # @see #get_vulnerability_notification_rule_with_http_info @@ -2925,80 +2925,6 @@ def list_findings_with_pagination(opts = {}) end end - # List historical jobs. - # - # @see #list_historical_jobs_with_http_info - def list_historical_jobs(opts = {}) - data, _status_code, _headers = list_historical_jobs_with_http_info(opts) - data - end - - # List historical jobs. - # - # List historical jobs. - # - # @param opts [Hash] the optional parameters - # @option opts [Integer] :page_size Size for a given page. The maximum allowed value is 100. - # @option opts [Integer] :page_number Specific page number to return. - # @option opts [String] :sort The order of the jobs in results. - # @option opts [String] :filter_query Query used to filter items from the fetched list. - # @return [Array<(ListHistoricalJobsResponse, Integer, Hash)>] ListHistoricalJobsResponse data, response status code and response headers - def list_historical_jobs_with_http_info(opts = {}) - unstable_enabled = @api_client.config.unstable_operations["v2.list_historical_jobs".to_sym] - if unstable_enabled - @api_client.config.logger.warn format("Using unstable operation '%s'", "v2.list_historical_jobs") - else - raise DatadogAPIClient::APIError.new(message: format("Unstable operation '%s' is disabled", "v2.list_historical_jobs")) - end - - if @api_client.config.debugging - @api_client.config.logger.debug 'Calling API: SecurityMonitoringAPI.list_historical_jobs ...' - end - # resource path - local_var_path = '/api/v2/siem-historical-detections/jobs' - - # query parameters - query_params = opts[:query_params] || {} - query_params[:'page[size]'] = opts[:'page_size'] if !opts[:'page_size'].nil? - query_params[:'page[number]'] = opts[:'page_number'] if !opts[:'page_number'].nil? - query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil? - query_params[:'filter[query]'] = opts[:'filter_query'] if !opts[:'filter_query'].nil? - - # header parameters - header_params = opts[:header_params] || {} - # HTTP header 'Accept' (if needed) - header_params['Accept'] = @api_client.select_header_accept(['application/json']) - - # form parameters - form_params = opts[:form_params] || {} - - # http body (model) - post_body = opts[:debug_body] - - # return_type - return_type = opts[:debug_return_type] || 'ListHistoricalJobsResponse' - - # auth_names - auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth, :AuthZ] - - new_options = opts.merge( - :operation => :list_historical_jobs, - :header_params => header_params, - :query_params => query_params, - :form_params => form_params, - :body => post_body, - :auth_names => auth_names, - :return_type => return_type, - :api_version => "V2" - ) - - data, status_code, headers = @api_client.call_api(Net::HTTP::Get, local_var_path, new_options) - if @api_client.config.debugging - @api_client.config.logger.debug "API called: SecurityMonitoringAPI#list_historical_jobs\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" - end - return data, status_code, headers - end - # List scanned assets metadata. # # @see #list_scanned_assets_metadata_with_http_info @@ -3226,7 +3152,7 @@ def list_security_monitoring_histsignals_with_http_info(opts = {}) fail ArgumentError, 'invalid value for "opts[:"page_limit"]" when calling SecurityMonitoringAPI.list_security_monitoring_histsignals, must be smaller than or equal to 1000.' end # resource path - local_var_path = '/api/v2/siem-historical-detections/histsignals' + local_var_path = '/api/v2/siem-threat-hunting/histsignals' # query parameters query_params = opts[:query_params] || {} @@ -3500,6 +3426,80 @@ def list_security_monitoring_suppressions_with_http_info(opts = {}) return data, status_code, headers end + # List threat hunting jobs. + # + # @see #list_threat_hunting_jobs_with_http_info + def list_threat_hunting_jobs(opts = {}) + data, _status_code, _headers = list_threat_hunting_jobs_with_http_info(opts) + data + end + + # List threat hunting jobs. + # + # List threat hunting jobs. + # + # @param opts [Hash] the optional parameters + # @option opts [Integer] :page_size Size for a given page. The maximum allowed value is 100. + # @option opts [Integer] :page_number Specific page number to return. + # @option opts [String] :sort The order of the jobs in results. + # @option opts [String] :filter_query Query used to filter items from the fetched list. + # @return [Array<(ListThreatHuntingJobsResponse, Integer, Hash)>] ListThreatHuntingJobsResponse data, response status code and response headers + def list_threat_hunting_jobs_with_http_info(opts = {}) + unstable_enabled = @api_client.config.unstable_operations["v2.list_threat_hunting_jobs".to_sym] + if unstable_enabled + @api_client.config.logger.warn format("Using unstable operation '%s'", "v2.list_threat_hunting_jobs") + else + raise DatadogAPIClient::APIError.new(message: format("Unstable operation '%s' is disabled", "v2.list_threat_hunting_jobs")) + end + + if @api_client.config.debugging + @api_client.config.logger.debug 'Calling API: SecurityMonitoringAPI.list_threat_hunting_jobs ...' + end + # resource path + local_var_path = '/api/v2/siem-threat-hunting/jobs' + + # query parameters + query_params = opts[:query_params] || {} + query_params[:'page[size]'] = opts[:'page_size'] if !opts[:'page_size'].nil? + query_params[:'page[number]'] = opts[:'page_number'] if !opts[:'page_number'].nil? + query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil? + query_params[:'filter[query]'] = opts[:'filter_query'] if !opts[:'filter_query'].nil? + + # header parameters + header_params = opts[:header_params] || {} + # HTTP header 'Accept' (if needed) + header_params['Accept'] = @api_client.select_header_accept(['application/json']) + + # form parameters + form_params = opts[:form_params] || {} + + # http body (model) + post_body = opts[:debug_body] + + # return_type + return_type = opts[:debug_return_type] || 'ListThreatHuntingJobsResponse' + + # auth_names + auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth, :AuthZ] + + new_options = opts.merge( + :operation => :list_threat_hunting_jobs, + :header_params => header_params, + :query_params => query_params, + :form_params => form_params, + :body => post_body, + :auth_names => auth_names, + :return_type => return_type, + :api_version => "V2" + ) + + data, status_code, headers = @api_client.call_api(Net::HTTP::Get, local_var_path, new_options) + if @api_client.config.debugging + @api_client.config.logger.debug "API called: SecurityMonitoringAPI#list_threat_hunting_jobs\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + end + return data, status_code, headers + end + # List vulnerabilities. # # @see #list_vulnerabilities_with_http_info @@ -4127,38 +4127,38 @@ def patch_vulnerability_notification_rule_with_http_info(id, body, opts = {}) return data, status_code, headers end - # Run a historical job. + # Run a threat hunting job. # - # @see #run_historical_job_with_http_info - def run_historical_job(body, opts = {}) - data, _status_code, _headers = run_historical_job_with_http_info(body, opts) + # @see #run_threat_hunting_job_with_http_info + def run_threat_hunting_job(body, opts = {}) + data, _status_code, _headers = run_threat_hunting_job_with_http_info(body, opts) data end - # Run a historical job. + # Run a threat hunting job. # - # Run a historical job. + # Run a threat hunting job. # - # @param body [RunHistoricalJobRequest] + # @param body [RunThreatHuntingJobRequest] # @param opts [Hash] the optional parameters # @return [Array<(JobCreateResponse, Integer, Hash)>] JobCreateResponse data, response status code and response headers - def run_historical_job_with_http_info(body, opts = {}) - unstable_enabled = @api_client.config.unstable_operations["v2.run_historical_job".to_sym] + def run_threat_hunting_job_with_http_info(body, opts = {}) + unstable_enabled = @api_client.config.unstable_operations["v2.run_threat_hunting_job".to_sym] if unstable_enabled - @api_client.config.logger.warn format("Using unstable operation '%s'", "v2.run_historical_job") + @api_client.config.logger.warn format("Using unstable operation '%s'", "v2.run_threat_hunting_job") else - raise DatadogAPIClient::APIError.new(message: format("Unstable operation '%s' is disabled", "v2.run_historical_job")) + raise DatadogAPIClient::APIError.new(message: format("Unstable operation '%s' is disabled", "v2.run_threat_hunting_job")) end if @api_client.config.debugging - @api_client.config.logger.debug 'Calling API: SecurityMonitoringAPI.run_historical_job ...' + @api_client.config.logger.debug 'Calling API: SecurityMonitoringAPI.run_threat_hunting_job ...' end # verify the required parameter 'body' is set if @api_client.config.client_side_validation && body.nil? - fail ArgumentError, "Missing the required parameter 'body' when calling SecurityMonitoringAPI.run_historical_job" + fail ArgumentError, "Missing the required parameter 'body' when calling SecurityMonitoringAPI.run_threat_hunting_job" end # resource path - local_var_path = '/api/v2/siem-historical-detections/jobs' + local_var_path = '/api/v2/siem-threat-hunting/jobs' # query parameters query_params = opts[:query_params] || {} @@ -4183,7 +4183,7 @@ def run_historical_job_with_http_info(body, opts = {}) auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth, :AuthZ] new_options = opts.merge( - :operation => :run_historical_job, + :operation => :run_threat_hunting_job, :header_params => header_params, :query_params => query_params, :form_params => form_params, @@ -4195,7 +4195,7 @@ def run_historical_job_with_http_info(body, opts = {}) data, status_code, headers = @api_client.call_api(Net::HTTP::Post, local_var_path, new_options) if @api_client.config.debugging - @api_client.config.logger.debug "API called: SecurityMonitoringAPI#run_historical_job\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + @api_client.config.logger.debug "API called: SecurityMonitoringAPI#run_threat_hunting_job\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" end return data, status_code, headers end @@ -4227,7 +4227,7 @@ def search_security_monitoring_histsignals_with_http_info(opts = {}) @api_client.config.logger.debug 'Calling API: SecurityMonitoringAPI.search_security_monitoring_histsignals ...' end # resource path - local_var_path = '/api/v2/siem-historical-detections/histsignals/search' + local_var_path = '/api/v2/siem-threat-hunting/histsignals/search' # query parameters query_params = opts[:query_params] || {} diff --git a/lib/datadog_api_client/v2/models/convert_job_results_to_signals_attributes.rb b/lib/datadog_api_client/v2/models/convert_job_results_to_signals_attributes.rb index d1cb82c00654..d3135d640fe7 100644 --- a/lib/datadog_api_client/v2/models/convert_job_results_to_signals_attributes.rb +++ b/lib/datadog_api_client/v2/models/convert_job_results_to_signals_attributes.rb @@ -17,7 +17,7 @@ require 'time' module DatadogAPIClient::V2 - # Attributes for converting historical job results to signals. + # Attributes for converting threat hunting job results to signals. class ConvertJobResultsToSignalsAttributes include BaseGenericModel diff --git a/lib/datadog_api_client/v2/models/convert_job_results_to_signals_data.rb b/lib/datadog_api_client/v2/models/convert_job_results_to_signals_data.rb index 7e272c3376e7..60ff18bc305d 100644 --- a/lib/datadog_api_client/v2/models/convert_job_results_to_signals_data.rb +++ b/lib/datadog_api_client/v2/models/convert_job_results_to_signals_data.rb @@ -17,11 +17,11 @@ require 'time' module DatadogAPIClient::V2 - # Data for converting historical job results to signals. + # Data for converting threat hunting job results to signals. class ConvertJobResultsToSignalsData include BaseGenericModel - # Attributes for converting historical job results to signals. + # Attributes for converting threat hunting job results to signals. attr_accessor :attributes # Type of payload. diff --git a/lib/datadog_api_client/v2/models/convert_job_results_to_signals_request.rb b/lib/datadog_api_client/v2/models/convert_job_results_to_signals_request.rb index 7f63f71f732e..6e22661b9f2b 100644 --- a/lib/datadog_api_client/v2/models/convert_job_results_to_signals_request.rb +++ b/lib/datadog_api_client/v2/models/convert_job_results_to_signals_request.rb @@ -17,11 +17,11 @@ require 'time' module DatadogAPIClient::V2 - # Request for converting historical job results to signals. + # Request for converting threat hunting job results to signals. class ConvertJobResultsToSignalsRequest include BaseGenericModel - # Data for converting historical job results to signals. + # Data for converting threat hunting job results to signals. attr_accessor :data attr_accessor :additional_properties diff --git a/lib/datadog_api_client/v2/models/job_create_response.rb b/lib/datadog_api_client/v2/models/job_create_response.rb index 2225fc02fe8f..57e4b8472822 100644 --- a/lib/datadog_api_client/v2/models/job_create_response.rb +++ b/lib/datadog_api_client/v2/models/job_create_response.rb @@ -17,7 +17,7 @@ require 'time' module DatadogAPIClient::V2 - # Run a historical job response. + # Run a threat hunting job response. class JobCreateResponse include BaseGenericModel diff --git a/lib/datadog_api_client/v2/models/job_create_response_data.rb b/lib/datadog_api_client/v2/models/job_create_response_data.rb index e2d29960e6fa..66ca77c97825 100644 --- a/lib/datadog_api_client/v2/models/job_create_response_data.rb +++ b/lib/datadog_api_client/v2/models/job_create_response_data.rb @@ -43,7 +43,7 @@ def self.attribute_map def self.openapi_types { :'id' => :'String', - :'type' => :'HistoricalJobDataType' + :'type' => :'ThreatHuntingJobDataType' } end diff --git a/lib/datadog_api_client/v2/models/job_definition.rb b/lib/datadog_api_client/v2/models/job_definition.rb index 990c37537802..9ab61c4f4c7c 100644 --- a/lib/datadog_api_client/v2/models/job_definition.rb +++ b/lib/datadog_api_client/v2/models/job_definition.rb @@ -17,7 +17,7 @@ require 'time' module DatadogAPIClient::V2 - # Definition of a historical job. + # Definition of a threat hunting job. class JobDefinition include BaseGenericModel @@ -97,8 +97,8 @@ def self.openapi_types :'index' => :'String', :'message' => :'String', :'name' => :'String', - :'options' => :'HistoricalJobOptions', - :'queries' => :'Array', + :'options' => :'ThreatHuntingJobOptions', + :'queries' => :'Array', :'reference_tables' => :'Array', :'tags' => :'Array', :'third_party_cases' => :'Array', diff --git a/lib/datadog_api_client/v2/models/job_definition_from_rule.rb b/lib/datadog_api_client/v2/models/job_definition_from_rule.rb index 89f6543cd302..321fa6e2be89 100644 --- a/lib/datadog_api_client/v2/models/job_definition_from_rule.rb +++ b/lib/datadog_api_client/v2/models/job_definition_from_rule.rb @@ -17,7 +17,7 @@ require 'time' module DatadogAPIClient::V2 - # Definition of a historical job based on a security monitoring rule. + # Definition of a threat hunting job based on a security monitoring rule. class JobDefinitionFromRule include BaseGenericModel diff --git a/lib/datadog_api_client/v2/models/list_historical_jobs_response.rb b/lib/datadog_api_client/v2/models/list_threat_hunting_jobs_response.rb similarity index 90% rename from lib/datadog_api_client/v2/models/list_historical_jobs_response.rb rename to lib/datadog_api_client/v2/models/list_threat_hunting_jobs_response.rb index 90a1fd762ecd..3a15489d86be 100644 --- a/lib/datadog_api_client/v2/models/list_historical_jobs_response.rb +++ b/lib/datadog_api_client/v2/models/list_threat_hunting_jobs_response.rb @@ -17,11 +17,11 @@ require 'time' module DatadogAPIClient::V2 - # List of historical jobs. - class ListHistoricalJobsResponse + # List of threat hunting jobs. + class ListThreatHuntingJobsResponse include BaseGenericModel - # Array containing the list of historical jobs. + # Array containing the list of threat hunting jobs. attr_accessor :data # Metadata about the list of jobs. @@ -42,8 +42,8 @@ def self.attribute_map # @!visibility private def self.openapi_types { - :'data' => :'Array', - :'meta' => :'HistoricalJobListMeta' + :'data' => :'Array', + :'meta' => :'ThreatHuntingJobListMeta' } end @@ -52,7 +52,7 @@ def self.openapi_types # @!visibility private def initialize(attributes = {}) if (!attributes.is_a?(Hash)) - fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::ListHistoricalJobsResponse` initialize method" + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::ListThreatHuntingJobsResponse` initialize method" end self.additional_properties = {} diff --git a/lib/datadog_api_client/v2/models/run_historical_job_request.rb b/lib/datadog_api_client/v2/models/run_threat_hunting_job_request.rb similarity index 91% rename from lib/datadog_api_client/v2/models/run_historical_job_request.rb rename to lib/datadog_api_client/v2/models/run_threat_hunting_job_request.rb index 0594fd4f692c..e8e34047c5ef 100644 --- a/lib/datadog_api_client/v2/models/run_historical_job_request.rb +++ b/lib/datadog_api_client/v2/models/run_threat_hunting_job_request.rb @@ -17,11 +17,11 @@ require 'time' module DatadogAPIClient::V2 - # Run a historical job request. - class RunHistoricalJobRequest + # Run a threat hunting job request. + class RunThreatHuntingJobRequest include BaseGenericModel - # Data for running a historical job request. + # Data for running a threat hunting job request. attr_accessor :data attr_accessor :additional_properties @@ -38,7 +38,7 @@ def self.attribute_map # @!visibility private def self.openapi_types { - :'data' => :'RunHistoricalJobRequestData' + :'data' => :'RunThreatHuntingJobRequestData' } end @@ -47,7 +47,7 @@ def self.openapi_types # @!visibility private def initialize(attributes = {}) if (!attributes.is_a?(Hash)) - fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::RunHistoricalJobRequest` initialize method" + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::RunThreatHuntingJobRequest` initialize method" end self.additional_properties = {} diff --git a/lib/datadog_api_client/v2/models/run_historical_job_request_attributes.rb b/lib/datadog_api_client/v2/models/run_threat_hunting_job_request_attributes.rb similarity index 91% rename from lib/datadog_api_client/v2/models/run_historical_job_request_attributes.rb rename to lib/datadog_api_client/v2/models/run_threat_hunting_job_request_attributes.rb index 2c68eba125f3..d24d9f3c0e83 100644 --- a/lib/datadog_api_client/v2/models/run_historical_job_request_attributes.rb +++ b/lib/datadog_api_client/v2/models/run_threat_hunting_job_request_attributes.rb @@ -17,17 +17,17 @@ require 'time' module DatadogAPIClient::V2 - # Run a historical job request. - class RunHistoricalJobRequestAttributes + # Run a threat hunting job request. + class RunThreatHuntingJobRequestAttributes include BaseGenericModel - # Definition of a historical job based on a security monitoring rule. + # Definition of a threat hunting job based on a security monitoring rule. attr_accessor :from_rule # Request ID. attr_accessor :id - # Definition of a historical job. + # Definition of a threat hunting job. attr_accessor :job_definition attr_accessor :additional_properties @@ -57,7 +57,7 @@ def self.openapi_types # @!visibility private def initialize(attributes = {}) if (!attributes.is_a?(Hash)) - fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::RunHistoricalJobRequestAttributes` initialize method" + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::RunThreatHuntingJobRequestAttributes` initialize method" end self.additional_properties = {} diff --git a/lib/datadog_api_client/v2/models/run_historical_job_request_data.rb b/lib/datadog_api_client/v2/models/run_threat_hunting_job_request_data.rb similarity index 89% rename from lib/datadog_api_client/v2/models/run_historical_job_request_data.rb rename to lib/datadog_api_client/v2/models/run_threat_hunting_job_request_data.rb index 1ebbc7b59638..5c8cf640d23d 100644 --- a/lib/datadog_api_client/v2/models/run_historical_job_request_data.rb +++ b/lib/datadog_api_client/v2/models/run_threat_hunting_job_request_data.rb @@ -17,11 +17,11 @@ require 'time' module DatadogAPIClient::V2 - # Data for running a historical job request. - class RunHistoricalJobRequestData + # Data for running a threat hunting job request. + class RunThreatHuntingJobRequestData include BaseGenericModel - # Run a historical job request. + # Run a threat hunting job request. attr_accessor :attributes # Type of data. @@ -42,8 +42,8 @@ def self.attribute_map # @!visibility private def self.openapi_types { - :'attributes' => :'RunHistoricalJobRequestAttributes', - :'type' => :'RunHistoricalJobRequestDataType' + :'attributes' => :'RunThreatHuntingJobRequestAttributes', + :'type' => :'RunThreatHuntingJobRequestDataType' } end @@ -52,7 +52,7 @@ def self.openapi_types # @!visibility private def initialize(attributes = {}) if (!attributes.is_a?(Hash)) - fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::RunHistoricalJobRequestData` initialize method" + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::RunThreatHuntingJobRequestData` initialize method" end self.additional_properties = {} diff --git a/lib/datadog_api_client/v2/models/run_historical_job_request_data_type.rb b/lib/datadog_api_client/v2/models/run_threat_hunting_job_request_data_type.rb similarity index 93% rename from lib/datadog_api_client/v2/models/run_historical_job_request_data_type.rb rename to lib/datadog_api_client/v2/models/run_threat_hunting_job_request_data_type.rb index 13c8e046f352..edfdc4f0f89d 100644 --- a/lib/datadog_api_client/v2/models/run_historical_job_request_data_type.rb +++ b/lib/datadog_api_client/v2/models/run_threat_hunting_job_request_data_type.rb @@ -18,7 +18,7 @@ module DatadogAPIClient::V2 # Type of data. - class RunHistoricalJobRequestDataType + class RunThreatHuntingJobRequestDataType include BaseEnumModel HISTORICALDETECTIONSJOBCREATE = "historicalDetectionsJobCreate".freeze diff --git a/lib/datadog_api_client/v2/models/historical_job_data_type.rb b/lib/datadog_api_client/v2/models/threat_hunting_job_data_type.rb similarity index 95% rename from lib/datadog_api_client/v2/models/historical_job_data_type.rb rename to lib/datadog_api_client/v2/models/threat_hunting_job_data_type.rb index a9ad15728d97..0ab77907186f 100644 --- a/lib/datadog_api_client/v2/models/historical_job_data_type.rb +++ b/lib/datadog_api_client/v2/models/threat_hunting_job_data_type.rb @@ -18,7 +18,7 @@ module DatadogAPIClient::V2 # Type of payload. - class HistoricalJobDataType + class ThreatHuntingJobDataType include BaseEnumModel HISTORICALDETECTIONSJOB = "historicalDetectionsJob".freeze diff --git a/lib/datadog_api_client/v2/models/historical_job_list_meta.rb b/lib/datadog_api_client/v2/models/threat_hunting_job_list_meta.rb similarity index 96% rename from lib/datadog_api_client/v2/models/historical_job_list_meta.rb rename to lib/datadog_api_client/v2/models/threat_hunting_job_list_meta.rb index c78abd3b8442..9b1e50ee15e4 100644 --- a/lib/datadog_api_client/v2/models/historical_job_list_meta.rb +++ b/lib/datadog_api_client/v2/models/threat_hunting_job_list_meta.rb @@ -18,7 +18,7 @@ module DatadogAPIClient::V2 # Metadata about the list of jobs. - class HistoricalJobListMeta + class ThreatHuntingJobListMeta include BaseGenericModel # Number of jobs in the list. @@ -47,7 +47,7 @@ def self.openapi_types # @!visibility private def initialize(attributes = {}) if (!attributes.is_a?(Hash)) - fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::HistoricalJobListMeta` initialize method" + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::ThreatHuntingJobListMeta` initialize method" end self.additional_properties = {} diff --git a/lib/datadog_api_client/v2/models/historical_job_options.rb b/lib/datadog_api_client/v2/models/threat_hunting_job_options.rb similarity index 98% rename from lib/datadog_api_client/v2/models/historical_job_options.rb rename to lib/datadog_api_client/v2/models/threat_hunting_job_options.rb index d6368dd7e6c5..f8798df09a18 100644 --- a/lib/datadog_api_client/v2/models/historical_job_options.rb +++ b/lib/datadog_api_client/v2/models/threat_hunting_job_options.rb @@ -18,7 +18,7 @@ module DatadogAPIClient::V2 # Job options. - class HistoricalJobOptions + class ThreatHuntingJobOptions include BaseGenericModel # The detection method. @@ -85,7 +85,7 @@ def self.openapi_types # @!visibility private def initialize(attributes = {}) if (!attributes.is_a?(Hash)) - fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::HistoricalJobOptions` initialize method" + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::ThreatHuntingJobOptions` initialize method" end self.additional_properties = {} diff --git a/lib/datadog_api_client/v2/models/historical_job_query.rb b/lib/datadog_api_client/v2/models/threat_hunting_job_query.rb similarity index 97% rename from lib/datadog_api_client/v2/models/historical_job_query.rb rename to lib/datadog_api_client/v2/models/threat_hunting_job_query.rb index bf77ded40018..b95fc11323d4 100644 --- a/lib/datadog_api_client/v2/models/historical_job_query.rb +++ b/lib/datadog_api_client/v2/models/threat_hunting_job_query.rb @@ -17,8 +17,8 @@ require 'time' module DatadogAPIClient::V2 - # Query for selecting logs analyzed by the historical job. - class HistoricalJobQuery + # Query for selecting logs analyzed by the threat hunting job. + class ThreatHuntingJobQuery include BaseGenericModel # The aggregation type. @@ -82,7 +82,7 @@ def self.openapi_types # @!visibility private def initialize(attributes = {}) if (!attributes.is_a?(Hash)) - fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::HistoricalJobQuery` initialize method" + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::ThreatHuntingJobQuery` initialize method" end self.additional_properties = {} diff --git a/lib/datadog_api_client/v2/models/historical_job_response.rb b/lib/datadog_api_client/v2/models/threat_hunting_job_response.rb similarity index 92% rename from lib/datadog_api_client/v2/models/historical_job_response.rb rename to lib/datadog_api_client/v2/models/threat_hunting_job_response.rb index 97afb1a2a87f..a66ee312ac42 100644 --- a/lib/datadog_api_client/v2/models/historical_job_response.rb +++ b/lib/datadog_api_client/v2/models/threat_hunting_job_response.rb @@ -17,11 +17,11 @@ require 'time' module DatadogAPIClient::V2 - # Historical job response. - class HistoricalJobResponse + # Threat hunting job response. + class ThreatHuntingJobResponse include BaseGenericModel - # Historical job response data. + # Threat hunting job response data. attr_accessor :data attr_accessor :additional_properties @@ -38,7 +38,7 @@ def self.attribute_map # @!visibility private def self.openapi_types { - :'data' => :'HistoricalJobResponseData' + :'data' => :'ThreatHuntingJobResponseData' } end @@ -47,7 +47,7 @@ def self.openapi_types # @!visibility private def initialize(attributes = {}) if (!attributes.is_a?(Hash)) - fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::HistoricalJobResponse` initialize method" + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::ThreatHuntingJobResponse` initialize method" end self.additional_properties = {} diff --git a/lib/datadog_api_client/v2/models/historical_job_response_attributes.rb b/lib/datadog_api_client/v2/models/threat_hunting_job_response_attributes.rb similarity index 96% rename from lib/datadog_api_client/v2/models/historical_job_response_attributes.rb rename to lib/datadog_api_client/v2/models/threat_hunting_job_response_attributes.rb index 216ea3995083..6904e76b65dd 100644 --- a/lib/datadog_api_client/v2/models/historical_job_response_attributes.rb +++ b/lib/datadog_api_client/v2/models/threat_hunting_job_response_attributes.rb @@ -17,8 +17,8 @@ require 'time' module DatadogAPIClient::V2 - # Historical job attributes. - class HistoricalJobResponseAttributes + # Threat hunting job attributes. + class ThreatHuntingJobResponseAttributes include BaseGenericModel # Time when the job was created. @@ -33,7 +33,7 @@ class HistoricalJobResponseAttributes # ID of the rule used to create the job (if it is created from a rule). attr_accessor :created_from_rule_id - # Definition of a historical job. + # Definition of a threat hunting job. attr_accessor :job_definition # Job name. @@ -82,7 +82,7 @@ def self.openapi_types # @!visibility private def initialize(attributes = {}) if (!attributes.is_a?(Hash)) - fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::HistoricalJobResponseAttributes` initialize method" + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::ThreatHuntingJobResponseAttributes` initialize method" end self.additional_properties = {} diff --git a/lib/datadog_api_client/v2/models/historical_job_response_data.rb b/lib/datadog_api_client/v2/models/threat_hunting_job_response_data.rb similarity index 91% rename from lib/datadog_api_client/v2/models/historical_job_response_data.rb rename to lib/datadog_api_client/v2/models/threat_hunting_job_response_data.rb index 5c92da2afe65..de286150f542 100644 --- a/lib/datadog_api_client/v2/models/historical_job_response_data.rb +++ b/lib/datadog_api_client/v2/models/threat_hunting_job_response_data.rb @@ -17,11 +17,11 @@ require 'time' module DatadogAPIClient::V2 - # Historical job response data. - class HistoricalJobResponseData + # Threat hunting job response data. + class ThreatHuntingJobResponseData include BaseGenericModel - # Historical job attributes. + # Threat hunting job attributes. attr_accessor :attributes # ID of the job. @@ -46,9 +46,9 @@ def self.attribute_map # @!visibility private def self.openapi_types { - :'attributes' => :'HistoricalJobResponseAttributes', + :'attributes' => :'ThreatHuntingJobResponseAttributes', :'id' => :'String', - :'type' => :'HistoricalJobDataType' + :'type' => :'ThreatHuntingJobDataType' } end @@ -57,7 +57,7 @@ def self.openapi_types # @!visibility private def initialize(attributes = {}) if (!attributes.is_a?(Hash)) - fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::HistoricalJobResponseData` initialize method" + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::ThreatHuntingJobResponseData` initialize method" end self.additional_properties = {}