diff --git a/.apigentools-info b/.apigentools-info index d4d7933e313a..0518264be586 100644 --- a/.apigentools-info +++ b/.apigentools-info @@ -4,13 +4,13 @@ "spec_versions": { "v1": { "apigentools_version": "1.5.1.dev2", - "regenerated": "2022-01-12 10:46:06.708192", - "spec_repo_commit": "8cf1daa" + "regenerated": "2022-01-12 15:19:50.065564", + "spec_repo_commit": "1db6bc2" }, "v2": { "apigentools_version": "1.5.1.dev2", - "regenerated": "2022-01-12 10:46:06.743113", - "spec_repo_commit": "8cf1daa" + "regenerated": "2022-01-12 15:19:50.098934", + "spec_repo_commit": "1db6bc2" } } } \ No newline at end of file diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 993ac4422618..7d760431cde3 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -130,6 +130,14 @@ components: required: true schema: type: string + CloudWorkloadSecurityAgentRuleID: + description: The ID of the Agent rule. + example: 3b5-v82-ns6 + in: path + name: agent_rule_id + required: true + schema: + type: string IncidentIDPathParameter: description: The UUID of the incident. in: path @@ -609,6 +617,190 @@ components: type: string x-enum-varnames: - APPLICATION_KEYS + CloudWorkloadSecurityAgentRuleAttributes: + description: A Cloud Workload Security Agent rule returned by the API. + properties: + category: + description: The category of the Agent rule. + example: Process Activity + type: string + creationDate: + description: When the Agent rule was created, timestamp in milliseconds. + example: 1624366480320 + format: int64 + type: integer + creator: + $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleCreatorAttributes' + defaultRule: + description: Whether the rule is included by default. + example: false + type: boolean + description: + description: The description of the Agent rule. + example: My Agent rule + type: string + enabled: + description: Whether the Agent rule is enabled. + example: true + type: boolean + expression: + description: The SECL expression of the Agent rule. + example: exec.file.name == \"sh\" + type: string + name: + description: The name of the Agent rule. + example: my_agent_rule + type: string + updatedAt: + description: When the Agent rule was last updated, timestamp in milliseconds. + example: 1624366480320 + format: int64 + type: integer + updater: + $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleUpdaterAttributes' + version: + description: The version of the Agent rule. + example: 23 + format: int64 + type: integer + CloudWorkloadSecurityAgentRuleCreateAttributes: + description: Create a new Cloud Workload Security Agent rule. + properties: + description: + description: The description of the Agent rule. + example: My Agent rule + type: string + enabled: + description: Whether the Agent rule is enabled. + example: true + type: boolean + expression: + description: The SECL expression of the Agent rule. + example: exec.file.name == \"sh\" + type: string + name: + description: The name of the Agent rule. + example: my_agent_rule + type: string + required: + - name + - expression + type: object + CloudWorkloadSecurityAgentRuleCreateData: + description: Object for a single Agent rule. + properties: + attributes: + $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleCreateAttributes' + type: + $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleType' + required: + - attributes + - type + type: object + CloudWorkloadSecurityAgentRuleCreateRequest: + description: Request object that includes the Agent rule to create. + properties: + data: + $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleCreateData' + required: + - data + type: object + CloudWorkloadSecurityAgentRuleCreatorAttributes: + description: The attributes of the user who created the Agent rule. + properties: + handle: + description: The handle of the user. + example: datadog.user@example.com + type: string + name: + description: The name of the user. + example: Datadog User + type: string + type: object + CloudWorkloadSecurityAgentRuleData: + description: Object for a single Agent rule. + properties: + attributes: + $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleAttributes' + id: + description: The ID of the Agent rule. + example: 3dd-0uc-h1s + type: string + type: + $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleType' + type: object + CloudWorkloadSecurityAgentRuleResponse: + description: Response object that includes an Agent rule. + properties: + data: + $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleData' + type: object + CloudWorkloadSecurityAgentRuleType: + default: agent_rule + description: The type of the resource. The value should always be `agent_rule`. + enum: + - agent_rule + example: agent_rule + type: string + x-enum-varnames: + - AGENT_RULE + CloudWorkloadSecurityAgentRuleUpdateAttributes: + description: Update an existing Cloud Workload Security Agent rule. + properties: + description: + description: The description of the Agent rule. + example: My Agent rule + type: string + enabled: + description: Whether the Agent rule is enabled. + example: true + type: boolean + expression: + description: The SECL expression of the Agent rule. + example: exec.file.name == \"sh\" + type: string + type: object + CloudWorkloadSecurityAgentRuleUpdateData: + description: Object for a single Agent rule. + properties: + attributes: + $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleUpdateAttributes' + type: + $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleType' + required: + - attributes + - type + type: object + CloudWorkloadSecurityAgentRuleUpdateRequest: + description: Request object that includes the Agent rule with the attributes + to update. + properties: + data: + $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleUpdateData' + required: + - data + type: object + CloudWorkloadSecurityAgentRuleUpdaterAttributes: + description: The attributes of the user who last updated the Agent rule. + properties: + handle: + description: The handle of the user. + example: datadog.user@example.com + type: string + name: + description: The name of the user. + example: Datadog User + type: string + type: object + CloudWorkloadSecurityAgentRulesListResponse: + description: Response object that includes a list of Agent rule. + properties: + data: + description: A list of Agent rules objects. + items: + $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleAttributes' + type: array + type: object ContentEncoding: description: HTTP header used to compress the media-type. enum: @@ -8467,6 +8659,207 @@ paths: x-menu-order: 10 x-undo: type: safe + /api/v2/security/cloud_workload/policy/download: + get: + description: 'The download endpoint generates a Cloud Workload Security policy + file from your currently active + + Cloud Workload Security rules, and downloads them as a .policy file. This + file can then be deployed to + + your agents to update the policy running in your environment.' + operationId: DownloadCloudWorkloadPolicyFile + responses: + '200': + content: + application/yaml: + schema: + format: binary + type: string + description: OK + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_rules_read + summary: Get the latest Cloud Workload Security policy + tags: + - Cloud Workload Security + x-undo: + type: safe + /api/v2/security_monitoring/cloud_workload_security/agent_rules: + get: + description: Get the list of Agent rules. + operationId: ListCloudWorkloadSecurityAgentRules + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CloudWorkloadSecurityAgentRulesListResponse' + description: OK + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_cws_agent_rules_read + summary: Get all Cloud Workload Security Agent rules + tags: + - Cloud Workload Security + x-undo: + type: safe + post: + description: Create a new Agent rule with the given parameters. + operationId: CreateCloudWorkloadSecurityAgentRule + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleCreateRequest' + description: The definition of the new Agent rule. + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleResponse' + description: OK + '400': + $ref: '#/components/responses/BadRequestResponse' + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '409': + $ref: '#/components/responses/ConflictResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_cws_agent_rules_write + summary: Create a Cloud Workload Security Agent rule + tags: + - Cloud Workload Security + x-codegen-request-body-name: body + x-given: + agent_rule: + parameters: + - name: body + value: "{\n \"data\": {\n \"type\": \"agent_rule\",\n \"attributes\": + {\n \"name\": \"{{ unique_lower_alnum }}\",\n \"description\": + \"My Agent rule\",\n \"expression\": \"exec.file.name == \\\"sh\\\"\",\n + \ \"enabled\": true\n }\n }\n}" + step: there is a valid "agent_rule" in the system + x-undo: + operationId: DeleteCloudWorkloadSecurityAgentRule + parameters: + - name: agent_rule_id + source: data.id + type: unsafe + /api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}: + delete: + description: Delete a specific Agent rule. + operationId: DeleteCloudWorkloadSecurityAgentRule + parameters: + - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID' + responses: + '204': + description: OK + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '404': + $ref: '#/components/responses/NotFoundResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_cws_agent_rules_write + summary: Delete a Cloud Workload Security Agent rule + tags: + - Cloud Workload Security + x-undo: + type: idempotent + get: + description: Get the details of a specific Agent rule. + operationId: GetCloudWorkloadSecurityAgentRule + parameters: + - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleResponse' + description: OK + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '404': + $ref: '#/components/responses/NotFoundResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_cws_agent_rules_read + summary: Get a Cloud Workload Security Agent rule + tags: + - Cloud Workload Security + x-undo: + type: safe + patch: + description: 'Update a specific Agent rule. + + Returns the Agent rule object when the request is successful.' + operationId: UpdateCloudWorkloadSecurityAgentRule + parameters: + - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleUpdateRequest' + description: New definition of the Agent rule. + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleResponse' + description: OK + '400': + $ref: '#/components/responses/BadRequestResponse' + '403': + $ref: '#/components/responses/NotAuthorizedResponse' + '404': + $ref: '#/components/responses/NotFoundResponse' + '409': + $ref: '#/components/responses/ConcurrentModificationResponse' + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_cws_agent_rules_write + summary: Update a Cloud Workload Security Agent rule + tags: + - Cloud Workload Security + x-codegen-request-body-name: body + x-undo: + type: idempotent /api/v2/security_monitoring/configuration/security_filters: get: description: Get the list of configured security filters with their definitions. @@ -10102,6 +10495,9 @@ servers: default: api description: The subdomain where the API is deployed. tags: +- description: Workload activity security rules for generating events using the Datadog + security Agent. + name: Cloud Workload Security - description: 'Interact with your dashboard lists through the API to organize, find, and share all of your dashboards with your team and diff --git a/cassettes/features/v2/cloud_workload_security/Create-a-Cloud-Workload-Security-Agent-rule-returns-Bad-Request-response.frozen b/cassettes/features/v2/cloud_workload_security/Create-a-Cloud-Workload-Security-Agent-rule-returns-Bad-Request-response.frozen new file mode 100644 index 000000000000..d29761583074 --- /dev/null +++ b/cassettes/features/v2/cloud_workload_security/Create-a-Cloud-Workload-Security-Agent-rule-returns-Bad-Request-response.frozen @@ -0,0 +1 @@ +2022-01-11T18:11:35.118Z \ No newline at end of file diff --git a/cassettes/features/v2/cloud_workload_security/Create-a-Cloud-Workload-Security-Agent-rule-returns-Bad-Request-response.yml b/cassettes/features/v2/cloud_workload_security/Create-a-Cloud-Workload-Security-Agent-rule-returns-Bad-Request-response.yml new file mode 100644 index 000000000000..74e14a34e4e4 --- /dev/null +++ b/cassettes/features/v2/cloud_workload_security/Create-a-Cloud-Workload-Security-Agent-rule-returns-Bad-Request-response.yml @@ -0,0 +1,22 @@ +http_interactions: +- recorded_at: Tue, 11 Jan 2022 18:11:35 GMT + request: + body: + encoding: UTF-8 + string: '{"data":{"attributes":{"description":"Test Agent rule","enabled":true,"expression":"open.file.path + = sh","name":"testcreateacloudworkloadsecurityagentrulereturnsbadrequestresponse1641924695"},"type":"agent_rule"}}' + headers: + Content-Type: + - application/json + method: POST + uri: https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules + response: + body: + encoding: UTF-8 + string: '{"errors":["input_validation_error(Field ''expression'' is invalid: + rule `testcreateacloudworkloadsecurityagentrulereturnsbadrequestresponse1641924695` + definition error: syntax error: 1:18: unexpected token \"sh\" (expected \"~\"))"]}' + status: + code: 400 + message: Bad Request +recorded_with: VCR 6.0.0 diff --git a/cassettes/features/v2/cloud_workload_security/Create-a-Cloud-Workload-Security-Agent-rule-returns-OK-response.frozen b/cassettes/features/v2/cloud_workload_security/Create-a-Cloud-Workload-Security-Agent-rule-returns-OK-response.frozen new file mode 100644 index 000000000000..5eed567f177c --- /dev/null +++ b/cassettes/features/v2/cloud_workload_security/Create-a-Cloud-Workload-Security-Agent-rule-returns-OK-response.frozen @@ -0,0 +1 @@ +2022-01-11T18:11:35.663Z \ No newline at end of file diff --git a/cassettes/features/v2/cloud_workload_security/Create-a-Cloud-Workload-Security-Agent-rule-returns-OK-response.yml b/cassettes/features/v2/cloud_workload_security/Create-a-Cloud-Workload-Security-Agent-rule-returns-OK-response.yml new file mode 100644 index 000000000000..c927391d0d4a --- /dev/null +++ b/cassettes/features/v2/cloud_workload_security/Create-a-Cloud-Workload-Security-Agent-rule-returns-OK-response.yml @@ -0,0 +1,35 @@ +http_interactions: +- recorded_at: Tue, 11 Jan 2022 18:11:35 GMT + request: + body: + encoding: UTF-8 + string: '{"data":{"attributes":{"description":"Test Agent rule","enabled":true,"expression":"exec.file.name + == \"sh\"","name":"testcreateacloudworkloadsecurityagentrulereturnsokresponse1641924695"},"type":"agent_rule"}}' + headers: + Content-Type: + - application/json;charset=utf-8 + method: POST + uri: https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules + response: + body: + encoding: UTF-8 + string: '{"data":{"attributes":{"category":"Process Activity","name":"testcreateacloudworkloadsecurityagentrulereturnsokresponse1641924695","creator":{"handle":"frog@datadoghq.com","name":null},"description":"Test + Agent rule","enabled":true,"defaultRule":false,"version":1,"updater":{"handle":"frog@datadoghq.com","name":null},"updateDate":1641924696117,"creationDate":1641924696117,"expression":"exec.file.name + == \"sh\""},"type":"agent_rule","id":"neo-you-kxc"}}' + status: + code: 200 + message: OK +- recorded_at: Tue, 11 Jan 2022 18:11:35 GMT + request: + body: null + headers: {} + method: DELETE + uri: https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/neo-you-kxc + response: + body: + encoding: UTF-8 + string: '' + status: + code: 204 + message: No Content +recorded_with: VCR 6.0.0 diff --git a/cassettes/features/v2/cloud_workload_security/Delete-a-Cloud-Workload-Security-Agent-rule-returns-Not-Found-response.frozen b/cassettes/features/v2/cloud_workload_security/Delete-a-Cloud-Workload-Security-Agent-rule-returns-Not-Found-response.frozen new file mode 100644 index 000000000000..1a1bda4012ee --- /dev/null +++ b/cassettes/features/v2/cloud_workload_security/Delete-a-Cloud-Workload-Security-Agent-rule-returns-Not-Found-response.frozen @@ -0,0 +1 @@ +2022-01-11T18:11:36.467Z \ No newline at end of file diff --git a/cassettes/features/v2/cloud_workload_security/Delete-a-Cloud-Workload-Security-Agent-rule-returns-Not-Found-response.yml b/cassettes/features/v2/cloud_workload_security/Delete-a-Cloud-Workload-Security-Agent-rule-returns-Not-Found-response.yml new file mode 100644 index 000000000000..60a42cb359a8 --- /dev/null +++ b/cassettes/features/v2/cloud_workload_security/Delete-a-Cloud-Workload-Security-Agent-rule-returns-Not-Found-response.yml @@ -0,0 +1,17 @@ +http_interactions: +- recorded_at: Tue, 11 Jan 2022 18:11:36 GMT + request: + body: null + headers: + Content-Type: + - application/json + method: DELETE + uri: https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/abc-123-xyz + response: + body: + encoding: UTF-8 + string: '{"errors":["not_found(Agent rule not found: agentRuleId=abc-123-xyz)"]}' + status: + code: 404 + message: Not Found +recorded_with: VCR 6.0.0 diff --git a/cassettes/features/v2/cloud_workload_security/Delete-a-Cloud-Workload-Security-Agent-rule-returns-OK-response.frozen b/cassettes/features/v2/cloud_workload_security/Delete-a-Cloud-Workload-Security-Agent-rule-returns-OK-response.frozen new file mode 100644 index 000000000000..beb1d74fd39b --- /dev/null +++ b/cassettes/features/v2/cloud_workload_security/Delete-a-Cloud-Workload-Security-Agent-rule-returns-OK-response.frozen @@ -0,0 +1 @@ +2022-01-11T18:11:36.954Z \ No newline at end of file diff --git a/cassettes/features/v2/cloud_workload_security/Delete-a-Cloud-Workload-Security-Agent-rule-returns-OK-response.yml b/cassettes/features/v2/cloud_workload_security/Delete-a-Cloud-Workload-Security-Agent-rule-returns-OK-response.yml new file mode 100644 index 000000000000..3c55d03c74b7 --- /dev/null +++ b/cassettes/features/v2/cloud_workload_security/Delete-a-Cloud-Workload-Security-Agent-rule-returns-OK-response.yml @@ -0,0 +1,50 @@ +http_interactions: +- recorded_at: Tue, 11 Jan 2022 18:11:36 GMT + request: + body: + encoding: UTF-8 + string: '{"data":{"attributes":{"description":"My Agent rule","enabled":true,"expression":"exec.file.name + == \"sh\"","name":"testdeleteacloudworkloadsecurityagentrulereturnsokresponse1641924696"},"type":"agent_rule"}}' + headers: + Content-Type: + - application/json;charset=utf-8 + method: POST + uri: https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules + response: + body: + encoding: UTF-8 + string: '{"data":{"attributes":{"category":"Process Activity","name":"testdeleteacloudworkloadsecurityagentrulereturnsokresponse1641924696","creator":{"handle":"frog@datadoghq.com","name":null},"description":"My + Agent rule","enabled":true,"defaultRule":false,"version":1,"updater":{"handle":"frog@datadoghq.com","name":null},"updateDate":1641924697412,"creationDate":1641924697412,"expression":"exec.file.name + == \"sh\""},"type":"agent_rule","id":"amw-qoo-bfl"}}' + status: + code: 200 + message: OK +- recorded_at: Tue, 11 Jan 2022 18:11:36 GMT + request: + body: null + headers: {} + method: DELETE + uri: https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/amw-qoo-bfl + response: + body: + encoding: UTF-8 + string: '' + status: + code: 204 + message: No Content +- recorded_at: Tue, 11 Jan 2022 18:11:36 GMT + request: + body: null + headers: + Content-Type: + - application/json + method: DELETE + uri: https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/amw-qoo-bfl + response: + body: + encoding: UTF-8 + string: '{"errors":["not_found(Agent rule not found: agentRuleId=amw-qoo-bfl)"]}' + status: + code: 404 + message: Not Found +recorded_with: VCR 6.0.0 diff --git a/cassettes/features/v2/cloud_workload_security/Get-a-Cloud-Workload-Security-Agent-rule-returns-Not-Found-response.frozen b/cassettes/features/v2/cloud_workload_security/Get-a-Cloud-Workload-Security-Agent-rule-returns-Not-Found-response.frozen new file mode 100644 index 000000000000..712680a66f16 --- /dev/null +++ b/cassettes/features/v2/cloud_workload_security/Get-a-Cloud-Workload-Security-Agent-rule-returns-Not-Found-response.frozen @@ -0,0 +1 @@ +2022-01-11T18:11:38.248Z \ No newline at end of file diff --git a/cassettes/features/v2/cloud_workload_security/Get-a-Cloud-Workload-Security-Agent-rule-returns-Not-Found-response.yml b/cassettes/features/v2/cloud_workload_security/Get-a-Cloud-Workload-Security-Agent-rule-returns-Not-Found-response.yml new file mode 100644 index 000000000000..c623db0a0b35 --- /dev/null +++ b/cassettes/features/v2/cloud_workload_security/Get-a-Cloud-Workload-Security-Agent-rule-returns-Not-Found-response.yml @@ -0,0 +1,17 @@ +http_interactions: +- recorded_at: Tue, 11 Jan 2022 18:11:38 GMT + request: + body: null + headers: + Content-Type: + - application/json + method: GET + uri: https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/abc-123-xyz + response: + body: + encoding: UTF-8 + string: '{"errors":["not_found(Agent rule not found: agentRuleId=abc-123-xyz)"]}' + status: + code: 404 + message: Not Found +recorded_with: VCR 6.0.0 diff --git a/cassettes/features/v2/cloud_workload_security/Get-a-Cloud-Workload-Security-Agent-rule-returns-OK-response.frozen b/cassettes/features/v2/cloud_workload_security/Get-a-Cloud-Workload-Security-Agent-rule-returns-OK-response.frozen new file mode 100644 index 000000000000..30ef34d34aa5 --- /dev/null +++ b/cassettes/features/v2/cloud_workload_security/Get-a-Cloud-Workload-Security-Agent-rule-returns-OK-response.frozen @@ -0,0 +1 @@ +2022-01-11T18:11:38.609Z \ No newline at end of file diff --git a/cassettes/features/v2/cloud_workload_security/Get-a-Cloud-Workload-Security-Agent-rule-returns-OK-response.yml b/cassettes/features/v2/cloud_workload_security/Get-a-Cloud-Workload-Security-Agent-rule-returns-OK-response.yml new file mode 100644 index 000000000000..9841bde82905 --- /dev/null +++ b/cassettes/features/v2/cloud_workload_security/Get-a-Cloud-Workload-Security-Agent-rule-returns-OK-response.yml @@ -0,0 +1,52 @@ +http_interactions: +- recorded_at: Tue, 11 Jan 2022 18:11:38 GMT + request: + body: + encoding: UTF-8 + string: '{"data":{"attributes":{"description":"My Agent rule","enabled":true,"expression":"exec.file.name + == \"sh\"","name":"testgetacloudworkloadsecurityagentrulereturnsokresponse1641924698"},"type":"agent_rule"}}' + headers: + Content-Type: + - application/json;charset=utf-8 + method: POST + uri: https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules + response: + body: + encoding: UTF-8 + string: '{"data":{"attributes":{"category":"Process Activity","name":"testgetacloudworkloadsecurityagentrulereturnsokresponse1641924698","creator":{"handle":"frog@datadoghq.com","name":null},"description":"My + Agent rule","enabled":true,"defaultRule":false,"version":1,"updater":{"handle":"frog@datadoghq.com","name":null},"updateDate":1641924699059,"creationDate":1641924699059,"expression":"exec.file.name + == \"sh\""},"type":"agent_rule","id":"ves-zq4-ukf"}}' + status: + code: 200 + message: OK +- recorded_at: Tue, 11 Jan 2022 18:11:38 GMT + request: + body: null + headers: + Content-Type: + - application/json;charset=utf-8 + method: GET + uri: https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/ves-zq4-ukf + response: + body: + encoding: UTF-8 + string: '{"data":{"attributes":{"category":"Process Activity","name":"testgetacloudworkloadsecurityagentrulereturnsokresponse1641924698","creator":{"handle":"frog@datadoghq.com","name":null},"description":"My + Agent rule","enabled":true,"defaultRule":false,"version":1,"updater":{"handle":"frog@datadoghq.com","name":null},"updateDate":1641924699059,"creationDate":1641924699059,"expression":"exec.file.name + == \"sh\""},"type":"agent_rule","id":"ves-zq4-ukf"}}' + status: + code: 200 + message: OK +- recorded_at: Tue, 11 Jan 2022 18:11:38 GMT + request: + body: null + headers: {} + method: DELETE + uri: https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/ves-zq4-ukf + response: + body: + encoding: UTF-8 + string: '' + status: + code: 204 + message: No Content +recorded_with: VCR 6.0.0 diff --git a/cassettes/features/v2/cloud_workload_security/Get-all-Cloud-Workload-Security-Agent-rules-returns-OK-response.frozen b/cassettes/features/v2/cloud_workload_security/Get-all-Cloud-Workload-Security-Agent-rules-returns-OK-response.frozen new file mode 100644 index 000000000000..a786ece34ab7 --- /dev/null +++ b/cassettes/features/v2/cloud_workload_security/Get-all-Cloud-Workload-Security-Agent-rules-returns-OK-response.frozen @@ -0,0 +1 @@ +2022-01-11T18:11:39.829Z \ No newline at end of file diff --git a/cassettes/features/v2/cloud_workload_security/Get-all-Cloud-Workload-Security-Agent-rules-returns-OK-response.yml b/cassettes/features/v2/cloud_workload_security/Get-all-Cloud-Workload-Security-Agent-rules-returns-OK-response.yml new file mode 100644 index 000000000000..bcb4fcf410c7 --- /dev/null +++ b/cassettes/features/v2/cloud_workload_security/Get-all-Cloud-Workload-Security-Agent-rules-returns-OK-response.yml @@ -0,0 +1,512 @@ +http_interactions: +- recorded_at: Tue, 11 Jan 2022 18:11:39 GMT + request: + body: + encoding: UTF-8 + string: '{"data":{"attributes":{"description":"My Agent rule","enabled":true,"expression":"exec.file.name + == \"sh\"","name":"testgetallcloudworkloadsecurityagentrulesreturnsokresponse1641924699"},"type":"agent_rule"}}' + headers: + Content-Type: + - application/json;charset=utf-8 + method: POST + uri: https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules + response: + body: + encoding: UTF-8 + string: '{"data":{"attributes":{"category":"Process Activity","name":"testgetallcloudworkloadsecurityagentrulesreturnsokresponse1641924699","creator":{"handle":"frog@datadoghq.com","name":null},"description":"My + Agent rule","enabled":true,"defaultRule":false,"version":1,"updater":{"handle":"frog@datadoghq.com","name":null},"updateDate":1641924700266,"creationDate":1641924700266,"expression":"exec.file.name + == \"sh\""},"type":"agent_rule","id":"53f-w4l-u7y"}}' + status: + code: 200 + message: OK +- recorded_at: Tue, 11 Jan 2022 18:11:39 GMT + request: + body: null + headers: + Content-Type: + - application/json;charset=utf-8 + method: GET + uri: https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules + response: + body: + encoding: UTF-8 + string: '{"data":[{"attributes":{"category":"Process Activity","name":"testgetallcloudworkloadsecurityagentrulesreturnsokresponse1641924699","creator":{"handle":"frog@datadoghq.com","name":null},"description":"My + Agent rule","enabled":true,"defaultRule":false,"version":1,"updater":{"handle":"frog@datadoghq.com","name":null},"updateDate":1641924700266,"creationDate":1641924700266,"expression":"exec.file.name + == \"sh\""},"type":"agent_rule","id":"53f-w4l-u7y"},{"attributes":{"category":"File + Activity","name":"Test_Create_a_detection_rule_with_type_workload_security_returns_OK_response_1640112926_kernel_module_unlink_2","creator":{"handle":"frog@datadoghq.com","name":null},"description":"Test-Create_a_detection_rule_with_type_workload_security_returns_OK_response-1640112926","enabled":true,"defaultRule":false,"version":1,"updater":{"handle":"frog@datadoghq.com","name":null},"updateDate":1640112926362,"creationDate":1640112926362,"expression":"(open.flags + & ((O_CREAT|O_RDWR|O_WRONLY|O_TRUNC)) > 0)"},"type":"agent_rule","id":"aty-xc4-6xu"},{"attributes":{"category":"File + Activity","name":"Test_Typescript_Create_a_detection_rule_with_type_workload_security_returns_OK_response_1640112776_kernel_module_unlink_2","creator":{"handle":"frog@datadoghq.com","name":null},"description":"Test-Typescript-Create_a_detection_rule_with_type_workload_security_returns_OK_response-1640112776","enabled":true,"defaultRule":false,"version":1,"updater":{"handle":"frog@datadoghq.com","name":null},"updateDate":1640112776427,"creationDate":1640112776427,"expression":"(open.flags + & ((O_CREAT|O_RDWR|O_WRONLY|O_TRUNC)) > 0)"},"type":"agent_rule","id":"1sj-l8u-z7x"},{"attributes":{"category":"File + Activity","name":"Test_Typescript_Create_a_detection_rule_with_type_workload_security_returns_OK_response_1640111630_kernel_module_unlink_2","creator":{"handle":"frog@datadoghq.com","name":null},"description":"Test-Typescript-Create_a_detection_rule_with_type_workload_security_returns_OK_response-1640111630","enabled":true,"defaultRule":false,"version":1,"updater":{"handle":"frog@datadoghq.com","name":null},"updateDate":1640111630446,"creationDate":1640111630446,"expression":"(open.flags + & ((O_CREAT|O_RDWR|O_WRONLY|O_TRUNC)) > 0)"},"type":"agent_rule","id":"zks-jxq-glc"},{"attributes":{"category":"File + Activity","name":"Test_Python_Create_a_detection_rule_with_type_workload_security_returns_OK_response_1638987059_kernel_module_unlink_2","creator":{"handle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca","name":"CI + Account"},"description":"Test-Python-Create_a_detection_rule_with_type_workload_security_returns_OK_response-1638987059","enabled":true,"defaultRule":false,"version":1,"updater":{"handle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca","name":"CI + Account"},"updateDate":1638987059843,"creationDate":1638987059843,"expression":"(open.flags + & ((O_CREAT|O_RDWR|O_WRONLY|O_TRUNC)) > 0)"},"type":"agent_rule","id":"b2b-x8h-uxm"},{"attributes":{"category":"Process + Activity","name":"apparmor_modified_tty","creator":{"handle":"","name":""},"description":"AppArmor + Profile Modified","enabled":true,"defaultRule":true,"version":1,"updater":{"handle":"","name":""},"updateDate":1636729678630,"creationDate":1627392836162,"expression":"exec.file.name + in [\"aa-disable\", \"aa-complain\", \"aa-audit\"] && exec.tty_name !=\"\""},"type":"agent_rule","id":"co8-xps-lpv"},{"attributes":{"category":"Process + Activity","name":"net_util","creator":{"handle":"","name":""},"description":"Network + utility executed","enabled":true,"defaultRule":true,"version":2,"updater":{"handle":"","name":""},"updateDate":1636729678296,"creationDate":1617722067377,"expression":"(exec.file.path + in [\"/usr/bin/socat\", \"/usr/bin/dig\", \"/usr/bin/nslookup\", \"/usr/bin/netcat\", + \"/usr/bin/nc\"] ||\n exec.file.path in [\"/usr/bin/wget\", \"/usr/bin/curl\"]) + &&\ncontainer.id == \"\" && (exec.args not in [ ~\"*localhost*\", ~\"*127.0.0.1*\", + ~\"*motd.ubuntu.com*\" ] || process.ancestors.comm != \"50-motd-news\")"},"type":"agent_rule","id":"mjc-zth-bxf"},{"attributes":{"category":"File + Activity","name":"pci_11_5_critical_binaries_chmod","creator":{"handle":"","name":""},"description":"Critical + System Binaries","enabled":true,"defaultRule":true,"version":4,"updater":{"handle":"","name":""},"updateDate":1636729678212,"creationDate":1606142933669,"expression":"(\n (chmod.file.path + in [ ~\"/bin/*\", ~\"/sbin/*\", ~\"/usr/bin/*\", ~\"/usr/sbin/*\", ~\"/usr/local/bin/*\", + ~\"/usr/local/sbin/*\", ~\"/boot/*\" ])\n && process.file.path not in [\"/usr/bin/apt\", + \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n && process.ancestors.file.path + not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", + \"/usr/bin/aptitude-curses\", \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n) + && chmod.mode != chmod.file.mode"},"type":"agent_rule","id":"bqd-49k-okj"},{"attributes":{"category":"File + Activity","name":"pci_11_5_critical_binaries_chown","creator":{"handle":"","name":""},"description":"Critical + System Binaries","enabled":true,"defaultRule":true,"version":4,"updater":{"handle":"","name":""},"updateDate":1636729678212,"creationDate":1606142933669,"expression":"(\n (chown.file.path + in [ ~\"/bin/*\", ~\"/sbin/*\", ~\"/usr/bin/*\", ~\"/usr/sbin/*\", ~\"/usr/local/bin/*\", + ~\"/usr/local/sbin/*\", ~\"/boot/*\" ])\n && process.file.path not in [\"/usr/bin/apt\", + \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n && process.ancestors.file.path + not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", + \"/usr/bin/aptitude-curses\", \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n) + && (chown.uid != chown.file.uid || chown.gid != chown.file.gid)"},"type":"agent_rule","id":"vmf-blr-5ym"},{"attributes":{"category":"File + Activity","name":"pci_11_5_critical_binaries_link","creator":{"handle":"","name":""},"description":"Critical + System Binaries","enabled":true,"defaultRule":true,"version":4,"updater":{"handle":"","name":""},"updateDate":1636729678212,"creationDate":1606142933669,"expression":"(\n (link.file.path + in [ ~\"/bin/*\", ~\"/sbin/*\", ~\"/usr/bin/*\", ~\"/usr/sbin/*\", ~\"/usr/local/bin/*\", + ~\"/usr/local/sbin/*\", ~\"/boot/*\" ]\n || link.file.destination.path + in [ ~\"/bin/*\", ~\"/sbin/*\", ~\"/usr/bin/*\", ~\"/usr/sbin/*\", ~\"/usr/local/bin/*\", + ~\"/usr/local/sbin/*\", ~\"/boot/*\" ])\n && process.file.path not in [\"/usr/bin/apt\", + \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n && process.ancestors.file.path + not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", + \"/usr/bin/aptitude-curses\", \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n)"},"type":"agent_rule","id":"ara-g5o-lzw"},{"attributes":{"category":"File + Activity","name":"pci_11_5_critical_binaries_rename","creator":{"handle":"","name":""},"description":"Critical + System Binaries","enabled":true,"defaultRule":true,"version":4,"updater":{"handle":"","name":""},"updateDate":1636729678212,"creationDate":1606142933669,"expression":"(\n (rename.file.path + in [ ~\"/bin/*\", ~\"/sbin/*\", ~\"/usr/bin/*\", ~\"/usr/sbin/*\", ~\"/usr/local/bin/*\", + ~\"/usr/local/sbin/*\", ~\"/boot/*\" ]\n || rename.file.destination.path + in [ ~\"/bin/*\", ~\"/sbin/*\", ~\"/usr/bin/*\", ~\"/usr/sbin/*\", ~\"/usr/local/bin/*\", + ~\"/usr/local/sbin/*\", ~\"/boot/*\" ])\n && process.file.path not in [\"/usr/bin/apt\", + \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n && process.ancestors.file.path + not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", + \"/usr/bin/aptitude-curses\", \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n)"},"type":"agent_rule","id":"nak-aic-3fl"},{"attributes":{"category":"File + Activity","name":"pci_11_5_critical_binaries_open","creator":{"handle":"","name":""},"description":"Critical + System Binaries","enabled":true,"defaultRule":true,"version":4,"updater":{"handle":"","name":""},"updateDate":1636729678212,"creationDate":1606142933669,"expression":"(\n open.flags + & (O_CREAT|O_TRUNC|O_RDWR|O_WRONLY) > 0 &&\n (open.file.path in [ ~\"/bin/*\", + ~\"/sbin/*\", ~\"/usr/bin/*\", ~\"/usr/sbin/*\", ~\"/usr/local/bin/*\", ~\"/usr/local/sbin/*\", + ~\"/boot/*\" ])\n && process.file.path not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", + \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n && process.ancestors.file.path + not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", + \"/usr/bin/aptitude-curses\", \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n)"},"type":"agent_rule","id":"mqq-cz6-21w"},{"attributes":{"category":"File + Activity","name":"pci_11_5_critical_binaries_unlink","creator":{"handle":"","name":""},"description":"Critical + System Binaries","enabled":true,"defaultRule":true,"version":4,"updater":{"handle":"","name":""},"updateDate":1636729678212,"creationDate":1606142933669,"expression":"(\n (unlink.file.path + in [ ~\"/bin/*\", ~\"/sbin/*\", ~\"/usr/bin/*\", ~\"/usr/sbin/*\", ~\"/usr/local/bin/*\", + ~\"/usr/local/sbin/*\", ~\"/boot/*\" ])\n && process.file.path not in [\"/usr/bin/apt\", + \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n && process.ancestors.file.path + not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", + \"/usr/bin/aptitude-curses\", \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n)"},"type":"agent_rule","id":"gsl-8sq-oq1"},{"attributes":{"category":"File + Activity","name":"pci_11_5_critical_binaries_utimes","creator":{"handle":"","name":""},"description":"Critical + System Binaries","enabled":true,"defaultRule":true,"version":4,"updater":{"handle":"","name":""},"updateDate":1636729678212,"creationDate":1606142933669,"expression":"(\n (utimes.file.path + in [ ~\"/bin/*\", ~\"/sbin/*\", ~\"/usr/bin/*\", ~\"/usr/sbin/*\", ~\"/usr/local/bin/*\", + ~\"/usr/local/sbin/*\", ~\"/boot/*\" ])\n && process.file.path not in [\"/usr/bin/apt\", + \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n && process.ancestors.file.path + not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", + \"/usr/bin/aptitude-curses\", \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n)"},"type":"agent_rule","id":"olg-xt1-89g"},{"attributes":{"category":"File + Activity","name":"systemd_modification_chmod","creator":{"handle":"","name":""},"description":"Systemd + Modification","enabled":true,"defaultRule":true,"version":4,"updater":{"handle":"","name":""},"updateDate":1636729678140,"creationDate":1606142929241,"expression":"(\n (chmod.file.path + in [ ~\"/lib/systemd/system/*\", ~\"/usr/lib/systemd/system/*\", ~\"/etc/systemd/system/*\" + ])\n && process.file.path not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", + \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n) && chmod.mode != chmod.file.mode"},"type":"agent_rule","id":"0wu-0v2-ldv"},{"attributes":{"category":"File + Activity","name":"systemd_modification_chown","creator":{"handle":"","name":""},"description":"Systemd + Modification","enabled":true,"defaultRule":true,"version":4,"updater":{"handle":"","name":""},"updateDate":1636729678140,"creationDate":1606142929241,"expression":"(\n (chown.file.path + in [ ~\"/lib/systemd/system/*\", ~\"/usr/lib/systemd/system/*\", ~\"/etc/systemd/system/*\" + ])\n && process.file.path not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", + \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n) && (chown.uid != chown.file.uid + || chown.gid != chown.file.gid)"},"type":"agent_rule","id":"hvh-ucz-aqi"},{"attributes":{"category":"File + Activity","name":"systemd_modification_link","creator":{"handle":"","name":""},"description":"Systemd + Modification","enabled":true,"defaultRule":true,"version":4,"updater":{"handle":"","name":""},"updateDate":1636729678140,"creationDate":1606142929241,"expression":"(\n (link.file.path + in [ ~\"/lib/systemd/system/*\", ~\"/usr/lib/systemd/system/*\", ~\"/etc/systemd/system/*\" + ]\n || link.file.destination.path in [ ~\"/lib/systemd/system/*\", ~\"/usr/lib/systemd/system/*\", + ~\"/etc/systemd/system/*\" ])\n && process.file.path not in [\"/usr/bin/apt\", + \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n)"},"type":"agent_rule","id":"yhz-hx2-jc9"},{"attributes":{"category":"File + Activity","name":"systemd_modification_rename","creator":{"handle":"","name":""},"description":"Systemd + Modification","enabled":true,"defaultRule":true,"version":4,"updater":{"handle":"","name":""},"updateDate":1636729678140,"creationDate":1606142929241,"expression":"(\n (rename.file.path + in [ ~\"/lib/systemd/system/*\", ~\"/usr/lib/systemd/system/*\", ~\"/etc/systemd/system/*\" + ]\n || rename.file.destination.path in [ ~\"/lib/systemd/system/*\", ~\"/usr/lib/systemd/system/*\", + ~\"/etc/systemd/system/*\" ])\n && process.file.path not in [\"/usr/bin/apt\", + \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n)"},"type":"agent_rule","id":"c0a-snt-z1u"},{"attributes":{"category":"File + Activity","name":"systemd_modification_open","creator":{"handle":"","name":""},"description":"Systemd + Modification","enabled":true,"defaultRule":true,"version":4,"updater":{"handle":"","name":""},"updateDate":1636729678140,"creationDate":1606142929241,"expression":"(\n open.flags + & (O_CREAT|O_RDWR|O_WRONLY) > 0 &&\n (open.file.path in [ ~\"/lib/systemd/system/*\", + ~\"/usr/lib/systemd/system/*\", ~\"/etc/systemd/system/*\" ])\n && process.file.path + not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", + \"/usr/bin/aptitude-curses\", \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n)"},"type":"agent_rule","id":"ha0-spl-siq"},{"attributes":{"category":"File + Activity","name":"systemd_modification_unlink","creator":{"handle":"","name":""},"description":"Systemd + Modification","enabled":true,"defaultRule":true,"version":4,"updater":{"handle":"","name":""},"updateDate":1636729678140,"creationDate":1606142929241,"expression":"(\n (unlink.file.path + in [ ~\"/lib/systemd/system/*\", ~\"/usr/lib/systemd/system/*\", ~\"/etc/systemd/system/*\" + ])\n && process.file.path not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", + \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n)"},"type":"agent_rule","id":"nlh-tv7-svj"},{"attributes":{"category":"File + Activity","name":"systemd_modification_utimes","creator":{"handle":"","name":""},"description":"Systemd + Modification","enabled":true,"defaultRule":true,"version":4,"updater":{"handle":"","name":""},"updateDate":1636729678140,"creationDate":1606142929241,"expression":"(\n (utimes.file.path + in [ ~\"/lib/systemd/system/*\", ~\"/usr/lib/systemd/system/*\", ~\"/etc/systemd/system/*\" + ])\n && process.file.path not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", + \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n)"},"type":"agent_rule","id":"rlb-oph-kmw"},{"attributes":{"category":"File + Activity","name":"credential_modified_chmod","creator":{"handle":"","name":""},"description":"Either + /etc/shadow/ or /etc/gshadow was modified by a non-standard tool","enabled":true,"defaultRule":true,"version":7,"updater":{"handle":"","name":""},"updateDate":1636729662623,"creationDate":1598516746271,"expression":"(\n (chmod.file.path + in [ \"/etc/shadow\", \"/etc/gshadow\" ])\n && process.file.path not in + [ \"/sbin/vipw\", \"/usr/sbin/vipw\", \"/sbin/vigr\", \"/usr/sbin/vigr\" ]\n && + process.ancestors.file.path not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", + \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n) && chmod.mode != chmod.file.mode"},"type":"agent_rule","id":"7rn-yl1-akd"},{"attributes":{"category":"File + Activity","name":"credential_modified_chown","creator":{"handle":"","name":""},"description":"Either + /etc/shadow/ or /etc/gshadow was modified by a non-standard tool","enabled":true,"defaultRule":true,"version":7,"updater":{"handle":"","name":""},"updateDate":1636729662623,"creationDate":1598516746271,"expression":"(\n (chown.file.path + in [ \"/etc/shadow\", \"/etc/gshadow\" ])\n && process.file.path not in + [ \"/sbin/vipw\", \"/usr/sbin/vipw\", \"/sbin/vigr\", \"/usr/sbin/vigr\" ]\n && + process.ancestors.file.path not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", + \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n) && (chown.uid != chown.file.uid + || chown.gid != chown.file.gid)"},"type":"agent_rule","id":"nlx-4su-cyz"},{"attributes":{"category":"File + Activity","name":"credential_modified_link","creator":{"handle":"","name":""},"description":"Either + /etc/shadow/ or /etc/gshadow was modified by a non-standard tool","enabled":true,"defaultRule":true,"version":7,"updater":{"handle":"","name":""},"updateDate":1636729662623,"creationDate":1598516746271,"expression":"(\n (link.file.path + in [ \"/etc/shadow\", \"/etc/gshadow\" ]\n || link.file.destination.path + in [ \"/etc/shadow\", \"/etc/gshadow\" ])\n && process.file.path not in + [ \"/sbin/vipw\", \"/usr/sbin/vipw\", \"/sbin/vigr\", \"/usr/sbin/vigr\" ]\n && + process.ancestors.file.path not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", + \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n)"},"type":"agent_rule","id":"lcs-wzt-tim"},{"attributes":{"category":"File + Activity","name":"credential_modified_rename","creator":{"handle":"","name":""},"description":"Either + /etc/shadow/ or /etc/gshadow was modified by a non-standard tool","enabled":true,"defaultRule":true,"version":7,"updater":{"handle":"","name":""},"updateDate":1636729662623,"creationDate":1598516746271,"expression":"(\n (rename.file.path + in [ \"/etc/shadow\", \"/etc/gshadow\" ]\n || rename.file.destination.path + in [ \"/etc/shadow\", \"/etc/gshadow\" ])\n && process.file.path not in + [ \"/sbin/vipw\", \"/usr/sbin/vipw\", \"/sbin/vigr\", \"/usr/sbin/vigr\" ]\n && + process.ancestors.file.path not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", + \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n)"},"type":"agent_rule","id":"3yx-7ri-ltm"},{"attributes":{"category":"File + Activity","name":"credential_modified_open","creator":{"handle":"","name":""},"description":"Either + /etc/shadow/ or /etc/gshadow was modified by a non-standard tool","enabled":true,"defaultRule":true,"version":7,"updater":{"handle":"","name":""},"updateDate":1636729662623,"creationDate":1598516746271,"expression":"(\n open.flags + & ((O_CREAT|O_RDWR|O_WRONLY|O_TRUNC)) > 0 &&\n (open.file.path in [ \"/etc/shadow\", + \"/etc/gshadow\" ])\n && process.file.path not in [ \"/sbin/vipw\", \"/usr/sbin/vipw\", + \"/sbin/vigr\", \"/usr/sbin/vigr\" ]\n && process.ancestors.file.path not + in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", + \"/usr/bin/aptitude-curses\", \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n)"},"type":"agent_rule","id":"73u-dhp-83d"},{"attributes":{"category":"File + Activity","name":"credential_modified_unlink","creator":{"handle":"","name":""},"description":"Either + /etc/shadow/ or /etc/gshadow was modified by a non-standard tool","enabled":true,"defaultRule":true,"version":7,"updater":{"handle":"","name":""},"updateDate":1636729662623,"creationDate":1598516746271,"expression":"(\n (unlink.file.path + in [ \"/etc/shadow\", \"/etc/gshadow\" ])\n && process.file.path not in + [ \"/sbin/vipw\", \"/usr/sbin/vipw\", \"/sbin/vigr\", \"/usr/sbin/vigr\" ]\n && + process.ancestors.file.path not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", + \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n)"},"type":"agent_rule","id":"ju9-n2l-svj"},{"attributes":{"category":"File + Activity","name":"credential_modified_utimes","creator":{"handle":"","name":""},"description":"Either + /etc/shadow/ or /etc/gshadow was modified by a non-standard tool","enabled":true,"defaultRule":true,"version":7,"updater":{"handle":"","name":""},"updateDate":1636729662623,"creationDate":1598516746271,"expression":"(\n (utimes.file.path + in [ \"/etc/shadow\", \"/etc/gshadow\" ])\n && process.file.path not in + [ \"/sbin/vipw\", \"/usr/sbin/vipw\", \"/sbin/vigr\", \"/usr/sbin/vigr\" ]\n && + process.ancestors.file.path not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", + \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n)"},"type":"agent_rule","id":"yit-c4n-yuc"},{"attributes":{"category":"File + Activity","name":"runc_modification","creator":{"handle":"","name":""},"description":"Runc + Binary Modified","enabled":true,"defaultRule":true,"version":1,"updater":{"handle":"","name":""},"updateDate":1636729662517,"creationDate":1627392837049,"expression":"open.file.path + in [\"/usr/bin/runc\", \"/usr/sbin/runc\", \"/usr/bin/docker-runc\"]\n&& open.flags + & O_CREAT|O_TRUNC|O_RDWR|O_WRONLY > 0\n&& process.file.path not in [\"/usr/bin/apt\", + \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n&& process.ancestors.file.path + not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", + \"/usr/bin/aptitude-curses\", \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]"},"type":"agent_rule","id":"dwb-ztz-idb"},{"attributes":{"category":"Process + Activity","name":"user_created_tty","creator":{"handle":"","name":""},"description":"User + Created Interactively","enabled":true,"defaultRule":true,"version":1,"updater":{"handle":"","name":""},"updateDate":1636729662452,"creationDate":1627392836979,"expression":"exec.file.name + in [\"useradd\", \"newusers\"] && exec.tty_name !=\"\""},"type":"agent_rule","id":"okh-p7y-oxy"},{"attributes":{"category":"File + Activity","name":"ssl_certificate_tampering_chmod","creator":{"handle":"","name":""},"description":"SSL + Certificate Tampering","enabled":true,"defaultRule":true,"version":4,"updater":{"handle":"","name":""},"updateDate":1636729662415,"creationDate":1606142980369,"expression":"(\n (chmod.file.path + in [ ~\"/etc/ssl/certs/*\" ])\n && process.file.path not in [\"/usr/bin/apt\", + \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n) && chmod.mode != chmod.file.mode"},"type":"agent_rule","id":"jph-e7h-k5c"},{"attributes":{"category":"File + Activity","name":"ssl_certificate_tampering_chown","creator":{"handle":"","name":""},"description":"SSL + Certificate Tampering","enabled":true,"defaultRule":true,"version":4,"updater":{"handle":"","name":""},"updateDate":1636729662415,"creationDate":1606142980369,"expression":"(\n (chown.file.path + in [ ~\"/etc/ssl/certs/*\" ])\n && process.file.path not in [\"/usr/bin/apt\", + \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n) && (chown.uid != chown.file.uid + || chown.gid != chown.file.gid)"},"type":"agent_rule","id":"wh8-pce-dnv"},{"attributes":{"category":"File + Activity","name":"ssl_certificate_tampering_link","creator":{"handle":"","name":""},"description":"SSL + Certificate Tampering","enabled":true,"defaultRule":true,"version":4,"updater":{"handle":"","name":""},"updateDate":1636729662415,"creationDate":1606142980369,"expression":"(\n (link.file.path + in [ ~\"/etc/ssl/certs/*\" ]\n || link.file.destination.path in [ ~\"/etc/ssl/certs/*\" + ])\n && process.file.path not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", + \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n)"},"type":"agent_rule","id":"1fg-cfg-d9z"},{"attributes":{"category":"File + Activity","name":"ssl_certificate_tampering_rename","creator":{"handle":"","name":""},"description":"SSL + Certificate Tampering","enabled":true,"defaultRule":true,"version":4,"updater":{"handle":"","name":""},"updateDate":1636729662415,"creationDate":1606142980369,"expression":"(\n (rename.file.path + in [ ~\"/etc/ssl/certs/*\" ]\n || rename.file.destination.path in [ ~\"/etc/ssl/certs/*\" + ])\n && process.file.path not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", + \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n)"},"type":"agent_rule","id":"r33-seu-xdb"},{"attributes":{"category":"File + Activity","name":"ssl_certificate_tampering_open","creator":{"handle":"","name":""},"description":"SSL + Certificate Tampering","enabled":true,"defaultRule":true,"version":4,"updater":{"handle":"","name":""},"updateDate":1636729662415,"creationDate":1606142980369,"expression":"(\n open.flags + & (O_CREAT|O_RDWR|O_WRONLY) > 0 &&\n (open.file.path in [ ~\"/etc/ssl/certs/*\" + ])\n && process.file.path not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", + \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n)"},"type":"agent_rule","id":"6xu-vpl-5q5"},{"attributes":{"category":"File + Activity","name":"ssl_certificate_tampering_unlink","creator":{"handle":"","name":""},"description":"SSL + Certificate Tampering","enabled":true,"defaultRule":true,"version":4,"updater":{"handle":"","name":""},"updateDate":1636729662415,"creationDate":1606142980369,"expression":"(\n (unlink.file.path + in [ ~\"/etc/ssl/certs/*\" ])\n && process.file.path not in [\"/usr/bin/apt\", + \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n)"},"type":"agent_rule","id":"4em-zez-gss"},{"attributes":{"category":"File + Activity","name":"ssl_certificate_tampering_utimes","creator":{"handle":"","name":""},"description":"SSL + Certificate Tampering","enabled":true,"defaultRule":true,"version":4,"updater":{"handle":"","name":""},"updateDate":1636729662415,"creationDate":1606142980369,"expression":"(\n (utimes.file.path + in [ ~\"/etc/ssl/certs/*\" ])\n && process.file.path not in [\"/usr/bin/apt\", + \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n)"},"type":"agent_rule","id":"syt-4u5-0dk"},{"attributes":{"category":"File + Activity","name":"kernel_module_chmod","creator":{"handle":"","name":""},"description":"A + kernel module was added to /lib/modules/","enabled":true,"defaultRule":true,"version":7,"updater":{"handle":"","name":""},"updateDate":1636729662391,"creationDate":1598516746168,"expression":"(\n (chmod.file.path + in [ ~\"/lib/modules/*\", ~\"/usr/lib/modules/*\" ])\n && process.file.path + not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", + \"/usr/bin/aptitude-curses\", \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n && + process.ancestors.file.path not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", + \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"] && process.ancestors.file.path + != \"/usr/bin/kmod\"\n) && chmod.mode != chmod.file.mode"},"type":"agent_rule","id":"wly-laz-h69"},{"attributes":{"category":"File + Activity","name":"kernel_module_chown","creator":{"handle":"","name":""},"description":"A + kernel module was added to /lib/modules/","enabled":true,"defaultRule":true,"version":7,"updater":{"handle":"","name":""},"updateDate":1636729662391,"creationDate":1598516746168,"expression":"(\n (chown.file.path + in [ ~\"/lib/modules/*\", ~\"/usr/lib/modules/*\" ])\n && process.file.path + not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", + \"/usr/bin/aptitude-curses\", \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n && + process.ancestors.file.path not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", + \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"] && process.ancestors.file.path + != \"/usr/bin/kmod\"\n) && (chown.uid != chown.file.uid || chown.gid != chown.file.gid)"},"type":"agent_rule","id":"hvb-o06-qp2"},{"attributes":{"category":"File + Activity","name":"kernel_module_link","creator":{"handle":"","name":""},"description":"A + kernel module was added to /lib/modules/","enabled":true,"defaultRule":true,"version":7,"updater":{"handle":"","name":""},"updateDate":1636729662391,"creationDate":1598516746168,"expression":"(\n (link.file.path + in [ ~\"/lib/modules/*\", ~\"/usr/lib/modules/*\" ]\n || link.file.destination.path + in [ ~\"/lib/modules/*\", ~\"/usr/lib/modules/*\" ])\n && process.file.path + not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", + \"/usr/bin/aptitude-curses\", \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n && + process.ancestors.file.path not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", + \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"] && process.ancestors.file.path + != \"/usr/bin/kmod\"\n)"},"type":"agent_rule","id":"u3x-umt-azn"},{"attributes":{"category":"File + Activity","name":"kernel_module_rename","creator":{"handle":"","name":""},"description":"A + kernel module was added to /lib/modules/","enabled":true,"defaultRule":true,"version":7,"updater":{"handle":"","name":""},"updateDate":1636729662391,"creationDate":1598516746168,"expression":"(\n (rename.file.path + in [ ~\"/lib/modules/*\", ~\"/usr/lib/modules/*\" ]\n || rename.file.destination.path + in [ ~\"/lib/modules/*\", ~\"/usr/lib/modules/*\" ])\n && process.file.path + not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", + \"/usr/bin/aptitude-curses\", \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n && + process.ancestors.file.path not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", + \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"] && process.ancestors.file.path + != \"/usr/bin/kmod\"\n)"},"type":"agent_rule","id":"yob-hgr-av2"},{"attributes":{"category":"File + Activity","name":"kernel_module_open","creator":{"handle":"","name":""},"description":"A + kernel module was added to /lib/modules/","enabled":true,"defaultRule":true,"version":7,"updater":{"handle":"","name":""},"updateDate":1636729662391,"creationDate":1598516746168,"expression":"(\n open.flags + & (O_CREAT|O_TRUNC|O_RDWR|O_WRONLY) > 0 &&\n (open.file.path in [ ~\"/lib/modules/*\", + ~\"/usr/lib/modules/*\" ])\n && process.file.path not in [\"/usr/bin/apt\", + \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n && process.ancestors.file.path + not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", + \"/usr/bin/aptitude-curses\", \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"] + && process.ancestors.file.path != \"/usr/bin/kmod\"\n)"},"type":"agent_rule","id":"w8s-nkl-ccc"},{"attributes":{"category":"File + Activity","name":"kernel_module_unlink","creator":{"handle":"","name":""},"description":"A + kernel module was added to /lib/modules/","enabled":true,"defaultRule":true,"version":7,"updater":{"handle":"","name":""},"updateDate":1636729662391,"creationDate":1598516746168,"expression":"(\n (unlink.file.path + in [ ~\"/lib/modules/*\", ~\"/usr/lib/modules/*\" ])\n && process.file.path + not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", + \"/usr/bin/aptitude-curses\", \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n && + process.ancestors.file.path not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", + \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"] && process.ancestors.file.path + != \"/usr/bin/kmod\"\n)"},"type":"agent_rule","id":"638-hmv-8rp"},{"attributes":{"category":"File + Activity","name":"kernel_module_utimes","creator":{"handle":"","name":""},"description":"A + kernel module was added to /lib/modules/","enabled":true,"defaultRule":true,"version":7,"updater":{"handle":"","name":""},"updateDate":1636729662391,"creationDate":1598516746168,"expression":"(\n (utimes.file.path + in [ ~\"/lib/modules/*\", ~\"/usr/lib/modules/*\" ])\n && process.file.path + not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", + \"/usr/bin/aptitude-curses\", \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]\n && + process.ancestors.file.path not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", + \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", + \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"] && process.ancestors.file.path + != \"/usr/bin/kmod\"\n)"},"type":"agent_rule","id":"sn1-qqj-lmm"},{"attributes":{"category":"Process + Activity","name":"compiler_in_container","creator":{"handle":"","name":""},"description":"Compiler + Executed in Container","enabled":true,"defaultRule":true,"version":1,"updater":{"handle":"","name":""},"updateDate":1636729662344,"creationDate":1627392836759,"expression":"(exec.file.name + in [\"javac\", \"clang\", \"gcc\",\"bcc\"] || (exec.file.name == \"go\" && + exec.args in [~\"*build*\", ~\"*run*\"])) && container.id !=\"\" && process.ancestors.file.path + != \"/usr/bin/cilium-agent\""},"type":"agent_rule","id":"swz-cu8-gox"},{"attributes":{"category":"Process + Activity","name":"net_util_in_container","creator":{"handle":"","name":""},"description":"Network + utility executed in container","enabled":true,"defaultRule":true,"version":2,"updater":{"handle":"","name":""},"updateDate":1636729662125,"creationDate":1617722068439,"expression":"(exec.file.path + in [\"/usr/bin/socat\", \"/usr/bin/dig\", \"/usr/bin/nslookup\", \"/usr/bin/netcat\", + \"/usr/bin/nc\"] ||\n exec.file.path in [\"/usr/bin/wget\", \"/usr/bin/curl\"]) + &&\ncontainer.id != \"\" && (exec.args not in [ ~\"*localhost*\", ~\"*127.0.0.1*\", + ~\"*motd.ubuntu.com*\" ] || process.ancestors.comm != \"50-motd-news\")"},"type":"agent_rule","id":"zol-xx6-xav"},{"attributes":{"category":"Process + Activity","name":"package_management_in_container","creator":{"handle":"","name":""},"description":"Package + management in container","enabled":true,"defaultRule":true,"version":2,"updater":{"handle":"","name":""},"updateDate":1636729662123,"creationDate":1617722067648,"expression":"exec.file.path + in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", \"/usr/bin/apt-config\", \"/usr/bin/dpkg\", + \"/usr/bin/aptitude-curses\", \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"] + && container.id != \"\""},"type":"agent_rule","id":"rpq-s0v-byk"},{"attributes":{"category":"Kernel + Activity","name":"selinux_disable_enforcement","creator":{"handle":"","name":""},"description":"SELinux + enforcement status was disabled","enabled":true,"defaultRule":true,"version":1,"updater":{"handle":"","name":""},"updateDate":1635332067172,"creationDate":1635332067172,"expression":"selinux.enforce.status + in [\"permissive\", \"disabled\"]"},"type":"agent_rule","id":"mfl-gua-chn"},{"attributes":{"category":"Process + Activity","name":"aws_metadata_service","creator":{"handle":"","name":""},"description":"EC2 + Instance Metadata Service Accessed via Network Utility","enabled":true,"defaultRule":true,"version":1,"updater":{"handle":"","name":""},"updateDate":1629226276630,"creationDate":1627392836096,"expression":"exec.file.path + in [\"/usr/bin/wget\", \"/usr/bin/curl\"] && exec.args in [~\"*169.254.169.254*\"]"},"type":"agent_rule","id":"3sv-de2-dyg"},{"attributes":{"category":"File + Activity","name":"cron_at_job_creation_chmod","creator":{"handle":"","name":""},"description":"Cron + AT Job Creation","enabled":true,"defaultRule":true,"version":4,"updater":{"handle":"","name":""},"updateDate":1628512222418,"creationDate":1606142961130,"expression":"(\n (chmod.file.path + in [ ~\"/var/spool/cron/*\" ])\n && process.file.path not in [ \"/usr/bin/at\", + \"/usr/bin/crontab\" ]\n) && chmod.mode != chmod.file.mode"},"type":"agent_rule","id":"5ko-ri2-fsq"},{"attributes":{"category":"File + Activity","name":"cron_at_job_creation_chown","creator":{"handle":"","name":""},"description":"Cron + AT Job Creation","enabled":true,"defaultRule":true,"version":4,"updater":{"handle":"","name":""},"updateDate":1628512222418,"creationDate":1606142961130,"expression":"(\n (chown.file.path + in [ ~\"/var/spool/cron/*\" ])\n && process.file.path not in [ \"/usr/bin/at\", + \"/usr/bin/crontab\" ]\n) && (chown.uid != chown.file.uid || chown.gid != + chown.file.gid)"},"type":"agent_rule","id":"5hx-hpg-6da"},{"attributes":{"category":"File + Activity","name":"cron_at_job_creation_link","creator":{"handle":"","name":""},"description":"Cron + AT Job Creation","enabled":true,"defaultRule":true,"version":4,"updater":{"handle":"","name":""},"updateDate":1628512222418,"creationDate":1606142961130,"expression":"(\n (link.file.path + in [ ~\"/var/spool/cron/*\" ]\n || link.file.destination.path in [ ~\"/var/spool/cron/*\" + ])\n && process.file.path not in [ \"/usr/bin/at\", \"/usr/bin/crontab\" + ]\n)"},"type":"agent_rule","id":"kva-yaj-2r0"},{"attributes":{"category":"File + Activity","name":"cron_at_job_creation_rename","creator":{"handle":"","name":""},"description":"Cron + AT Job Creation","enabled":true,"defaultRule":true,"version":4,"updater":{"handle":"","name":""},"updateDate":1628512222418,"creationDate":1606142961130,"expression":"(\n (rename.file.path + in [ ~\"/var/spool/cron/*\" ]\n || rename.file.destination.path in [ ~\"/var/spool/cron/*\" + ])\n && process.file.path not in [ \"/usr/bin/at\", \"/usr/bin/crontab\" + ]\n)"},"type":"agent_rule","id":"fyv-egz-wjr"},{"attributes":{"category":"File + Activity","name":"cron_at_job_creation_open","creator":{"handle":"","name":""},"description":"Cron + AT Job Creation","enabled":true,"defaultRule":true,"version":4,"updater":{"handle":"","name":""},"updateDate":1628512222418,"creationDate":1606142961130,"expression":"(\n open.flags + & (O_CREAT|O_RDWR|O_WRONLY) > 0 &&\n (open.file.path in [ ~\"/var/spool/cron/*\" + ])\n && process.file.path not in [ \"/usr/bin/at\", \"/usr/bin/crontab\" + ]\n)"},"type":"agent_rule","id":"cl8-hiq-mau"},{"attributes":{"category":"File + Activity","name":"cron_at_job_creation_unlink","creator":{"handle":"","name":""},"description":"Cron + AT Job Creation","enabled":true,"defaultRule":true,"version":4,"updater":{"handle":"","name":""},"updateDate":1628512222418,"creationDate":1606142961130,"expression":"(\n (unlink.file.path + in [ ~\"/var/spool/cron/*\" ])\n && process.file.path not in [ \"/usr/bin/at\", + \"/usr/bin/crontab\" ]\n)"},"type":"agent_rule","id":"hnt-00g-txf"},{"attributes":{"category":"File + Activity","name":"cron_at_job_creation_utimes","creator":{"handle":"","name":""},"description":"Cron + AT Job Creation","enabled":true,"defaultRule":true,"version":4,"updater":{"handle":"","name":""},"updateDate":1628512222418,"creationDate":1606142961130,"expression":"(\n (utimes.file.path + in [ ~\"/var/spool/cron/*\" ])\n && process.file.path not in [ \"/usr/bin/at\", + \"/usr/bin/crontab\" ]\n)"},"type":"agent_rule","id":"ydk-62c-kih"},{"attributes":{"category":"File + Activity","name":"nsswitch_conf_mod_chmod","creator":{"handle":"","name":""},"description":"Nsswitch + Configuration Modified","enabled":true,"defaultRule":true,"version":3,"updater":{"handle":"","name":""},"updateDate":1628512222322,"creationDate":1606142958657,"expression":"(\n (chmod.file.path + in [ \"/etc/nsswitch.conf\" ])\n) && chmod.mode != chmod.file.mode"},"type":"agent_rule","id":"tg3-lhy-fng"},{"attributes":{"category":"File + Activity","name":"nsswitch_conf_mod_chown","creator":{"handle":"","name":""},"description":"Nsswitch + Configuration Modified","enabled":true,"defaultRule":true,"version":3,"updater":{"handle":"","name":""},"updateDate":1628512222322,"creationDate":1606142958657,"expression":"(\n (chown.file.path + in [ \"/etc/nsswitch.conf\" ])\n) && (chown.uid != chown.file.uid || chown.gid + != chown.file.gid)"},"type":"agent_rule","id":"ui3-rxd-ouv"},{"attributes":{"category":"File + Activity","name":"nsswitch_conf_mod_link","creator":{"handle":"","name":""},"description":"Nsswitch + Configuration Modified","enabled":true,"defaultRule":true,"version":3,"updater":{"handle":"","name":""},"updateDate":1628512222322,"creationDate":1606142958657,"expression":"(\n (link.file.path + in [ \"/etc/nsswitch.conf\" ]\n || link.file.destination.path in [ \"/etc/nsswitch.conf\" + ])\n)"},"type":"agent_rule","id":"tdh-yso-cch"},{"attributes":{"category":"File + Activity","name":"nsswitch_conf_mod_rename","creator":{"handle":"","name":""},"description":"Nsswitch + Configuration Modified","enabled":true,"defaultRule":true,"version":3,"updater":{"handle":"","name":""},"updateDate":1628512222322,"creationDate":1606142958657,"expression":"(\n (rename.file.path + in [ \"/etc/nsswitch.conf\" ]\n || rename.file.destination.path in [ \"/etc/nsswitch.conf\" + ])\n)"},"type":"agent_rule","id":"cn5-mzx-acs"},{"attributes":{"category":"File + Activity","name":"nsswitch_conf_mod_open","creator":{"handle":"","name":""},"description":"Nsswitch + Configuration Modified","enabled":true,"defaultRule":true,"version":3,"updater":{"handle":"","name":""},"updateDate":1628512222322,"creationDate":1606142958657,"expression":"(\n open.flags + & ((O_RDWR|O_WRONLY|O_CREAT)) > 0 &&\n (open.file.path in [ \"/etc/nsswitch.conf\" + ])\n)"},"type":"agent_rule","id":"ptk-tgf-tgv"},{"attributes":{"category":"File + Activity","name":"nsswitch_conf_mod_unlink","creator":{"handle":"","name":""},"description":"Nsswitch + Configuration Modified","enabled":true,"defaultRule":true,"version":3,"updater":{"handle":"","name":""},"updateDate":1628512222322,"creationDate":1606142958657,"expression":"(\n (unlink.file.path + in [ \"/etc/nsswitch.conf\" ])\n)"},"type":"agent_rule","id":"5mh-sti-1da"},{"attributes":{"category":"File + Activity","name":"nsswitch_conf_mod_utimes","creator":{"handle":"","name":""},"description":"Nsswitch + Configuration Modified","enabled":true,"defaultRule":true,"version":3,"updater":{"handle":"","name":""},"updateDate":1628512222322,"creationDate":1606142958657,"expression":"(\n (utimes.file.path + in [ \"/etc/nsswitch.conf\" ])\n)"},"type":"agent_rule","id":"q5r-uh7-rjd"},{"attributes":{"category":"File + Activity","name":"ssh_authorized_keys_chmod","creator":{"handle":"","name":""},"description":"SSH + Authorized Keys Modified","enabled":true,"defaultRule":true,"version":3,"updater":{"handle":"","name":""},"updateDate":1628512221784,"creationDate":1606142954844,"expression":"(\n chmod.file.name + == \"authorized_keys\" && (chmod.file.path in [ ~\"*/.ssh/*\" ])\n) && chmod.mode + != chmod.file.mode"},"type":"agent_rule","id":"hfa-afm-lkz"},{"attributes":{"category":"File + Activity","name":"ssh_authorized_keys_chown","creator":{"handle":"","name":""},"description":"SSH + Authorized Keys Modified","enabled":true,"defaultRule":true,"version":3,"updater":{"handle":"","name":""},"updateDate":1628512221784,"creationDate":1606142954844,"expression":"(\n chown.file.name + == \"authorized_keys\" && (chown.file.path in [ ~\"*/.ssh/*\" ])\n) && (chown.uid + != chown.file.uid || chown.gid != chown.file.gid)"},"type":"agent_rule","id":"8bt-r0b-ke2"},{"attributes":{"category":"File + Activity","name":"ssh_authorized_keys_link","creator":{"handle":"","name":""},"description":"SSH + Authorized Keys Modified","enabled":true,"defaultRule":true,"version":3,"updater":{"handle":"","name":""},"updateDate":1628512221784,"creationDate":1606142954844,"expression":"(\n link.file.name + == \"authorized_keys\" && (link.file.path in [ ~\"*/.ssh/*\" ]\n || link.file.destination.path + in [ ~\"*/.ssh/*\" ])\n)"},"type":"agent_rule","id":"usu-ttx-ar8"},{"attributes":{"category":"File + Activity","name":"ssh_authorized_keys_rename","creator":{"handle":"","name":""},"description":"SSH + Authorized Keys Modified","enabled":true,"defaultRule":true,"version":3,"updater":{"handle":"","name":""},"updateDate":1628512221784,"creationDate":1606142954844,"expression":"(\n rename.file.name + == \"authorized_keys\" && (rename.file.path in [ ~\"*/.ssh/*\" ]\n || rename.file.destination.path + in [ ~\"*/.ssh/*\" ])\n)"},"type":"agent_rule","id":"rff-zu5-iuq"},{"attributes":{"category":"File + Activity","name":"ssh_authorized_keys_open","creator":{"handle":"","name":""},"description":"SSH + Authorized Keys Modified","enabled":true,"defaultRule":true,"version":3,"updater":{"handle":"","name":""},"updateDate":1628512221784,"creationDate":1606142954844,"expression":"(\n open.flags + & (O_CREAT|O_TRUNC|O_RDWR|O_WRONLY) > 0 &&\n open.file.name == \"authorized_keys\" + && (open.file.path in [ ~\"*/.ssh/*\" ])\n)"},"type":"agent_rule","id":"wuh-ico-mcr"},{"attributes":{"category":"File + Activity","name":"ssh_authorized_keys_unlink","creator":{"handle":"","name":""},"description":"SSH + Authorized Keys Modified","enabled":true,"defaultRule":true,"version":3,"updater":{"handle":"","name":""},"updateDate":1628512221784,"creationDate":1606142954844,"expression":"(\n unlink.file.name + == \"authorized_keys\" && (unlink.file.path in [ ~\"*/.ssh/*\" ])\n)"},"type":"agent_rule","id":"65g-yw8-f7s"},{"attributes":{"category":"File + Activity","name":"ssh_authorized_keys_utimes","creator":{"handle":"","name":""},"description":"SSH + Authorized Keys Modified","enabled":true,"defaultRule":true,"version":3,"updater":{"handle":"","name":""},"updateDate":1628512221784,"creationDate":1606142954844,"expression":"(\n utimes.file.name + == \"authorized_keys\" && (utimes.file.path in [ ~\"*/.ssh/*\" ])\n)"},"type":"agent_rule","id":"hhj-zh9-fyj"},{"attributes":{"category":"File + Activity","name":"pam_modification_chmod","creator":{"handle":"","name":""},"description":"PAM + Configuration Files Modification","enabled":true,"defaultRule":true,"version":3,"updater":{"handle":"","name":""},"updateDate":1628512221276,"creationDate":1606142936138,"expression":"(\n (chmod.file.path + in [ ~\"/etc/pam.d/*\", \"/etc/pam.conf\" ])\n) && chmod.mode != chmod.file.mode"},"type":"agent_rule","id":"qoh-02q-6yi"},{"attributes":{"category":"File + Activity","name":"pam_modification_chown","creator":{"handle":"","name":""},"description":"PAM + Configuration Files Modification","enabled":true,"defaultRule":true,"version":3,"updater":{"handle":"","name":""},"updateDate":1628512221276,"creationDate":1606142936138,"expression":"(\n (chown.file.path + in [ ~\"/etc/pam.d/*\", \"/etc/pam.conf\" ])\n) && (chown.uid != chown.file.uid + || chown.gid != chown.file.gid)"},"type":"agent_rule","id":"bz8-wm4-6r8"},{"attributes":{"category":"File + Activity","name":"pam_modification_link","creator":{"handle":"","name":""},"description":"PAM + Configuration Files Modification","enabled":true,"defaultRule":true,"version":3,"updater":{"handle":"","name":""},"updateDate":1628512221276,"creationDate":1606142936138,"expression":"(\n (link.file.path + in [ ~\"/etc/pam.d/*\", \"/etc/pam.conf\" ]\n || link.file.destination.path + in [ ~\"/etc/pam.d/*\", \"/etc/pam.conf\" ])\n)"},"type":"agent_rule","id":"zdl-m7f-4on"},{"attributes":{"category":"File + Activity","name":"pam_modification_rename","creator":{"handle":"","name":""},"description":"PAM + Configuration Files Modification","enabled":true,"defaultRule":true,"version":3,"updater":{"handle":"","name":""},"updateDate":1628512221276,"creationDate":1606142936138,"expression":"(\n (rename.file.path + in [ ~\"/etc/pam.d/*\", \"/etc/pam.conf\" ]\n || rename.file.destination.path + in [ ~\"/etc/pam.d/*\", \"/etc/pam.conf\" ])\n)"},"type":"agent_rule","id":"tde-jer-yhn"},{"attributes":{"category":"File + Activity","name":"pam_modification_open","creator":{"handle":"","name":""},"description":"PAM + Configuration Files Modification","enabled":true,"defaultRule":true,"version":3,"updater":{"handle":"","name":""},"updateDate":1628512221276,"creationDate":1606142936138,"expression":"(\n open.flags + & (O_CREAT|O_TRUNC|O_RDWR|O_WRONLY) > 0 &&\n (open.file.path in [ ~\"/etc/pam.d/*\", + \"/etc/pam.conf\" ])\n)"},"type":"agent_rule","id":"jf7-qew-y3b"},{"attributes":{"category":"File + Activity","name":"pam_modification_unlink","creator":{"handle":"","name":""},"description":"PAM + Configuration Files Modification","enabled":true,"defaultRule":true,"version":3,"updater":{"handle":"","name":""},"updateDate":1628512221276,"creationDate":1606142936138,"expression":"(\n (unlink.file.path + in [ ~\"/etc/pam.d/*\", \"/etc/pam.conf\" ])\n)"},"type":"agent_rule","id":"lui-yf2-n6j"},{"attributes":{"category":"File + Activity","name":"pam_modification_utimes","creator":{"handle":"","name":""},"description":"PAM + Configuration Files Modification","enabled":true,"defaultRule":true,"version":3,"updater":{"handle":"","name":""},"updateDate":1628512221276,"creationDate":1606142936138,"expression":"(\n (utimes.file.path + in [ ~\"/etc/pam.d/*\", \"/etc/pam.conf\" ])\n)"},"type":"agent_rule","id":"ojv-smo-j6a"},{"attributes":{"category":"Process + Activity","name":"database_shell_execution","creator":{"handle":"","name":""},"description":"Database + spawned shell/utility","enabled":true,"defaultRule":true,"version":1,"updater":{"handle":"","name":""},"updateDate":1627913197093,"creationDate":1617722069155,"expression":"(exec.file.path + in [ \"/bin/dash\", \"/usr/bin/dash\",\n \"/bin/sh\", \"/bin/static-sh\", + \"/usr/bin/sh\",\n \"/usr/bin/bash\",\n \"/bin/bash-static\",\n \"/usr/bin/zsh\",\n \"/usr/bin/ash\",\n \"/usr/bin/csh\",\n \"/usr/bin/ksh\",\n \"/usr/bin/tcsh\",\n \"/usr/lib/initramfs-tools/bin/busybox\",\n \"/bin/busybox\",\n \"/usr/bin/fish\",\n \"/bin/ksh93\",\n \"/bin/rksh\", + \"/bin/rksh93\",\n \"/bin/lksh\",\n \"/bin/mksh\", \"/bin/mksh-static\",\n \"/usr/bin/csharp\",\n \"/bin/posh\",\n \"/usr/bin/rc\",\n \"/bin/sash\",\n \"/usr/bin/yash\",\n \"/bin/zsh5\", + \"/bin/zsh5-static\" ] ||\n exec.file.path in [\"/usr/bin/wget\", \"/usr/bin/curl\"] + ||\n exec.file.path in [\"/bin/cat\",\"/bin/chgrp\",\"/bin/chmod\",\"/bin/chown\",\"/bin/cp\",\"/bin/date\",\"/bin/dd\",\"/bin/df\",\"/bin/dir\",\"/bin/echo\",\"/bin/ln\",\"/bin/ls\",\"/bin/mkdir\",\"/bin/mknod\",\"/bin/mktemp\",\"/bin/mv\",\"/bin/pwd\",\"/bin/readlink\",\"/bin/rm\",\"/bin/rmdir\",\"/bin/sleep\",\"/bin/stty\",\"/bin/sync\",\"/bin/touch\",\"/bin/uname\",\"/bin/vdir\",\"/usr/bin/arch\",\"/usr/bin/b2sum\",\"/usr/bin/base32\",\"/usr/bin/base64\",\"/usr/bin/basename\",\"/usr/bin/chcon\",\"/usr/bin/cksum\",\"/usr/bin/comm\",\"/usr/bin/csplit\",\"/usr/bin/cut\",\"/usr/bin/dircolors\",\"/usr/bin/dirname\",\"/usr/bin/du\",\"/usr/bin/env\",\"/usr/bin/expand\",\"/usr/bin/expr\",\"/usr/bin/factor\",\"/usr/bin/fmt\",\"/usr/bin/fold\",\"/usr/bin/groups\",\"/usr/bin/head\",\"/usr/bin/hostid\",\"/usr/bin/id\",\"/usr/bin/install\",\"/usr/bin/join\",\"/usr/bin/link\",\"/usr/bin/logname\",\"/usr/bin/md5sum\",\"/usr/bin/md5sum.textutils\",\"/usr/bin/mkfifo\",\"/usr/bin/nice\",\"/usr/bin/nl\",\"/usr/bin/nohup\",\"/usr/bin/nproc\",\"/usr/bin/numfmt\",\"/usr/bin/od\",\"/usr/bin/paste\",\"/usr/bin/pathchk\",\"/usr/bin/pinky\",\"/usr/bin/pr\",\"/usr/bin/printenv\",\"/usr/bin/printf\",\"/usr/bin/ptx\",\"/usr/bin/realpath\",\"/usr/bin/runcon\",\"/usr/bin/seq\",\"/usr/bin/sha1sum\",\"/usr/bin/sha224sum\",\"/usr/bin/sha256sum\",\"/usr/bin/sha384sum\",\"/usr/bin/sha512sum\",\"/usr/bin/shred\",\"/usr/bin/shuf\",\"/usr/bin/sort\",\"/usr/bin/split\",\"/usr/bin/stat\",\"/usr/bin/stdbuf\",\"/usr/bin/sum\",\"/usr/bin/tac\",\"/usr/bin/tail\",\"/usr/bin/tee\",\"/usr/bin/test\",\"/usr/bin/timeout\",\"/usr/bin/tr\",\"/usr/bin/truncate\",\"/usr/bin/tsort\",\"/usr/bin/tty\",\"/usr/bin/unexpand\",\"/usr/bin/uniq\",\"/usr/bin/unlink\",\"/usr/bin/users\",\"/usr/bin/wc\",\"/usr/bin/who\",\"/usr/bin/whoami\",\"/usr/sbin/chroot\"]) + &&\nprocess.ancestors.file.name in [\"mysqld\", \"mongod\", \"postgres\"]"},"type":"agent_rule","id":"6hn-f7p-coa"},{"attributes":{"category":"Process + Activity","name":"passwd_execution","creator":{"handle":"","name":""},"description":"Passwd + utility executed","enabled":true,"defaultRule":true,"version":1,"updater":{"handle":"","name":""},"updateDate":1627913197013,"creationDate":1617722068383,"expression":"exec.file.path + == \"/usr/bin/passwd\""},"type":"agent_rule","id":"ia6-lvo-qmh"},{"attributes":{"category":"Process + Activity","name":"potential_web_shell","creator":{"handle":"","name":""},"description":"Webapp + process spawned shell/utility","enabled":true,"defaultRule":true,"version":1,"updater":{"handle":"","name":""},"updateDate":1627913196183,"creationDate":1617722070110,"expression":"(exec.file.path + in [ \"/bin/dash\", \"/usr/bin/dash\",\n \"/bin/sh\", \"/bin/static-sh\", + \"/usr/bin/sh\",\n \"/usr/bin/bash\",\n \"/bin/bash-static\",\n \"/usr/bin/zsh\",\n \"/usr/bin/ash\",\n \"/usr/bin/csh\",\n \"/usr/bin/ksh\",\n \"/usr/bin/tcsh\",\n \"/usr/lib/initramfs-tools/bin/busybox\",\n \"/bin/busybox\",\n \"/usr/bin/fish\",\n \"/bin/ksh93\",\n \"/bin/rksh\", + \"/bin/rksh93\",\n \"/bin/lksh\",\n \"/bin/mksh\", \"/bin/mksh-static\",\n \"/usr/bin/csharp\",\n \"/bin/posh\",\n \"/usr/bin/rc\",\n \"/bin/sash\",\n \"/usr/bin/yash\",\n \"/bin/zsh5\", + \"/bin/zsh5-static\" ] || exec.file.path in [\"/usr/bin/wget\", \"/usr/bin/curl\"] + || exec.file.path in [\"/bin/cat\",\"/bin/chgrp\",\"/bin/chmod\",\"/bin/chown\",\"/bin/cp\",\"/bin/date\",\"/bin/dd\",\"/bin/df\",\"/bin/dir\",\"/bin/echo\",\"/bin/ln\",\"/bin/ls\",\"/bin/mkdir\",\"/bin/mknod\",\"/bin/mktemp\",\"/bin/mv\",\"/bin/pwd\",\"/bin/readlink\",\"/bin/rm\",\"/bin/rmdir\",\"/bin/sleep\",\"/bin/stty\",\"/bin/sync\",\"/bin/touch\",\"/bin/uname\",\"/bin/vdir\",\"/usr/bin/arch\",\"/usr/bin/b2sum\",\"/usr/bin/base32\",\"/usr/bin/base64\",\"/usr/bin/basename\",\"/usr/bin/chcon\",\"/usr/bin/cksum\",\"/usr/bin/comm\",\"/usr/bin/csplit\",\"/usr/bin/cut\",\"/usr/bin/dircolors\",\"/usr/bin/dirname\",\"/usr/bin/du\",\"/usr/bin/env\",\"/usr/bin/expand\",\"/usr/bin/expr\",\"/usr/bin/factor\",\"/usr/bin/fmt\",\"/usr/bin/fold\",\"/usr/bin/groups\",\"/usr/bin/head\",\"/usr/bin/hostid\",\"/usr/bin/id\",\"/usr/bin/install\",\"/usr/bin/join\",\"/usr/bin/link\",\"/usr/bin/logname\",\"/usr/bin/md5sum\",\"/usr/bin/md5sum.textutils\",\"/usr/bin/mkfifo\",\"/usr/bin/nice\",\"/usr/bin/nl\",\"/usr/bin/nohup\",\"/usr/bin/nproc\",\"/usr/bin/numfmt\",\"/usr/bin/od\",\"/usr/bin/paste\",\"/usr/bin/pathchk\",\"/usr/bin/pinky\",\"/usr/bin/pr\",\"/usr/bin/printenv\",\"/usr/bin/printf\",\"/usr/bin/ptx\",\"/usr/bin/realpath\",\"/usr/bin/runcon\",\"/usr/bin/seq\",\"/usr/bin/sha1sum\",\"/usr/bin/sha224sum\",\"/usr/bin/sha256sum\",\"/usr/bin/sha384sum\",\"/usr/bin/sha512sum\",\"/usr/bin/shred\",\"/usr/bin/shuf\",\"/usr/bin/sort\",\"/usr/bin/split\",\"/usr/bin/stat\",\"/usr/bin/stdbuf\",\"/usr/bin/sum\",\"/usr/bin/tac\",\"/usr/bin/tail\",\"/usr/bin/tee\",\"/usr/bin/test\",\"/usr/bin/timeout\",\"/usr/bin/tr\",\"/usr/bin/truncate\",\"/usr/bin/tsort\",\"/usr/bin/tty\",\"/usr/bin/unexpand\",\"/usr/bin/uniq\",\"/usr/bin/unlink\",\"/usr/bin/users\",\"/usr/bin/wc\",\"/usr/bin/who\",\"/usr/bin/whoami\",\"/usr/sbin/chroot\"]) + &&\n(process.ancestors.file.name in [~\"python2*\", ~\"python3*\", \"node\", + \"apache2\", \"nginx\"] || process.ancestors.file.name =~ \"php*\") &&\nprocess.ancestors.comm + not in [\"pip3\", \"pip\", \"npm\"]"},"type":"agent_rule","id":"0qq-a9v-7vq"},{"attributes":{"category":"Process + Activity","name":"java_shell_execution","creator":{"handle":"","name":""},"description":"Java + process spawned shell/utility","enabled":true,"defaultRule":true,"version":1,"updater":{"handle":"","name":""},"updateDate":1627913196085,"creationDate":1617722069224,"expression":"(exec.file.path + in [ \"/bin/dash\", \"/usr/bin/dash\",\n \"/bin/sh\", \"/bin/static-sh\", + \"/usr/bin/sh\",\n \"/usr/bin/bash\",\n \"/bin/bash-static\",\n \"/usr/bin/zsh\",\n \"/usr/bin/ash\",\n \"/usr/bin/csh\",\n \"/usr/bin/ksh\",\n \"/usr/bin/tcsh\",\n \"/usr/lib/initramfs-tools/bin/busybox\",\n \"/bin/busybox\",\n \"/usr/bin/fish\",\n \"/bin/ksh93\",\n \"/bin/rksh\", + \"/bin/rksh93\",\n \"/bin/lksh\",\n \"/bin/mksh\", \"/bin/mksh-static\",\n \"/usr/bin/csharp\",\n \"/bin/posh\",\n \"/usr/bin/rc\",\n \"/bin/sash\",\n \"/usr/bin/yash\",\n \"/bin/zsh5\", + \"/bin/zsh5-static\" ] ||\n exec.file.path in [\"/usr/bin/wget\", \"/usr/bin/curl\"] + ||\n exec.file.path in [\"/bin/cat\",\"/bin/chgrp\",\"/bin/chmod\",\"/bin/chown\",\"/bin/cp\",\"/bin/date\",\"/bin/dd\",\"/bin/df\",\"/bin/dir\",\"/bin/echo\",\"/bin/ln\",\"/bin/ls\",\"/bin/mkdir\",\"/bin/mknod\",\"/bin/mktemp\",\"/bin/mv\",\"/bin/pwd\",\"/bin/readlink\",\"/bin/rm\",\"/bin/rmdir\",\"/bin/sleep\",\"/bin/stty\",\"/bin/sync\",\"/bin/touch\",\"/bin/uname\",\"/bin/vdir\",\"/usr/bin/arch\",\"/usr/bin/b2sum\",\"/usr/bin/base32\",\"/usr/bin/base64\",\"/usr/bin/basename\",\"/usr/bin/chcon\",\"/usr/bin/cksum\",\"/usr/bin/comm\",\"/usr/bin/csplit\",\"/usr/bin/cut\",\"/usr/bin/dircolors\",\"/usr/bin/dirname\",\"/usr/bin/du\",\"/usr/bin/env\",\"/usr/bin/expand\",\"/usr/bin/expr\",\"/usr/bin/factor\",\"/usr/bin/fmt\",\"/usr/bin/fold\",\"/usr/bin/groups\",\"/usr/bin/head\",\"/usr/bin/hostid\",\"/usr/bin/id\",\"/usr/bin/install\",\"/usr/bin/join\",\"/usr/bin/link\",\"/usr/bin/logname\",\"/usr/bin/md5sum\",\"/usr/bin/md5sum.textutils\",\"/usr/bin/mkfifo\",\"/usr/bin/nice\",\"/usr/bin/nl\",\"/usr/bin/nohup\",\"/usr/bin/nproc\",\"/usr/bin/numfmt\",\"/usr/bin/od\",\"/usr/bin/paste\",\"/usr/bin/pathchk\",\"/usr/bin/pinky\",\"/usr/bin/pr\",\"/usr/bin/printenv\",\"/usr/bin/printf\",\"/usr/bin/ptx\",\"/usr/bin/realpath\",\"/usr/bin/runcon\",\"/usr/bin/seq\",\"/usr/bin/sha1sum\",\"/usr/bin/sha224sum\",\"/usr/bin/sha256sum\",\"/usr/bin/sha384sum\",\"/usr/bin/sha512sum\",\"/usr/bin/shred\",\"/usr/bin/shuf\",\"/usr/bin/sort\",\"/usr/bin/split\",\"/usr/bin/stat\",\"/usr/bin/stdbuf\",\"/usr/bin/sum\",\"/usr/bin/tac\",\"/usr/bin/tail\",\"/usr/bin/tee\",\"/usr/bin/test\",\"/usr/bin/timeout\",\"/usr/bin/tr\",\"/usr/bin/truncate\",\"/usr/bin/tsort\",\"/usr/bin/tty\",\"/usr/bin/unexpand\",\"/usr/bin/uniq\",\"/usr/bin/unlink\",\"/usr/bin/users\",\"/usr/bin/wc\",\"/usr/bin/who\",\"/usr/bin/whoami\",\"/usr/sbin/chroot\"])\n&& + process.ancestors.file.name == \"java\""},"type":"agent_rule","id":"zeo-cer-a0u"},{"attributes":{"category":"Process + Activity","name":"common_net_intrusion_util","creator":{"handle":"","name":""},"description":"Nmap + Execution Detected","enabled":true,"defaultRule":true,"version":1,"updater":{"handle":"","name":""},"updateDate":1627913195813,"creationDate":1617722067554,"expression":"exec.file.path + == \"/usr/bin/nmap\""},"type":"agent_rule","id":"kc9-0bv-nsi"},{"attributes":{"category":"Process + Activity","name":"suspicious_container_client","creator":{"handle":"","name":""},"description":"Container + management utility in container","enabled":true,"defaultRule":true,"version":1,"updater":{"handle":"","name":""},"updateDate":1627913195713,"creationDate":1617722068555,"expression":"exec.file.path + in [\"/usr/bin/docker\", \"/usr/local/bin/docker\",\n \"/usr/bin/kubectl\", + \"/usr/local/bin/kubectl\"] && container.id != \"\""},"type":"agent_rule","id":"l6j-s0n-vqy"}]}' + status: + code: 200 + message: OK +- recorded_at: Tue, 11 Jan 2022 18:11:39 GMT + request: + body: null + headers: {} + method: DELETE + uri: https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/53f-w4l-u7y + response: + body: + encoding: UTF-8 + string: '' + status: + code: 204 + message: No Content +recorded_with: VCR 6.0.0 diff --git a/cassettes/features/v2/cloud_workload_security/Get-the-latest-Cloud-Workload-Security-policy-returns-OK-response.frozen b/cassettes/features/v2/cloud_workload_security/Get-the-latest-Cloud-Workload-Security-policy-returns-OK-response.frozen new file mode 100644 index 000000000000..c5059329adc1 --- /dev/null +++ b/cassettes/features/v2/cloud_workload_security/Get-the-latest-Cloud-Workload-Security-policy-returns-OK-response.frozen @@ -0,0 +1 @@ +2022-01-12T10:55:38.363Z \ No newline at end of file diff --git a/cassettes/features/v2/cloud_workload_security/Get-the-latest-Cloud-Workload-Security-policy-returns-OK-response.yml b/cassettes/features/v2/cloud_workload_security/Get-the-latest-Cloud-Workload-Security-policy-returns-OK-response.yml new file mode 100644 index 000000000000..24c9e5f1538f --- /dev/null +++ b/cassettes/features/v2/cloud_workload_security/Get-the-latest-Cloud-Workload-Security-policy-returns-OK-response.yml @@ -0,0 +1,617 @@ +http_interactions: +- recorded_at: Wed, 12 Jan 2022 10:55:38 GMT + request: + body: null + headers: + Content-Type: + - application/yaml + method: GET + uri: https://api.datadoghq.com/api/v2/security/cloud_workload/policy/download + response: + body: + encoding: UTF-8 + string: "# IMPORTANT: Edits to this file will not be reflected in the Datadog\ + \ App and will be overwritten with new policy file downloads. Please modify\ + \ rules in the Datadog App for full functionality.\nversion: '1641984938977'\n\ + rules:\n- id: Test_Create_a_detection_rule_with_type_workload_security_returns_OK_response_1640112926_kernel_module_unlink_2\n\ + \ version: ad34b541\n description: Test-Create_a_detection_rule_with_type_workload_security_returns_OK_response-1640112926\n\ + \ expression: (open.flags & ((O_CREAT|O_RDWR|O_WRONLY|O_TRUNC)) > 0)\n- id:\ + \ Test_Python_Create_a_detection_rule_with_type_workload_security_returns_OK_response_1638987059_kernel_module_unlink_2\n\ + \ version: ad34b541\n description: Test-Python-Create_a_detection_rule_with_type_workload_security_returns_OK_response-1638987059\n\ + \ expression: (open.flags & ((O_CREAT|O_RDWR|O_WRONLY|O_TRUNC)) > 0)\n- id:\ + \ Test_Typescript_Create_a_detection_rule_with_type_workload_security_returns_OK_response_1640111630_kernel_module_unlink_2\n\ + \ version: ad34b541\n description: Test-Typescript-Create_a_detection_rule_with_type_workload_security_returns_OK_response-1640111630\n\ + \ expression: (open.flags & ((O_CREAT|O_RDWR|O_WRONLY|O_TRUNC)) > 0)\n- id:\ + \ Test_Typescript_Create_a_detection_rule_with_type_workload_security_returns_OK_response_1640112776_kernel_module_unlink_2\n\ + \ version: ad34b541\n description: Test-Typescript-Create_a_detection_rule_with_type_workload_security_returns_OK_response-1640112776\n\ + \ expression: (open.flags & ((O_CREAT|O_RDWR|O_WRONLY|O_TRUNC)) > 0)\n- id:\ + \ apparmor_modified_tty\n version: a7f3b5c2\n description: AppArmor Profile\ + \ Modified\n expression: exec.file.name in [\"aa-disable\", \"aa-complain\"\ + , \"aa-audit\"] && exec.tty_name\n !=\"\"\n- id: aws_metadata_service\n\ + \ version: 4601e52e\n description: EC2 Instance Metadata Service Accessed\ + \ via Network Utility\n expression: exec.file.path in [\"/usr/bin/wget\"\ + , \"/usr/bin/curl\"] && exec.args in\n [~\"*169.254.169.254*\"]\n- id:\ + \ common_net_intrusion_util\n version: c7198131\n description: Nmap Execution\ + \ Detected\n expression: exec.file.path == \"/usr/bin/nmap\"\n- id: compiler_in_container\n\ + \ version: 441a7e85\n description: Compiler Executed in Container\n expression:\ + \ (exec.file.name in [\"javac\", \"clang\", \"gcc\",\"bcc\"] || (exec.file.name\n\ + \ == \"go\" && exec.args in [~\"*build*\", ~\"*run*\"])) && container.id\ + \ !=\"\" && process.ancestors.file.path\n != \"/usr/bin/cilium-agent\"\n\ + - id: credential_modified_chmod\n version: 7e14d921\n description: Either\ + \ /etc/shadow/ or /etc/gshadow was modified by a non-standard\n tool\n\ + \ expression: \"(\\n (chmod.file.path in [ \\\"/etc/shadow\\\", \\\"/etc/gshadow\\\ + \" ])\\n\\\n \\ && process.file.path not in [ \\\"/sbin/vipw\\\", \\\ + \"/usr/sbin/vipw\\\", \\\"/sbin/vigr\\\"\\\n , \\\"/usr/sbin/vigr\\\" ]\\\ + n && process.ancestors.file.path not in [\\\"/usr/bin/apt\\\"\\\n ,\ + \ \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\", \\\"/usr/bin/dpkg\\\ + \", \\\"/usr/bin/aptitude-curses\\\"\\\n , \\\"/usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\ + \"]\\n) && chmod.mode != chmod.file.mode\"\n- id: credential_modified_chown\n\ + \ version: 3731e0d5\n description: Either /etc/shadow/ or /etc/gshadow was\ + \ modified by a non-standard\n tool\n expression: \"(\\n (chown.file.path\ + \ in [ \\\"/etc/shadow\\\", \\\"/etc/gshadow\\\" ])\\n\\\n \\ && process.file.path\ + \ not in [ \\\"/sbin/vipw\\\", \\\"/usr/sbin/vipw\\\", \\\"/sbin/vigr\\\"\\\ + \n , \\\"/usr/sbin/vigr\\\" ]\\n && process.ancestors.file.path not\ + \ in [\\\"/usr/bin/apt\\\"\\\n , \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\ + \", \\\"/usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\"\\\n , \\\"\ + /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\"]\\n) && (chown.uid !=\ + \ chown.file.uid\\\n \\ || chown.gid != chown.file.gid)\"\n- id: credential_modified_link\n\ + \ version: 7594ec54\n description: Either /etc/shadow/ or /etc/gshadow was\ + \ modified by a non-standard\n tool\n expression: \"(\\n (link.file.path\ + \ in [ \\\"/etc/shadow\\\", \\\"/etc/gshadow\\\" ]\\n \\\n \\ || link.file.destination.path\ + \ in [ \\\"/etc/shadow\\\", \\\"/etc/gshadow\\\" ])\\n\\\n \\ && process.file.path\ + \ not in [ \\\"/sbin/vipw\\\", \\\"/usr/sbin/vipw\\\", \\\"/sbin/vigr\\\"\\\ + \n , \\\"/usr/sbin/vigr\\\" ]\\n && process.ancestors.file.path not\ + \ in [\\\"/usr/bin/apt\\\"\\\n , \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\ + \", \\\"/usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\"\\\n , \\\"\ + /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\"]\\n)\"\n- id: credential_modified_open\n\ + \ version: 2d65e37f\n description: Either /etc/shadow/ or /etc/gshadow was\ + \ modified by a non-standard\n tool\n expression: \"(\\n open.flags\ + \ & ((O_CREAT|O_RDWR|O_WRONLY|O_TRUNC)) > 0 &&\\n \\\n \\ (open.file.path\ + \ in [ \\\"/etc/shadow\\\", \\\"/etc/gshadow\\\" ])\\n && process.file.path\\\ + \n \\ not in [ \\\"/sbin/vipw\\\", \\\"/usr/sbin/vipw\\\", \\\"/sbin/vigr\\\ + \", \\\"/usr/sbin/vigr\\\"\\\n \\ ]\\n && process.ancestors.file.path\ + \ not in [\\\"/usr/bin/apt\\\", \\\"/usr/bin/apt-get\\\"\\\n , \\\"/usr/bin/apt-config\\\ + \", \\\"/usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\", \\\"\\\n /usr/bin/rpm\\\ + \", \\\"/usr/bin/unattended-upgrade\\\"]\\n)\"\n- id: credential_modified_rename\n\ + \ version: 8bb8242b\n description: Either /etc/shadow/ or /etc/gshadow was\ + \ modified by a non-standard\n tool\n expression: \"(\\n (rename.file.path\ + \ in [ \\\"/etc/shadow\\\", \\\"/etc/gshadow\\\" ]\\n\\\n \\ || rename.file.destination.path\ + \ in [ \\\"/etc/shadow\\\", \\\"/etc/gshadow\\\" ])\\n\\\n \\ && process.file.path\ + \ not in [ \\\"/sbin/vipw\\\", \\\"/usr/sbin/vipw\\\", \\\"/sbin/vigr\\\"\\\ + \n , \\\"/usr/sbin/vigr\\\" ]\\n && process.ancestors.file.path not\ + \ in [\\\"/usr/bin/apt\\\"\\\n , \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\ + \", \\\"/usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\"\\\n , \\\"\ + /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\"]\\n)\"\n- id: credential_modified_unlink\n\ + \ version: 5af577d\n description: Either /etc/shadow/ or /etc/gshadow was\ + \ modified by a non-standard\n tool\n expression: \"(\\n (unlink.file.path\ + \ in [ \\\"/etc/shadow\\\", \\\"/etc/gshadow\\\" ])\\n\\\n \\ && process.file.path\ + \ not in [ \\\"/sbin/vipw\\\", \\\"/usr/sbin/vipw\\\", \\\"/sbin/vigr\\\"\\\ + \n , \\\"/usr/sbin/vigr\\\" ]\\n && process.ancestors.file.path not\ + \ in [\\\"/usr/bin/apt\\\"\\\n , \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\ + \", \\\"/usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\"\\\n , \\\"\ + /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\"]\\n)\"\n- id: credential_modified_utimes\n\ + \ version: 1c101338\n description: Either /etc/shadow/ or /etc/gshadow was\ + \ modified by a non-standard\n tool\n expression: \"(\\n (utimes.file.path\ + \ in [ \\\"/etc/shadow\\\", \\\"/etc/gshadow\\\" ])\\n\\\n \\ && process.file.path\ + \ not in [ \\\"/sbin/vipw\\\", \\\"/usr/sbin/vipw\\\", \\\"/sbin/vigr\\\"\\\ + \n , \\\"/usr/sbin/vigr\\\" ]\\n && process.ancestors.file.path not\ + \ in [\\\"/usr/bin/apt\\\"\\\n , \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\ + \", \\\"/usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\"\\\n , \\\"\ + /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\"]\\n)\"\n- id: cron_at_job_creation_chmod\n\ + \ version: 13512ebc\n description: Cron AT Job Creation\n expression: \"\ + (\\n (chmod.file.path in [ ~\\\"/var/spool/cron/*\\\" ])\\n && process.file.path\\\ + \n \\ not in [ \\\"/usr/bin/at\\\", \\\"/usr/bin/crontab\\\" ]\\n) && chmod.mode\ + \ != chmod.file.mode\"\n- id: cron_at_job_creation_chown\n version: ee7b306c\n\ + \ description: Cron AT Job Creation\n expression: \"(\\n (chown.file.path\ + \ in [ ~\\\"/var/spool/cron/*\\\" ])\\n && process.file.path\\\n \\\ + \ not in [ \\\"/usr/bin/at\\\", \\\"/usr/bin/crontab\\\" ]\\n) && (chown.uid\ + \ != chown.file.uid\\\n \\ || chown.gid != chown.file.gid)\"\n- id: cron_at_job_creation_link\n\ + \ version: b83e03f6\n description: Cron AT Job Creation\n expression: \"\ + (\\n (link.file.path in [ ~\\\"/var/spool/cron/*\\\" ]\\n || link.file.destination.path\\\ + \n \\ in [ ~\\\"/var/spool/cron/*\\\" ])\\n && process.file.path not\ + \ in [ \\\"/usr/bin/at\\\"\\\n , \\\"/usr/bin/crontab\\\" ]\\n)\"\n- id:\ + \ cron_at_job_creation_open\n version: 561ad06\n description: Cron AT Job\ + \ Creation\n expression: \"(\\n open.flags & (O_CREAT|O_RDWR|O_WRONLY)\ + \ > 0 &&\\n (open.file.path\\\n \\ in [ ~\\\"/var/spool/cron/*\\\" ])\\\ + n && process.file.path not in [ \\\"/usr/bin/at\\\"\\\n , \\\"/usr/bin/crontab\\\ + \" ]\\n)\"\n- id: cron_at_job_creation_rename\n version: 59b739d8\n description:\ + \ Cron AT Job Creation\n expression: \"(\\n (rename.file.path in [ ~\\\ + \"/var/spool/cron/*\\\" ]\\n || rename.file.destination.path\\\n \\\ + \ in [ ~\\\"/var/spool/cron/*\\\" ])\\n && process.file.path not in [ \\\ + \"/usr/bin/at\\\"\\\n , \\\"/usr/bin/crontab\\\" ]\\n)\"\n- id: cron_at_job_creation_unlink\n\ + \ version: 82b6d187\n description: Cron AT Job Creation\n expression: \"\ + (\\n (unlink.file.path in [ ~\\\"/var/spool/cron/*\\\" ])\\n && process.file.path\\\ + \n \\ not in [ \\\"/usr/bin/at\\\", \\\"/usr/bin/crontab\\\" ]\\n)\"\n\ + - id: cron_at_job_creation_utimes\n version: d460ba68\n description: Cron\ + \ AT Job Creation\n expression: \"(\\n (utimes.file.path in [ ~\\\"/var/spool/cron/*\\\ + \" ])\\n && process.file.path\\\n \\ not in [ \\\"/usr/bin/at\\\", \\\ + \"/usr/bin/crontab\\\" ]\\n)\"\n- id: database_shell_execution\n version:\ + \ 3508c713\n description: Database spawned shell/utility\n expression: \"\ + (exec.file.path in [ \\\"/bin/dash\\\", \\\"/usr/bin/dash\\\",\\n \\\"/bin/sh\\\ + \"\\\n , \\\"/bin/static-sh\\\", \\\"/usr/bin/sh\\\",\\n \\\"/usr/bin/bash\\\ + \",\\n \\\"/bin/bash-static\\\"\\\n ,\\n \\\"/usr/bin/zsh\\\",\\n \\\ + \"/usr/bin/ash\\\",\\n \\\"/usr/bin/csh\\\",\\n \\\"/usr/bin/ksh\\\"\\\n\ + \ ,\\n \\\"/usr/bin/tcsh\\\",\\n \\\"/usr/lib/initramfs-tools/bin/busybox\\\ + \",\\n \\\"/bin/busybox\\\"\\\n ,\\n \\\"/usr/bin/fish\\\",\\n \\\"\ + /bin/ksh93\\\",\\n \\\"/bin/rksh\\\", \\\"/bin/rksh93\\\",\\n\\\n \\ \ + \ \\\"/bin/lksh\\\",\\n \\\"/bin/mksh\\\", \\\"/bin/mksh-static\\\",\\n \ + \ \\\"/usr/bin/csharp\\\"\\\n ,\\n \\\"/bin/posh\\\",\\n \\\"/usr/bin/rc\\\ + \",\\n \\\"/bin/sash\\\",\\n \\\"/usr/bin/yash\\\"\\\n ,\\n \\\"/bin/zsh5\\\ + \", \\\"/bin/zsh5-static\\\" ] ||\\n exec.file.path in [\\\"/usr/bin/wget\\\ + \"\\\n , \\\"/usr/bin/curl\\\"] ||\\n exec.file.path in [\\\"/bin/cat\\\ + \",\\\"/bin/chgrp\\\",\\\"/bin/chmod\\\"\\\n ,\\\"/bin/chown\\\",\\\"/bin/cp\\\ + \",\\\"/bin/date\\\",\\\"/bin/dd\\\",\\\"/bin/df\\\",\\\"/bin/dir\\\"\\\n\ + \ ,\\\"/bin/echo\\\",\\\"/bin/ln\\\",\\\"/bin/ls\\\",\\\"/bin/mkdir\\\"\ + ,\\\"/bin/mknod\\\",\\\"/bin/mktemp\\\"\\\n ,\\\"/bin/mv\\\",\\\"/bin/pwd\\\ + \",\\\"/bin/readlink\\\",\\\"/bin/rm\\\",\\\"/bin/rmdir\\\",\\\"/bin/sleep\\\ + \"\\\n ,\\\"/bin/stty\\\",\\\"/bin/sync\\\",\\\"/bin/touch\\\",\\\"/bin/uname\\\ + \",\\\"/bin/vdir\\\",\\\"/usr/bin/arch\\\"\\\n ,\\\"/usr/bin/b2sum\\\"\ + ,\\\"/usr/bin/base32\\\",\\\"/usr/bin/base64\\\",\\\"/usr/bin/basename\\\"\ + \\\n ,\\\"/usr/bin/chcon\\\",\\\"/usr/bin/cksum\\\",\\\"/usr/bin/comm\\\ + \",\\\"/usr/bin/csplit\\\",\\\"\\\n /usr/bin/cut\\\",\\\"/usr/bin/dircolors\\\ + \",\\\"/usr/bin/dirname\\\",\\\"/usr/bin/du\\\",\\\"\\\n /usr/bin/env\\\ + \",\\\"/usr/bin/expand\\\",\\\"/usr/bin/expr\\\",\\\"/usr/bin/factor\\\",\\\ + \"/usr/bin/fmt\\\"\\\n ,\\\"/usr/bin/fold\\\",\\\"/usr/bin/groups\\\",\\\ + \"/usr/bin/head\\\",\\\"/usr/bin/hostid\\\",\\\"\\\n /usr/bin/id\\\",\\\ + \"/usr/bin/install\\\",\\\"/usr/bin/join\\\",\\\"/usr/bin/link\\\",\\\"/usr/bin/logname\\\ + \"\\\n ,\\\"/usr/bin/md5sum\\\",\\\"/usr/bin/md5sum.textutils\\\",\\\"\ + /usr/bin/mkfifo\\\",\\\"/usr/bin/nice\\\"\\\n ,\\\"/usr/bin/nl\\\",\\\"\ + /usr/bin/nohup\\\",\\\"/usr/bin/nproc\\\",\\\"/usr/bin/numfmt\\\",\\\"\\\n\ + \ /usr/bin/od\\\",\\\"/usr/bin/paste\\\",\\\"/usr/bin/pathchk\\\",\\\"\ + /usr/bin/pinky\\\",\\\"/usr/bin/pr\\\"\\\n ,\\\"/usr/bin/printenv\\\",\\\ + \"/usr/bin/printf\\\",\\\"/usr/bin/ptx\\\",\\\"/usr/bin/realpath\\\"\\\n \ + \ ,\\\"/usr/bin/runcon\\\",\\\"/usr/bin/seq\\\",\\\"/usr/bin/sha1sum\\\"\ + ,\\\"/usr/bin/sha224sum\\\"\\\n ,\\\"/usr/bin/sha256sum\\\",\\\"/usr/bin/sha384sum\\\ + \",\\\"/usr/bin/sha512sum\\\",\\\"/usr/bin/shred\\\"\\\n ,\\\"/usr/bin/shuf\\\ + \",\\\"/usr/bin/sort\\\",\\\"/usr/bin/split\\\",\\\"/usr/bin/stat\\\",\\\"\ + /usr/bin/stdbuf\\\"\\\n ,\\\"/usr/bin/sum\\\",\\\"/usr/bin/tac\\\",\\\"\ + /usr/bin/tail\\\",\\\"/usr/bin/tee\\\",\\\"/usr/bin/test\\\"\\\n ,\\\"\ + /usr/bin/timeout\\\",\\\"/usr/bin/tr\\\",\\\"/usr/bin/truncate\\\",\\\"/usr/bin/tsort\\\ + \"\\\n ,\\\"/usr/bin/tty\\\",\\\"/usr/bin/unexpand\\\",\\\"/usr/bin/uniq\\\ + \",\\\"/usr/bin/unlink\\\"\\\n ,\\\"/usr/bin/users\\\",\\\"/usr/bin/wc\\\ + \",\\\"/usr/bin/who\\\",\\\"/usr/bin/whoami\\\",\\\"/usr/sbin/chroot\\\"\\\ + \n ]) &&\\nprocess.ancestors.file.name in [\\\"mysqld\\\", \\\"mongod\\\ + \", \\\"postgres\\\"]\"\n- id: java_shell_execution\n version: 24c2eb7c\n\ + \ description: Java process spawned shell/utility\n expression: \"(exec.file.path\ + \ in [ \\\"/bin/dash\\\", \\\"/usr/bin/dash\\\",\\n \\\"/bin/sh\\\"\\\n \ + \ , \\\"/bin/static-sh\\\", \\\"/usr/bin/sh\\\",\\n \\\"/usr/bin/bash\\\ + \",\\n \\\"/bin/bash-static\\\"\\\n ,\\n \\\"/usr/bin/zsh\\\",\\n \\\ + \"/usr/bin/ash\\\",\\n \\\"/usr/bin/csh\\\",\\n \\\"/usr/bin/ksh\\\"\\\n\ + \ ,\\n \\\"/usr/bin/tcsh\\\",\\n \\\"/usr/lib/initramfs-tools/bin/busybox\\\ + \",\\n \\\"/bin/busybox\\\"\\\n ,\\n \\\"/usr/bin/fish\\\",\\n \\\"\ + /bin/ksh93\\\",\\n \\\"/bin/rksh\\\", \\\"/bin/rksh93\\\",\\n\\\n \\ \ + \ \\\"/bin/lksh\\\",\\n \\\"/bin/mksh\\\", \\\"/bin/mksh-static\\\",\\n \ + \ \\\"/usr/bin/csharp\\\"\\\n ,\\n \\\"/bin/posh\\\",\\n \\\"/usr/bin/rc\\\ + \",\\n \\\"/bin/sash\\\",\\n \\\"/usr/bin/yash\\\"\\\n ,\\n \\\"/bin/zsh5\\\ + \", \\\"/bin/zsh5-static\\\" ] ||\\n exec.file.path in [\\\"/usr/bin/wget\\\ + \"\\\n , \\\"/usr/bin/curl\\\"] ||\\n exec.file.path in [\\\"/bin/cat\\\ + \",\\\"/bin/chgrp\\\",\\\"/bin/chmod\\\"\\\n ,\\\"/bin/chown\\\",\\\"/bin/cp\\\ + \",\\\"/bin/date\\\",\\\"/bin/dd\\\",\\\"/bin/df\\\",\\\"/bin/dir\\\"\\\n\ + \ ,\\\"/bin/echo\\\",\\\"/bin/ln\\\",\\\"/bin/ls\\\",\\\"/bin/mkdir\\\"\ + ,\\\"/bin/mknod\\\",\\\"/bin/mktemp\\\"\\\n ,\\\"/bin/mv\\\",\\\"/bin/pwd\\\ + \",\\\"/bin/readlink\\\",\\\"/bin/rm\\\",\\\"/bin/rmdir\\\",\\\"/bin/sleep\\\ + \"\\\n ,\\\"/bin/stty\\\",\\\"/bin/sync\\\",\\\"/bin/touch\\\",\\\"/bin/uname\\\ + \",\\\"/bin/vdir\\\",\\\"/usr/bin/arch\\\"\\\n ,\\\"/usr/bin/b2sum\\\"\ + ,\\\"/usr/bin/base32\\\",\\\"/usr/bin/base64\\\",\\\"/usr/bin/basename\\\"\ + \\\n ,\\\"/usr/bin/chcon\\\",\\\"/usr/bin/cksum\\\",\\\"/usr/bin/comm\\\ + \",\\\"/usr/bin/csplit\\\",\\\"\\\n /usr/bin/cut\\\",\\\"/usr/bin/dircolors\\\ + \",\\\"/usr/bin/dirname\\\",\\\"/usr/bin/du\\\",\\\"\\\n /usr/bin/env\\\ + \",\\\"/usr/bin/expand\\\",\\\"/usr/bin/expr\\\",\\\"/usr/bin/factor\\\",\\\ + \"/usr/bin/fmt\\\"\\\n ,\\\"/usr/bin/fold\\\",\\\"/usr/bin/groups\\\",\\\ + \"/usr/bin/head\\\",\\\"/usr/bin/hostid\\\",\\\"\\\n /usr/bin/id\\\",\\\ + \"/usr/bin/install\\\",\\\"/usr/bin/join\\\",\\\"/usr/bin/link\\\",\\\"/usr/bin/logname\\\ + \"\\\n ,\\\"/usr/bin/md5sum\\\",\\\"/usr/bin/md5sum.textutils\\\",\\\"\ + /usr/bin/mkfifo\\\",\\\"/usr/bin/nice\\\"\\\n ,\\\"/usr/bin/nl\\\",\\\"\ + /usr/bin/nohup\\\",\\\"/usr/bin/nproc\\\",\\\"/usr/bin/numfmt\\\",\\\"\\\n\ + \ /usr/bin/od\\\",\\\"/usr/bin/paste\\\",\\\"/usr/bin/pathchk\\\",\\\"\ + /usr/bin/pinky\\\",\\\"/usr/bin/pr\\\"\\\n ,\\\"/usr/bin/printenv\\\",\\\ + \"/usr/bin/printf\\\",\\\"/usr/bin/ptx\\\",\\\"/usr/bin/realpath\\\"\\\n \ + \ ,\\\"/usr/bin/runcon\\\",\\\"/usr/bin/seq\\\",\\\"/usr/bin/sha1sum\\\"\ + ,\\\"/usr/bin/sha224sum\\\"\\\n ,\\\"/usr/bin/sha256sum\\\",\\\"/usr/bin/sha384sum\\\ + \",\\\"/usr/bin/sha512sum\\\",\\\"/usr/bin/shred\\\"\\\n ,\\\"/usr/bin/shuf\\\ + \",\\\"/usr/bin/sort\\\",\\\"/usr/bin/split\\\",\\\"/usr/bin/stat\\\",\\\"\ + /usr/bin/stdbuf\\\"\\\n ,\\\"/usr/bin/sum\\\",\\\"/usr/bin/tac\\\",\\\"\ + /usr/bin/tail\\\",\\\"/usr/bin/tee\\\",\\\"/usr/bin/test\\\"\\\n ,\\\"\ + /usr/bin/timeout\\\",\\\"/usr/bin/tr\\\",\\\"/usr/bin/truncate\\\",\\\"/usr/bin/tsort\\\ + \"\\\n ,\\\"/usr/bin/tty\\\",\\\"/usr/bin/unexpand\\\",\\\"/usr/bin/uniq\\\ + \",\\\"/usr/bin/unlink\\\"\\\n ,\\\"/usr/bin/users\\\",\\\"/usr/bin/wc\\\ + \",\\\"/usr/bin/who\\\",\\\"/usr/bin/whoami\\\",\\\"/usr/sbin/chroot\\\"\\\ + \n ])\\n&& process.ancestors.file.name == \\\"java\\\"\"\n- id: kernel_module_chmod\n\ + \ version: 82c61c82\n description: A kernel module was added to /lib/modules/\n\ + \ expression: \"(\\n (chmod.file.path in [ ~\\\"/lib/modules/*\\\", ~\\\ + \"/usr/lib/modules/*\\\"\\\n \\ ])\\n && process.file.path not in [\\\ + \"/usr/bin/apt\\\", \\\"/usr/bin/apt-get\\\"\\\n , \\\"/usr/bin/apt-config\\\ + \", \\\"/usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\", \\\"\\\n /usr/bin/rpm\\\ + \", \\\"/usr/bin/unattended-upgrade\\\"]\\n && process.ancestors.file.path\\\ + \n \\ not in [\\\"/usr/bin/apt\\\", \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\ + \", \\\"\\\n /usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\", \\\"\ + /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\"\\\n ] && process.ancestors.file.path\ + \ != \\\"/usr/bin/kmod\\\"\\n) && chmod.mode != chmod.file.mode\"\n- id: kernel_module_chown\n\ + \ version: ca2cf124\n description: A kernel module was added to /lib/modules/\n\ + \ expression: \"(\\n (chown.file.path in [ ~\\\"/lib/modules/*\\\", ~\\\ + \"/usr/lib/modules/*\\\"\\\n \\ ])\\n && process.file.path not in [\\\ + \"/usr/bin/apt\\\", \\\"/usr/bin/apt-get\\\"\\\n , \\\"/usr/bin/apt-config\\\ + \", \\\"/usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\", \\\"\\\n /usr/bin/rpm\\\ + \", \\\"/usr/bin/unattended-upgrade\\\"]\\n && process.ancestors.file.path\\\ + \n \\ not in [\\\"/usr/bin/apt\\\", \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\ + \", \\\"\\\n /usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\", \\\"\ + /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\"\\\n ] && process.ancestors.file.path\ + \ != \\\"/usr/bin/kmod\\\"\\n) && (chown.uid != chown.file.uid\\\n \\ ||\ + \ chown.gid != chown.file.gid)\"\n- id: kernel_module_link\n version: a18ca197\n\ + \ description: A kernel module was added to /lib/modules/\n expression:\ + \ \"(\\n (link.file.path in [ ~\\\"/lib/modules/*\\\", ~\\\"/usr/lib/modules/*\\\ + \"\\\n \\ ]\\n || link.file.destination.path in [ ~\\\"/lib/modules/*\\\ + \", ~\\\"/usr/lib/modules/*\\\"\\\n \\ ])\\n && process.file.path not\ + \ in [\\\"/usr/bin/apt\\\", \\\"/usr/bin/apt-get\\\"\\\n , \\\"/usr/bin/apt-config\\\ + \", \\\"/usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\", \\\"\\\n /usr/bin/rpm\\\ + \", \\\"/usr/bin/unattended-upgrade\\\"]\\n && process.ancestors.file.path\\\ + \n \\ not in [\\\"/usr/bin/apt\\\", \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\ + \", \\\"\\\n /usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\", \\\"\ + /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\"\\\n ] && process.ancestors.file.path\ + \ != \\\"/usr/bin/kmod\\\"\\n)\"\n- id: kernel_module_open\n version: 55f9569\n\ + \ description: A kernel module was added to /lib/modules/\n expression:\ + \ \"(\\n open.flags & (O_CREAT|O_TRUNC|O_RDWR|O_WRONLY) > 0 &&\\n (open.file.path\\\ + \n \\ in [ ~\\\"/lib/modules/*\\\", ~\\\"/usr/lib/modules/*\\\" ])\\n \ + \ && process.file.path\\\n \\ not in [\\\"/usr/bin/apt\\\", \\\"/usr/bin/apt-get\\\ + \", \\\"/usr/bin/apt-config\\\", \\\"\\\n /usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\ + \", \\\"/usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\"\\\n ]\\n\ + \ && process.ancestors.file.path not in [\\\"/usr/bin/apt\\\", \\\"/usr/bin/apt-get\\\ + \"\\\n , \\\"/usr/bin/apt-config\\\", \\\"/usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\ + \", \\\"\\\n /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\"] &&\ + \ process.ancestors.file.path\\\n \\ != \\\"/usr/bin/kmod\\\"\\n)\"\n-\ + \ id: kernel_module_rename\n version: 9d8cb7d8\n description: A kernel module\ + \ was added to /lib/modules/\n expression: \"(\\n (rename.file.path in\ + \ [ ~\\\"/lib/modules/*\\\", ~\\\"/usr/lib/modules/*\\\"\\\n \\ ]\\n \ + \ || rename.file.destination.path in [ ~\\\"/lib/modules/*\\\", ~\\\"/usr/lib/modules/*\\\ + \"\\\n \\ ])\\n && process.file.path not in [\\\"/usr/bin/apt\\\", \\\ + \"/usr/bin/apt-get\\\"\\\n , \\\"/usr/bin/apt-config\\\", \\\"/usr/bin/dpkg\\\ + \", \\\"/usr/bin/aptitude-curses\\\", \\\"\\\n /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\ + \"]\\n && process.ancestors.file.path\\\n \\ not in [\\\"/usr/bin/apt\\\ + \", \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\", \\\"\\\n /usr/bin/dpkg\\\ + \", \\\"/usr/bin/aptitude-curses\\\", \\\"/usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\ + \"\\\n ] && process.ancestors.file.path != \\\"/usr/bin/kmod\\\"\\n)\"\n\ + - id: kernel_module_unlink\n version: 652391be\n description: A kernel module\ + \ was added to /lib/modules/\n expression: \"(\\n (unlink.file.path in\ + \ [ ~\\\"/lib/modules/*\\\", ~\\\"/usr/lib/modules/*\\\"\\\n \\ ])\\n \ + \ && process.file.path not in [\\\"/usr/bin/apt\\\", \\\"/usr/bin/apt-get\\\ + \"\\\n , \\\"/usr/bin/apt-config\\\", \\\"/usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\ + \", \\\"\\\n /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\"]\\n\ + \ && process.ancestors.file.path\\\n \\ not in [\\\"/usr/bin/apt\\\"\ + , \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\", \\\"\\\n /usr/bin/dpkg\\\ + \", \\\"/usr/bin/aptitude-curses\\\", \\\"/usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\ + \"\\\n ] && process.ancestors.file.path != \\\"/usr/bin/kmod\\\"\\n)\"\n\ + - id: kernel_module_utimes\n version: 405d45e7\n description: A kernel module\ + \ was added to /lib/modules/\n expression: \"(\\n (utimes.file.path in\ + \ [ ~\\\"/lib/modules/*\\\", ~\\\"/usr/lib/modules/*\\\"\\\n \\ ])\\n \ + \ && process.file.path not in [\\\"/usr/bin/apt\\\", \\\"/usr/bin/apt-get\\\ + \"\\\n , \\\"/usr/bin/apt-config\\\", \\\"/usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\ + \", \\\"\\\n /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\"]\\n\ + \ && process.ancestors.file.path\\\n \\ not in [\\\"/usr/bin/apt\\\"\ + , \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\", \\\"\\\n /usr/bin/dpkg\\\ + \", \\\"/usr/bin/aptitude-curses\\\", \\\"/usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\ + \"\\\n ] && process.ancestors.file.path != \\\"/usr/bin/kmod\\\"\\n)\"\n\ + - id: net_util\n version: c3f2117b\n description: Network utility executed\n\ + \ expression: \"(exec.file.path in [\\\"/usr/bin/socat\\\", \\\"/usr/bin/dig\\\ + \", \\\"/usr/bin/nslookup\\\"\\\n , \\\"/usr/bin/netcat\\\", \\\"/usr/bin/nc\\\ + \"] ||\\n exec.file.path in [\\\"/usr/bin/wget\\\"\\\n , \\\"/usr/bin/curl\\\ + \"]) &&\\ncontainer.id == \\\"\\\" && (exec.args not in [ ~\\\"*localhost*\\\ + \"\\\n , ~\\\"*127.0.0.1*\\\", ~\\\"*motd.ubuntu.com*\\\" ] || process.ancestors.comm\ + \ != \\\"50-motd-news\\\"\\\n )\"\n- id: net_util_in_container\n version:\ + \ 69e03ac1\n description: Network utility executed in container\n expression:\ + \ \"(exec.file.path in [\\\"/usr/bin/socat\\\", \\\"/usr/bin/dig\\\", \\\"\ + /usr/bin/nslookup\\\"\\\n , \\\"/usr/bin/netcat\\\", \\\"/usr/bin/nc\\\"\ + ] ||\\n exec.file.path in [\\\"/usr/bin/wget\\\"\\\n , \\\"/usr/bin/curl\\\ + \"]) &&\\ncontainer.id != \\\"\\\" && (exec.args not in [ ~\\\"*localhost*\\\ + \"\\\n , ~\\\"*127.0.0.1*\\\", ~\\\"*motd.ubuntu.com*\\\" ] || process.ancestors.comm\ + \ != \\\"50-motd-news\\\"\\\n )\"\n- id: nsswitch_conf_mod_chmod\n version:\ + \ d301aedf\n description: Nsswitch Configuration Modified\n expression:\ + \ \"(\\n (chmod.file.path in [ \\\"/etc/nsswitch.conf\\\" ])\\n) && chmod.mode\\\ + \n \\ != chmod.file.mode\"\n- id: nsswitch_conf_mod_chown\n version: '69383592'\n\ + \ description: Nsswitch Configuration Modified\n expression: \"(\\n (chown.file.path\ + \ in [ \\\"/etc/nsswitch.conf\\\" ])\\n) && (chown.uid\\\n \\ != chown.file.uid\ + \ || chown.gid != chown.file.gid)\"\n- id: nsswitch_conf_mod_link\n version:\ + \ e0565b29\n description: Nsswitch Configuration Modified\n expression:\ + \ \"(\\n (link.file.path in [ \\\"/etc/nsswitch.conf\\\" ]\\n || link.file.destination.path\\\ + \n \\ in [ \\\"/etc/nsswitch.conf\\\" ])\\n)\"\n- id: nsswitch_conf_mod_open\n\ + \ version: b5602c6f\n description: Nsswitch Configuration Modified\n expression:\ + \ \"(\\n open.flags & ((O_RDWR|O_WRONLY|O_CREAT)) > 0 &&\\n (open.file.path\\\ + \n \\ in [ \\\"/etc/nsswitch.conf\\\" ])\\n)\"\n- id: nsswitch_conf_mod_rename\n\ + \ version: aad34176\n description: Nsswitch Configuration Modified\n expression:\ + \ \"(\\n (rename.file.path in [ \\\"/etc/nsswitch.conf\\\" ]\\n || rename.file.destination.path\\\ + \n \\ in [ \\\"/etc/nsswitch.conf\\\" ])\\n)\"\n- id: nsswitch_conf_mod_unlink\n\ + \ version: 8a3e2fbb\n description: Nsswitch Configuration Modified\n expression:\ + \ \"(\\n (unlink.file.path in [ \\\"/etc/nsswitch.conf\\\" ])\\n)\"\n-\ + \ id: nsswitch_conf_mod_utimes\n version: 902597c0\n description: Nsswitch\ + \ Configuration Modified\n expression: \"(\\n (utimes.file.path in [ \\\ + \"/etc/nsswitch.conf\\\" ])\\n)\"\n- id: package_management_in_container\n\ + \ version: c152fcaf\n description: Package management in container\n expression:\ + \ exec.file.path in [\"/usr/bin/apt\", \"/usr/bin/apt-get\", \"/usr/bin/apt-config\"\ + ,\n \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", \"/usr/bin/rpm\",\ + \ \"/usr/bin/unattended-upgrade\"]\n && container.id != \"\"\n- id: pam_modification_chmod\n\ + \ version: 974a676e\n description: PAM Configuration Files Modification\n\ + \ expression: \"(\\n (chmod.file.path in [ ~\\\"/etc/pam.d/*\\\", \\\"\ + /etc/pam.conf\\\" ])\\n\\\n ) && chmod.mode != chmod.file.mode\"\n- id:\ + \ pam_modification_chown\n version: ca22d0ab\n description: PAM Configuration\ + \ Files Modification\n expression: \"(\\n (chown.file.path in [ ~\\\"\ + /etc/pam.d/*\\\", \\\"/etc/pam.conf\\\" ])\\n\\\n ) && (chown.uid != chown.file.uid\ + \ || chown.gid != chown.file.gid)\"\n- id: pam_modification_link\n version:\ + \ 3d5d6b31\n description: PAM Configuration Files Modification\n expression:\ + \ \"(\\n (link.file.path in [ ~\\\"/etc/pam.d/*\\\", \\\"/etc/pam.conf\\\ + \" ]\\n\\\n \\ || link.file.destination.path in [ ~\\\"/etc/pam.d/*\\\ + \", \\\"/etc/pam.conf\\\" ])\\n\\\n )\"\n- id: pam_modification_open\n\ + \ version: 9440f452\n description: PAM Configuration Files Modification\n\ + \ expression: \"(\\n open.flags & (O_CREAT|O_TRUNC|O_RDWR|O_WRONLY) >\ + \ 0 &&\\n (open.file.path\\\n \\ in [ ~\\\"/etc/pam.d/*\\\", \\\"/etc/pam.conf\\\ + \" ])\\n)\"\n- id: pam_modification_rename\n version: bd1d257a\n description:\ + \ PAM Configuration Files Modification\n expression: \"(\\n (rename.file.path\ + \ in [ ~\\\"/etc/pam.d/*\\\", \\\"/etc/pam.conf\\\"\\\n \\ ]\\n || rename.file.destination.path\ + \ in [ ~\\\"/etc/pam.d/*\\\", \\\"/etc/pam.conf\\\"\\\n \\ ])\\n)\"\n-\ + \ id: pam_modification_unlink\n version: c3dc53e1\n description: PAM Configuration\ + \ Files Modification\n expression: \"(\\n (unlink.file.path in [ ~\\\"\ + /etc/pam.d/*\\\", \\\"/etc/pam.conf\\\"\\\n \\ ])\\n)\"\n- id: pam_modification_utimes\n\ + \ version: d377b599\n description: PAM Configuration Files Modification\n\ + \ expression: \"(\\n (utimes.file.path in [ ~\\\"/etc/pam.d/*\\\", \\\"\ + /etc/pam.conf\\\"\\\n \\ ])\\n)\"\n- id: passwd_execution\n version: e1d41f5e\n\ + \ description: Passwd utility executed\n expression: exec.file.path == \"\ + /usr/bin/passwd\"\n- id: pci_11_5_critical_binaries_chmod\n version: 1945831d\n\ + \ description: Critical System Binaries\n expression: \"(\\n (chmod.file.path\ + \ in [ ~\\\"/bin/*\\\", ~\\\"/sbin/*\\\", ~\\\"/usr/bin/*\\\"\\\n , ~\\\ + \"/usr/sbin/*\\\", ~\\\"/usr/local/bin/*\\\", ~\\\"/usr/local/sbin/*\\\",\ + \ ~\\\"/boot/*\\\"\\\n \\ ])\\n && process.file.path not in [\\\"/usr/bin/apt\\\ + \", \\\"/usr/bin/apt-get\\\"\\\n , \\\"/usr/bin/apt-config\\\", \\\"/usr/bin/dpkg\\\ + \", \\\"/usr/bin/aptitude-curses\\\", \\\"\\\n /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\ + \"]\\n && process.ancestors.file.path\\\n \\ not in [\\\"/usr/bin/apt\\\ + \", \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\", \\\"\\\n /usr/bin/dpkg\\\ + \", \\\"/usr/bin/aptitude-curses\\\", \\\"/usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\ + \"\\\n ]\\n) && chmod.mode != chmod.file.mode\"\n- id: pci_11_5_critical_binaries_chown\n\ + \ version: 21da2189\n description: Critical System Binaries\n expression:\ + \ \"(\\n (chown.file.path in [ ~\\\"/bin/*\\\", ~\\\"/sbin/*\\\", ~\\\"\ + /usr/bin/*\\\"\\\n , ~\\\"/usr/sbin/*\\\", ~\\\"/usr/local/bin/*\\\", ~\\\ + \"/usr/local/sbin/*\\\", ~\\\"/boot/*\\\"\\\n \\ ])\\n && process.file.path\ + \ not in [\\\"/usr/bin/apt\\\", \\\"/usr/bin/apt-get\\\"\\\n , \\\"/usr/bin/apt-config\\\ + \", \\\"/usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\", \\\"\\\n /usr/bin/rpm\\\ + \", \\\"/usr/bin/unattended-upgrade\\\"]\\n && process.ancestors.file.path\\\ + \n \\ not in [\\\"/usr/bin/apt\\\", \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\ + \", \\\"\\\n /usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\", \\\"\ + /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\"\\\n ]\\n) && (chown.uid\ + \ != chown.file.uid || chown.gid != chown.file.gid)\"\n- id: pci_11_5_critical_binaries_link\n\ + \ version: a7ac587c\n description: Critical System Binaries\n expression:\ + \ \"(\\n (link.file.path in [ ~\\\"/bin/*\\\", ~\\\"/sbin/*\\\", ~\\\"\ + /usr/bin/*\\\"\\\n , ~\\\"/usr/sbin/*\\\", ~\\\"/usr/local/bin/*\\\", ~\\\ + \"/usr/local/sbin/*\\\", ~\\\"/boot/*\\\"\\\n \\ ]\\n || link.file.destination.path\ + \ in [ ~\\\"/bin/*\\\", ~\\\"/sbin/*\\\", ~\\\"/usr/bin/*\\\"\\\n , ~\\\ + \"/usr/sbin/*\\\", ~\\\"/usr/local/bin/*\\\", ~\\\"/usr/local/sbin/*\\\",\ + \ ~\\\"/boot/*\\\"\\\n \\ ])\\n && process.file.path not in [\\\"/usr/bin/apt\\\ + \", \\\"/usr/bin/apt-get\\\"\\\n , \\\"/usr/bin/apt-config\\\", \\\"/usr/bin/dpkg\\\ + \", \\\"/usr/bin/aptitude-curses\\\", \\\"\\\n /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\ + \"]\\n && process.ancestors.file.path\\\n \\ not in [\\\"/usr/bin/apt\\\ + \", \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\", \\\"\\\n /usr/bin/dpkg\\\ + \", \\\"/usr/bin/aptitude-curses\\\", \\\"/usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\ + \"\\\n ]\\n)\"\n- id: pci_11_5_critical_binaries_open\n version: f583ba7c\n\ + \ description: Critical System Binaries\n expression: \"(\\n open.flags\ + \ & (O_CREAT|O_TRUNC|O_RDWR|O_WRONLY) > 0 &&\\n (open.file.path\\\n \ + \ \\ in [ ~\\\"/bin/*\\\", ~\\\"/sbin/*\\\", ~\\\"/usr/bin/*\\\", ~\\\"/usr/sbin/*\\\ + \", ~\\\"/usr/local/bin/*\\\"\\\n , ~\\\"/usr/local/sbin/*\\\", ~\\\"/boot/*\\\ + \" ])\\n && process.file.path not in [\\\"\\\n /usr/bin/apt\\\", \\\"\ + /usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\", \\\"/usr/bin/dpkg\\\"\\\ + \n , \\\"/usr/bin/aptitude-curses\\\", \\\"/usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\ + \"\\\n ]\\n && process.ancestors.file.path not in [\\\"/usr/bin/apt\\\ + \", \\\"/usr/bin/apt-get\\\"\\\n , \\\"/usr/bin/apt-config\\\", \\\"/usr/bin/dpkg\\\ + \", \\\"/usr/bin/aptitude-curses\\\", \\\"\\\n /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\ + \"]\\n)\"\n- id: pci_11_5_critical_binaries_rename\n version: e0bc0857\n\ + \ description: Critical System Binaries\n expression: \"(\\n (rename.file.path\ + \ in [ ~\\\"/bin/*\\\", ~\\\"/sbin/*\\\", ~\\\"/usr/bin/*\\\"\\\n , ~\\\ + \"/usr/sbin/*\\\", ~\\\"/usr/local/bin/*\\\", ~\\\"/usr/local/sbin/*\\\",\ + \ ~\\\"/boot/*\\\"\\\n \\ ]\\n || rename.file.destination.path in [\ + \ ~\\\"/bin/*\\\", ~\\\"/sbin/*\\\", ~\\\"/usr/bin/*\\\"\\\n , ~\\\"/usr/sbin/*\\\ + \", ~\\\"/usr/local/bin/*\\\", ~\\\"/usr/local/sbin/*\\\", ~\\\"/boot/*\\\"\ + \\\n \\ ])\\n && process.file.path not in [\\\"/usr/bin/apt\\\", \\\"\ + /usr/bin/apt-get\\\"\\\n , \\\"/usr/bin/apt-config\\\", \\\"/usr/bin/dpkg\\\ + \", \\\"/usr/bin/aptitude-curses\\\", \\\"\\\n /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\ + \"]\\n && process.ancestors.file.path\\\n \\ not in [\\\"/usr/bin/apt\\\ + \", \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\", \\\"\\\n /usr/bin/dpkg\\\ + \", \\\"/usr/bin/aptitude-curses\\\", \\\"/usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\ + \"\\\n ]\\n)\"\n- id: pci_11_5_critical_binaries_unlink\n version: 3bb086ca\n\ + \ description: Critical System Binaries\n expression: \"(\\n (unlink.file.path\ + \ in [ ~\\\"/bin/*\\\", ~\\\"/sbin/*\\\", ~\\\"/usr/bin/*\\\"\\\n , ~\\\ + \"/usr/sbin/*\\\", ~\\\"/usr/local/bin/*\\\", ~\\\"/usr/local/sbin/*\\\",\ + \ ~\\\"/boot/*\\\"\\\n \\ ])\\n && process.file.path not in [\\\"/usr/bin/apt\\\ + \", \\\"/usr/bin/apt-get\\\"\\\n , \\\"/usr/bin/apt-config\\\", \\\"/usr/bin/dpkg\\\ + \", \\\"/usr/bin/aptitude-curses\\\", \\\"\\\n /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\ + \"]\\n && process.ancestors.file.path\\\n \\ not in [\\\"/usr/bin/apt\\\ + \", \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\", \\\"\\\n /usr/bin/dpkg\\\ + \", \\\"/usr/bin/aptitude-curses\\\", \\\"/usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\ + \"\\\n ]\\n)\"\n- id: pci_11_5_critical_binaries_utimes\n version: 6d979630\n\ + \ description: Critical System Binaries\n expression: \"(\\n (utimes.file.path\ + \ in [ ~\\\"/bin/*\\\", ~\\\"/sbin/*\\\", ~\\\"/usr/bin/*\\\"\\\n , ~\\\ + \"/usr/sbin/*\\\", ~\\\"/usr/local/bin/*\\\", ~\\\"/usr/local/sbin/*\\\",\ + \ ~\\\"/boot/*\\\"\\\n \\ ])\\n && process.file.path not in [\\\"/usr/bin/apt\\\ + \", \\\"/usr/bin/apt-get\\\"\\\n , \\\"/usr/bin/apt-config\\\", \\\"/usr/bin/dpkg\\\ + \", \\\"/usr/bin/aptitude-curses\\\", \\\"\\\n /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\ + \"]\\n && process.ancestors.file.path\\\n \\ not in [\\\"/usr/bin/apt\\\ + \", \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\", \\\"\\\n /usr/bin/dpkg\\\ + \", \\\"/usr/bin/aptitude-curses\\\", \\\"/usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\ + \"\\\n ]\\n)\"\n- id: potential_web_shell\n version: 4a0a50e5\n description:\ + \ Webapp process spawned shell/utility\n expression: \"(exec.file.path in\ + \ [ \\\"/bin/dash\\\", \\\"/usr/bin/dash\\\",\\n \\\"/bin/sh\\\"\\\n ,\ + \ \\\"/bin/static-sh\\\", \\\"/usr/bin/sh\\\",\\n \\\"/usr/bin/bash\\\",\\\ + n \\\"/bin/bash-static\\\"\\\n ,\\n \\\"/usr/bin/zsh\\\",\\n \\\"/usr/bin/ash\\\ + \",\\n \\\"/usr/bin/csh\\\",\\n \\\"/usr/bin/ksh\\\"\\\n ,\\n \\\"/usr/bin/tcsh\\\ + \",\\n \\\"/usr/lib/initramfs-tools/bin/busybox\\\",\\n \\\"/bin/busybox\\\ + \"\\\n ,\\n \\\"/usr/bin/fish\\\",\\n \\\"/bin/ksh93\\\",\\n \\\"/bin/rksh\\\ + \", \\\"/bin/rksh93\\\",\\n\\\n \\ \\\"/bin/lksh\\\",\\n \\\"/bin/mksh\\\ + \", \\\"/bin/mksh-static\\\",\\n \\\"/usr/bin/csharp\\\"\\\n ,\\n \\\"\ + /bin/posh\\\",\\n \\\"/usr/bin/rc\\\",\\n \\\"/bin/sash\\\",\\n \\\"/usr/bin/yash\\\ + \"\\\n ,\\n \\\"/bin/zsh5\\\", \\\"/bin/zsh5-static\\\" ] || exec.file.path\ + \ in [\\\"/usr/bin/wget\\\"\\\n , \\\"/usr/bin/curl\\\"] || exec.file.path\ + \ in [\\\"/bin/cat\\\",\\\"/bin/chgrp\\\",\\\"/bin/chmod\\\"\\\n ,\\\"\ + /bin/chown\\\",\\\"/bin/cp\\\",\\\"/bin/date\\\",\\\"/bin/dd\\\",\\\"/bin/df\\\ + \",\\\"/bin/dir\\\"\\\n ,\\\"/bin/echo\\\",\\\"/bin/ln\\\",\\\"/bin/ls\\\ + \",\\\"/bin/mkdir\\\",\\\"/bin/mknod\\\",\\\"/bin/mktemp\\\"\\\n ,\\\"\ + /bin/mv\\\",\\\"/bin/pwd\\\",\\\"/bin/readlink\\\",\\\"/bin/rm\\\",\\\"/bin/rmdir\\\ + \",\\\"/bin/sleep\\\"\\\n ,\\\"/bin/stty\\\",\\\"/bin/sync\\\",\\\"/bin/touch\\\ + \",\\\"/bin/uname\\\",\\\"/bin/vdir\\\",\\\"/usr/bin/arch\\\"\\\n ,\\\"\ + /usr/bin/b2sum\\\",\\\"/usr/bin/base32\\\",\\\"/usr/bin/base64\\\",\\\"/usr/bin/basename\\\ + \"\\\n ,\\\"/usr/bin/chcon\\\",\\\"/usr/bin/cksum\\\",\\\"/usr/bin/comm\\\ + \",\\\"/usr/bin/csplit\\\",\\\"\\\n /usr/bin/cut\\\",\\\"/usr/bin/dircolors\\\ + \",\\\"/usr/bin/dirname\\\",\\\"/usr/bin/du\\\",\\\"\\\n /usr/bin/env\\\ + \",\\\"/usr/bin/expand\\\",\\\"/usr/bin/expr\\\",\\\"/usr/bin/factor\\\",\\\ + \"/usr/bin/fmt\\\"\\\n ,\\\"/usr/bin/fold\\\",\\\"/usr/bin/groups\\\",\\\ + \"/usr/bin/head\\\",\\\"/usr/bin/hostid\\\",\\\"\\\n /usr/bin/id\\\",\\\ + \"/usr/bin/install\\\",\\\"/usr/bin/join\\\",\\\"/usr/bin/link\\\",\\\"/usr/bin/logname\\\ + \"\\\n ,\\\"/usr/bin/md5sum\\\",\\\"/usr/bin/md5sum.textutils\\\",\\\"\ + /usr/bin/mkfifo\\\",\\\"/usr/bin/nice\\\"\\\n ,\\\"/usr/bin/nl\\\",\\\"\ + /usr/bin/nohup\\\",\\\"/usr/bin/nproc\\\",\\\"/usr/bin/numfmt\\\",\\\"\\\n\ + \ /usr/bin/od\\\",\\\"/usr/bin/paste\\\",\\\"/usr/bin/pathchk\\\",\\\"\ + /usr/bin/pinky\\\",\\\"/usr/bin/pr\\\"\\\n ,\\\"/usr/bin/printenv\\\",\\\ + \"/usr/bin/printf\\\",\\\"/usr/bin/ptx\\\",\\\"/usr/bin/realpath\\\"\\\n \ + \ ,\\\"/usr/bin/runcon\\\",\\\"/usr/bin/seq\\\",\\\"/usr/bin/sha1sum\\\"\ + ,\\\"/usr/bin/sha224sum\\\"\\\n ,\\\"/usr/bin/sha256sum\\\",\\\"/usr/bin/sha384sum\\\ + \",\\\"/usr/bin/sha512sum\\\",\\\"/usr/bin/shred\\\"\\\n ,\\\"/usr/bin/shuf\\\ + \",\\\"/usr/bin/sort\\\",\\\"/usr/bin/split\\\",\\\"/usr/bin/stat\\\",\\\"\ + /usr/bin/stdbuf\\\"\\\n ,\\\"/usr/bin/sum\\\",\\\"/usr/bin/tac\\\",\\\"\ + /usr/bin/tail\\\",\\\"/usr/bin/tee\\\",\\\"/usr/bin/test\\\"\\\n ,\\\"\ + /usr/bin/timeout\\\",\\\"/usr/bin/tr\\\",\\\"/usr/bin/truncate\\\",\\\"/usr/bin/tsort\\\ + \"\\\n ,\\\"/usr/bin/tty\\\",\\\"/usr/bin/unexpand\\\",\\\"/usr/bin/uniq\\\ + \",\\\"/usr/bin/unlink\\\"\\\n ,\\\"/usr/bin/users\\\",\\\"/usr/bin/wc\\\ + \",\\\"/usr/bin/who\\\",\\\"/usr/bin/whoami\\\",\\\"/usr/sbin/chroot\\\"\\\ + \n ]) &&\\n(process.ancestors.file.name in [~\\\"python2*\\\", ~\\\"python3*\\\ + \", \\\"node\\\"\\\n , \\\"apache2\\\", \\\"nginx\\\"] || process.ancestors.file.name\ + \ =~ \\\"php*\\\") &&\\nprocess.ancestors.comm\\\n \\ not in [\\\"pip3\\\ + \", \\\"pip\\\", \\\"npm\\\"]\"\n- id: runc_modification\n version: c7144439\n\ + \ description: Runc Binary Modified\n expression: 'open.file.path in [\"\ + /usr/bin/runc\", \"/usr/sbin/runc\", \"/usr/bin/docker-runc\"]\n\n && open.flags\ + \ & O_CREAT|O_TRUNC|O_RDWR|O_WRONLY > 0\n\n && process.file.path not in\ + \ [\"/usr/bin/apt\", \"/usr/bin/apt-get\", \"/usr/bin/apt-config\",\n \"\ + /usr/bin/dpkg\", \"/usr/bin/aptitude-curses\", \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"\ + ]\n\n && process.ancestors.file.path not in [\"/usr/bin/apt\", \"/usr/bin/apt-get\"\ + , \"/usr/bin/apt-config\",\n \"/usr/bin/dpkg\", \"/usr/bin/aptitude-curses\"\ + , \"/usr/bin/rpm\", \"/usr/bin/unattended-upgrade\"]'\n- id: selinux_disable_enforcement\n\ + \ version: afa9a8ba\n description: SELinux enforcement status was disabled\n\ + \ expression: selinux.enforce.status in [\"permissive\", \"disabled\"]\n\ + - id: ssh_authorized_keys_chmod\n version: e4096f79\n description: SSH Authorized\ + \ Keys Modified\n expression: \"(\\n chmod.file.name == \\\"authorized_keys\\\ + \" && (chmod.file.path in\\\n \\ [ ~\\\"*/.ssh/*\\\" ])\\n) && chmod.mode\ + \ != chmod.file.mode\"\n- id: ssh_authorized_keys_chown\n version: 9639bf6\n\ + \ description: SSH Authorized Keys Modified\n expression: \"(\\n chown.file.name\ + \ == \\\"authorized_keys\\\" && (chown.file.path in\\\n \\ [ ~\\\"*/.ssh/*\\\ + \" ])\\n) && (chown.uid != chown.file.uid || chown.gid != chown.file.gid)\"\ + \n- id: ssh_authorized_keys_link\n version: 81382bdd\n description: SSH\ + \ Authorized Keys Modified\n expression: \"(\\n link.file.name == \\\"\ + authorized_keys\\\" && (link.file.path in\\\n \\ [ ~\\\"*/.ssh/*\\\" ]\\\ + n || link.file.destination.path in [ ~\\\"*/.ssh/*\\\" ])\\n\\\n )\"\ + \n- id: ssh_authorized_keys_open\n version: 1ae8f7d6\n description: SSH\ + \ Authorized Keys Modified\n expression: \"(\\n open.flags & (O_CREAT|O_TRUNC|O_RDWR|O_WRONLY)\ + \ > 0 &&\\n open.file.name\\\n \\ == \\\"authorized_keys\\\" && (open.file.path\ + \ in [ ~\\\"*/.ssh/*\\\" ])\\n)\"\n- id: ssh_authorized_keys_rename\n version:\ + \ fd3bdabf\n description: SSH Authorized Keys Modified\n expression: \"\ + (\\n rename.file.name == \\\"authorized_keys\\\" && (rename.file.path\\\ + \n \\ in [ ~\\\"*/.ssh/*\\\" ]\\n || rename.file.destination.path in\ + \ [ ~\\\"*/.ssh/*\\\"\\\n \\ ])\\n)\"\n- id: ssh_authorized_keys_unlink\n\ + \ version: 54cf4a88\n description: SSH Authorized Keys Modified\n expression:\ + \ \"(\\n unlink.file.name == \\\"authorized_keys\\\" && (unlink.file.path\\\ + \n \\ in [ ~\\\"*/.ssh/*\\\" ])\\n)\"\n- id: ssh_authorized_keys_utimes\n\ + \ version: 59377e61\n description: SSH Authorized Keys Modified\n expression:\ + \ \"(\\n utimes.file.name == \\\"authorized_keys\\\" && (utimes.file.path\\\ + \n \\ in [ ~\\\"*/.ssh/*\\\" ])\\n)\"\n- id: ssl_certificate_tampering_chmod\n\ + \ version: d8ac6517\n description: SSL Certificate Tampering\n expression:\ + \ \"(\\n (chmod.file.path in [ ~\\\"/etc/ssl/certs/*\\\" ])\\n && process.file.path\\\ + \n \\ not in [\\\"/usr/bin/apt\\\", \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\ + \", \\\"\\\n /usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\", \\\"\ + /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\"\\\n ]\\n) && chmod.mode\ + \ != chmod.file.mode\"\n- id: ssl_certificate_tampering_chown\n version:\ + \ 3d04895f\n description: SSL Certificate Tampering\n expression: \"(\\\ + n (chown.file.path in [ ~\\\"/etc/ssl/certs/*\\\" ])\\n && process.file.path\\\ + \n \\ not in [\\\"/usr/bin/apt\\\", \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\ + \", \\\"\\\n /usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\", \\\"\ + /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\"\\\n ]\\n) && (chown.uid\ + \ != chown.file.uid || chown.gid != chown.file.gid)\"\n- id: ssl_certificate_tampering_link\n\ + \ version: eb594616\n description: SSL Certificate Tampering\n expression:\ + \ \"(\\n (link.file.path in [ ~\\\"/etc/ssl/certs/*\\\" ]\\n || link.file.destination.path\\\ + \n \\ in [ ~\\\"/etc/ssl/certs/*\\\" ])\\n && process.file.path not\ + \ in [\\\"/usr/bin/apt\\\"\\\n , \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\ + \", \\\"/usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\"\\\n , \\\"\ + /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\"]\\n)\"\n- id: ssl_certificate_tampering_open\n\ + \ version: 59d94d53\n description: SSL Certificate Tampering\n expression:\ + \ \"(\\n open.flags & (O_CREAT|O_RDWR|O_WRONLY) > 0 &&\\n (open.file.path\\\ + \n \\ in [ ~\\\"/etc/ssl/certs/*\\\" ])\\n && process.file.path not\ + \ in [\\\"/usr/bin/apt\\\"\\\n , \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\ + \", \\\"/usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\"\\\n , \\\"\ + /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\"]\\n)\"\n- id: ssl_certificate_tampering_rename\n\ + \ version: e42eefb4\n description: SSL Certificate Tampering\n expression:\ + \ \"(\\n (rename.file.path in [ ~\\\"/etc/ssl/certs/*\\\" ]\\n || rename.file.destination.path\\\ + \n \\ in [ ~\\\"/etc/ssl/certs/*\\\" ])\\n && process.file.path not\ + \ in [\\\"/usr/bin/apt\\\"\\\n , \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\ + \", \\\"/usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\"\\\n , \\\"\ + /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\"]\\n)\"\n- id: ssl_certificate_tampering_unlink\n\ + \ version: 37c40311\n description: SSL Certificate Tampering\n expression:\ + \ \"(\\n (unlink.file.path in [ ~\\\"/etc/ssl/certs/*\\\" ])\\n && process.file.path\\\ + \n \\ not in [\\\"/usr/bin/apt\\\", \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\ + \", \\\"\\\n /usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\", \\\"\ + /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\"\\\n ]\\n)\"\n- id:\ + \ ssl_certificate_tampering_utimes\n version: de3d3032\n description: SSL\ + \ Certificate Tampering\n expression: \"(\\n (utimes.file.path in [ ~\\\ + \"/etc/ssl/certs/*\\\" ])\\n && process.file.path\\\n \\ not in [\\\"\ + /usr/bin/apt\\\", \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\", \\\ + \"\\\n /usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\", \\\"/usr/bin/rpm\\\ + \", \\\"/usr/bin/unattended-upgrade\\\"\\\n ]\\n)\"\n- id: suspicious_container_client\n\ + \ version: 8b9461f4\n description: Container management utility in container\n\ + \ expression: \"exec.file.path in [\\\"/usr/bin/docker\\\", \\\"/usr/local/bin/docker\\\ + \",\\n\\\n \\ \\\"/usr/bin/kubectl\\\", \\\"/usr/local/bin/kubectl\\\"\ + ] && container.id != \\\"\\\"\"\n- id: systemd_modification_chmod\n version:\ + \ b0643139\n description: Systemd Modification\n expression: \"(\\n (chmod.file.path\ + \ in [ ~\\\"/lib/systemd/system/*\\\", ~\\\"/usr/lib/systemd/system/*\\\"\\\ + \n , ~\\\"/etc/systemd/system/*\\\" ])\\n && process.file.path not in\ + \ [\\\"/usr/bin/apt\\\"\\\n , \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\ + \", \\\"/usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\"\\\n , \\\"\ + /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\"]\\n) && chmod.mode !=\ + \ chmod.file.mode\"\n- id: systemd_modification_chown\n version: 380d501\n\ + \ description: Systemd Modification\n expression: \"(\\n (chown.file.path\ + \ in [ ~\\\"/lib/systemd/system/*\\\", ~\\\"/usr/lib/systemd/system/*\\\"\\\ + \n , ~\\\"/etc/systemd/system/*\\\" ])\\n && process.file.path not in\ + \ [\\\"/usr/bin/apt\\\"\\\n , \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\ + \", \\\"/usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\"\\\n , \\\"\ + /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\"]\\n) && (chown.uid !=\ + \ chown.file.uid\\\n \\ || chown.gid != chown.file.gid)\"\n- id: systemd_modification_link\n\ + \ version: cbd89cec\n description: Systemd Modification\n expression: \"\ + (\\n (link.file.path in [ ~\\\"/lib/systemd/system/*\\\", ~\\\"/usr/lib/systemd/system/*\\\ + \"\\\n , ~\\\"/etc/systemd/system/*\\\" ]\\n || link.file.destination.path\ + \ in [ ~\\\"/lib/systemd/system/*\\\"\\\n , ~\\\"/usr/lib/systemd/system/*\\\ + \", ~\\\"/etc/systemd/system/*\\\" ])\\n && process.file.path\\\n \\\ + \ not in [\\\"/usr/bin/apt\\\", \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\ + \", \\\"\\\n /usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\", \\\"\ + /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\"\\\n ]\\n)\"\n- id:\ + \ systemd_modification_open\n version: b6dce303\n description: Systemd Modification\n\ + \ expression: \"(\\n open.flags & (O_CREAT|O_RDWR|O_WRONLY) > 0 &&\\n\ + \ (open.file.path\\\n \\ in [ ~\\\"/lib/systemd/system/*\\\", ~\\\"\ + /usr/lib/systemd/system/*\\\", ~\\\"/etc/systemd/system/*\\\"\\\n \\ ])\\\ + n && process.file.path not in [\\\"/usr/bin/apt\\\", \\\"/usr/bin/apt-get\\\ + \"\\\n , \\\"/usr/bin/apt-config\\\", \\\"/usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\ + \", \\\"\\\n /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\"]\\n)\"\ + \n- id: systemd_modification_rename\n version: 1e723c46\n description: Systemd\ + \ Modification\n expression: \"(\\n (rename.file.path in [ ~\\\"/lib/systemd/system/*\\\ + \", ~\\\"/usr/lib/systemd/system/*\\\"\\\n , ~\\\"/etc/systemd/system/*\\\ + \" ]\\n || rename.file.destination.path in [ ~\\\"/lib/systemd/system/*\\\ + \"\\\n , ~\\\"/usr/lib/systemd/system/*\\\", ~\\\"/etc/systemd/system/*\\\ + \" ])\\n && process.file.path\\\n \\ not in [\\\"/usr/bin/apt\\\", \\\ + \"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\", \\\"\\\n /usr/bin/dpkg\\\ + \", \\\"/usr/bin/aptitude-curses\\\", \\\"/usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\ + \"\\\n ]\\n)\"\n- id: systemd_modification_unlink\n version: dcb17382\n\ + \ description: Systemd Modification\n expression: \"(\\n (unlink.file.path\ + \ in [ ~\\\"/lib/systemd/system/*\\\", ~\\\"/usr/lib/systemd/system/*\\\"\\\ + \n , ~\\\"/etc/systemd/system/*\\\" ])\\n && process.file.path not in\ + \ [\\\"/usr/bin/apt\\\"\\\n , \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\ + \", \\\"/usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\"\\\n , \\\"\ + /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\"]\\n)\"\n- id: systemd_modification_utimes\n\ + \ version: 6b596fc5\n description: Systemd Modification\n expression: \"\ + (\\n (utimes.file.path in [ ~\\\"/lib/systemd/system/*\\\", ~\\\"/usr/lib/systemd/system/*\\\ + \"\\\n , ~\\\"/etc/systemd/system/*\\\" ])\\n && process.file.path not\ + \ in [\\\"/usr/bin/apt\\\"\\\n , \\\"/usr/bin/apt-get\\\", \\\"/usr/bin/apt-config\\\ + \", \\\"/usr/bin/dpkg\\\", \\\"/usr/bin/aptitude-curses\\\"\\\n , \\\"\ + /usr/bin/rpm\\\", \\\"/usr/bin/unattended-upgrade\\\"]\\n)\"\n- id: user_created_tty\n\ + \ version: 5b5f4a52\n description: User Created Interactively\n expression:\ + \ exec.file.name in [\"useradd\", \"newusers\"] && exec.tty_name !=\"\"\n" + status: + code: 200 + message: OK +recorded_with: VCR 6.0.0 diff --git a/cassettes/features/v2/cloud_workload_security/Update-a-Cloud-Workload-Security-Agent-rule-returns-Bad-Request-response.frozen b/cassettes/features/v2/cloud_workload_security/Update-a-Cloud-Workload-Security-Agent-rule-returns-Bad-Request-response.frozen new file mode 100644 index 000000000000..357ebf86de8a --- /dev/null +++ b/cassettes/features/v2/cloud_workload_security/Update-a-Cloud-Workload-Security-Agent-rule-returns-Bad-Request-response.frozen @@ -0,0 +1 @@ +2022-01-11T18:11:41.271Z \ No newline at end of file diff --git a/cassettes/features/v2/cloud_workload_security/Update-a-Cloud-Workload-Security-Agent-rule-returns-Bad-Request-response.yml b/cassettes/features/v2/cloud_workload_security/Update-a-Cloud-Workload-Security-Agent-rule-returns-Bad-Request-response.yml new file mode 100644 index 000000000000..62163bd40188 --- /dev/null +++ b/cassettes/features/v2/cloud_workload_security/Update-a-Cloud-Workload-Security-Agent-rule-returns-Bad-Request-response.yml @@ -0,0 +1,55 @@ +http_interactions: +- recorded_at: Tue, 11 Jan 2022 18:11:41 GMT + request: + body: + encoding: UTF-8 + string: '{"data":{"attributes":{"description":"My Agent rule","enabled":true,"expression":"exec.file.name + == \"sh\"","name":"testupdateacloudworkloadsecurityagentrulereturnsbadrequestresponse1641924701"},"type":"agent_rule"}}' + headers: + Content-Type: + - application/json;charset=utf-8 + method: POST + uri: https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules + response: + body: + encoding: UTF-8 + string: '{"data":{"attributes":{"category":"Process Activity","name":"testupdateacloudworkloadsecurityagentrulereturnsbadrequestresponse1641924701","creator":{"handle":"frog@datadoghq.com","name":null},"description":"My + Agent rule","enabled":true,"defaultRule":false,"version":1,"updater":{"handle":"frog@datadoghq.com","name":null},"updateDate":1641924701807,"creationDate":1641924701807,"expression":"exec.file.name + == \"sh\""},"type":"agent_rule","id":"dhc-tmb-os1"}}' + status: + code: 200 + message: OK +- recorded_at: Tue, 11 Jan 2022 18:11:41 GMT + request: + body: + encoding: UTF-8 + string: '{"data":{"attributes":{"description":"Test Agent rule","enabled":true,"expression":"open.file.path + = sh"},"type":"agent_rule"}}' + headers: + Content-Type: + - application/json + method: PATCH + uri: https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/dhc-tmb-os1 + response: + body: + encoding: UTF-8 + string: '{"errors":["input_validation_error(Field ''expression'' is invalid: + rule `testupdateacloudworkloadsecurityagentrulereturnsbadrequestresponse1641924701` + definition error: syntax error: 1:18: unexpected token \"sh\" (expected \"~\"))"]}' + status: + code: 400 + message: Bad Request +- recorded_at: Tue, 11 Jan 2022 18:11:41 GMT + request: + body: null + headers: {} + method: DELETE + uri: https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/dhc-tmb-os1 + response: + body: + encoding: UTF-8 + string: '' + status: + code: 204 + message: No Content +recorded_with: VCR 6.0.0 diff --git a/cassettes/features/v2/cloud_workload_security/Update-a-Cloud-Workload-Security-Agent-rule-returns-Not-Found-response.frozen b/cassettes/features/v2/cloud_workload_security/Update-a-Cloud-Workload-Security-Agent-rule-returns-Not-Found-response.frozen new file mode 100644 index 000000000000..27f706249cc6 --- /dev/null +++ b/cassettes/features/v2/cloud_workload_security/Update-a-Cloud-Workload-Security-Agent-rule-returns-Not-Found-response.frozen @@ -0,0 +1 @@ +2022-01-11T18:11:42.604Z \ No newline at end of file diff --git a/cassettes/features/v2/cloud_workload_security/Update-a-Cloud-Workload-Security-Agent-rule-returns-Not-Found-response.yml b/cassettes/features/v2/cloud_workload_security/Update-a-Cloud-Workload-Security-Agent-rule-returns-Not-Found-response.yml new file mode 100644 index 000000000000..8ba6993ca345 --- /dev/null +++ b/cassettes/features/v2/cloud_workload_security/Update-a-Cloud-Workload-Security-Agent-rule-returns-Not-Found-response.yml @@ -0,0 +1,20 @@ +http_interactions: +- recorded_at: Tue, 11 Jan 2022 18:11:42 GMT + request: + body: + encoding: UTF-8 + string: '{"data":{"attributes":{"description":"Test Agent rule","enabled":true,"expression":"exec.file.name + == \"sh\""},"type":"agent_rule"}}' + headers: + Content-Type: + - application/json + method: PATCH + uri: https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/abc-123-xyz + response: + body: + encoding: UTF-8 + string: '{"errors":["not_found(Agent rule not found: agentRuleId=abc-123-xyz)"]}' + status: + code: 404 + message: Not Found +recorded_with: VCR 6.0.0 diff --git a/cassettes/features/v2/cloud_workload_security/Update-a-Cloud-Workload-Security-Agent-rule-returns-OK-response.frozen b/cassettes/features/v2/cloud_workload_security/Update-a-Cloud-Workload-Security-Agent-rule-returns-OK-response.frozen new file mode 100644 index 000000000000..1581474e2644 --- /dev/null +++ b/cassettes/features/v2/cloud_workload_security/Update-a-Cloud-Workload-Security-Agent-rule-returns-OK-response.frozen @@ -0,0 +1 @@ +2022-01-11T18:11:43.075Z \ No newline at end of file diff --git a/cassettes/features/v2/cloud_workload_security/Update-a-Cloud-Workload-Security-Agent-rule-returns-OK-response.yml b/cassettes/features/v2/cloud_workload_security/Update-a-Cloud-Workload-Security-Agent-rule-returns-OK-response.yml new file mode 100644 index 000000000000..c465453a6bb8 --- /dev/null +++ b/cassettes/features/v2/cloud_workload_security/Update-a-Cloud-Workload-Security-Agent-rule-returns-OK-response.yml @@ -0,0 +1,55 @@ +http_interactions: +- recorded_at: Tue, 11 Jan 2022 18:11:43 GMT + request: + body: + encoding: UTF-8 + string: '{"data":{"attributes":{"description":"My Agent rule","enabled":true,"expression":"exec.file.name + == \"sh\"","name":"testupdateacloudworkloadsecurityagentrulereturnsokresponse1641924703"},"type":"agent_rule"}}' + headers: + Content-Type: + - application/json;charset=utf-8 + method: POST + uri: https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules + response: + body: + encoding: UTF-8 + string: '{"data":{"attributes":{"category":"Process Activity","name":"testupdateacloudworkloadsecurityagentrulereturnsokresponse1641924703","creator":{"handle":"frog@datadoghq.com","name":null},"description":"My + Agent rule","enabled":true,"defaultRule":false,"version":1,"updater":{"handle":"frog@datadoghq.com","name":null},"updateDate":1641924703522,"creationDate":1641924703522,"expression":"exec.file.name + == \"sh\""},"type":"agent_rule","id":"q6i-5md-xld"}}' + status: + code: 200 + message: OK +- recorded_at: Tue, 11 Jan 2022 18:11:43 GMT + request: + body: + encoding: UTF-8 + string: '{"data":{"attributes":{"description":"Test Agent rule","enabled":true,"expression":"exec.file.name + == \"sh\""},"type":"agent_rule"}}' + headers: + Content-Type: + - application/json;charset=utf-8 + method: PATCH + uri: https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/q6i-5md-xld + response: + body: + encoding: UTF-8 + string: '{"data":{"attributes":{"category":"Process Activity","name":"testupdateacloudworkloadsecurityagentrulereturnsokresponse1641924703","creator":{"handle":"frog@datadoghq.com","name":null},"description":"Test + Agent rule","enabled":true,"defaultRule":false,"version":2,"updater":{"handle":"frog@datadoghq.com","name":null},"updateDate":1641924703969,"creationDate":1641924703522,"expression":"exec.file.name + == \"sh\""},"type":"agent_rule","id":"q6i-5md-xld"}}' + status: + code: 200 + message: OK +- recorded_at: Tue, 11 Jan 2022 18:11:43 GMT + request: + body: null + headers: {} + method: DELETE + uri: https://api.datadoghq.com/api/v2/security_monitoring/cloud_workload_security/agent_rules/q6i-5md-xld + response: + body: + encoding: UTF-8 + string: '' + status: + code: 204 + message: No Content +recorded_with: VCR 6.0.0 diff --git a/docs/v2/CloudWorkloadSecurityAPI.md b/docs/v2/CloudWorkloadSecurityAPI.md new file mode 100644 index 000000000000..30b4adc89c1f --- /dev/null +++ b/docs/v2/CloudWorkloadSecurityAPI.md @@ -0,0 +1,364 @@ +# DatadogAPIClient::V2::CloudWorkloadSecurityAPI + +All URIs are relative to *https://api.datadoghq.com* + +| Method | HTTP request | Description | +| ---------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------ | --------------------------------------------- | +| [**create_cloud_workload_security_agent_rule**](CloudWorkloadSecurityAPI.md#create_cloud_workload_security_agent_rule) | **POST** /api/v2/security_monitoring/cloud_workload_security/agent_rules | Create a Cloud Workload Security Agent rule | +| [**delete_cloud_workload_security_agent_rule**](CloudWorkloadSecurityAPI.md#delete_cloud_workload_security_agent_rule) | **DELETE** /api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | Delete a Cloud Workload Security Agent rule | +| [**download_cloud_workload_policy_file**](CloudWorkloadSecurityAPI.md#download_cloud_workload_policy_file) | **GET** /api/v2/security/cloud_workload/policy/download | Get the latest Cloud Workload Security policy | +| [**get_cloud_workload_security_agent_rule**](CloudWorkloadSecurityAPI.md#get_cloud_workload_security_agent_rule) | **GET** /api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | Get a Cloud Workload Security Agent rule | +| [**list_cloud_workload_security_agent_rules**](CloudWorkloadSecurityAPI.md#list_cloud_workload_security_agent_rules) | **GET** /api/v2/security_monitoring/cloud_workload_security/agent_rules | Get all Cloud Workload Security Agent rules | +| [**update_cloud_workload_security_agent_rule**](CloudWorkloadSecurityAPI.md#update_cloud_workload_security_agent_rule) | **PATCH** /api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | Update a Cloud Workload Security Agent rule | + +## create_cloud_workload_security_agent_rule + +> create_cloud_workload_security_agent_rule(body) + +Create a new Agent rule with the given parameters. + +### Examples + +```ruby +require 'datadog_api_client' +api_instance = DatadogAPIClient::V2::CloudWorkloadSecurityAPI.new +body = DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateRequest.new({data: DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateData.new({attributes: DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateAttributes.new({expression: 'exec.file.name == \"sh\"', name: 'my_agent_rule'}), type: DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleType::AGENT_RULE})}) # CloudWorkloadSecurityAgentRuleCreateRequest | The definition of the new Agent rule. + +begin + # Create a Cloud Workload Security Agent rule + result = api_instance.create_cloud_workload_security_agent_rule(body) + p result +rescue DatadogAPIClient::V2::APIError => e + puts "Error when calling CloudWorkloadSecurityAPI->create_cloud_workload_security_agent_rule: #{e}" +end +``` + +#### Using the create_cloud_workload_security_agent_rule_with_http_info variant + +This returns an Array which contains the response data, status code and headers. + +> , Integer, Hash)> create_cloud_workload_security_agent_rule_with_http_info(body) + +```ruby +begin + # Create a Cloud Workload Security Agent rule + data, status_code, headers = api_instance.create_cloud_workload_security_agent_rule_with_http_info(body) + p status_code # => 2xx + p headers # => { ... } + p data # => +rescue DatadogAPIClient::V2::APIError => e + puts "Error when calling CloudWorkloadSecurityAPI->create_cloud_workload_security_agent_rule_with_http_info: #{e}" +end +``` + +### Parameters + +| Name | Type | Description | Notes | +| -------- | ------------------------------------------------------------------------------------------------- | ------------------------------------- | ----- | +| **body** | [**CloudWorkloadSecurityAgentRuleCreateRequest**](CloudWorkloadSecurityAgentRuleCreateRequest.md) | The definition of the new Agent rule. | | + +### Return type + +[**CloudWorkloadSecurityAgentRuleResponse**](CloudWorkloadSecurityAgentRuleResponse.md) + +### Authorization + +[AuthZ](README.md#AuthZ), [apiKeyAuth](README.md#apiKeyAuth), [appKeyAuth](README.md#appKeyAuth) + +### HTTP request headers + +- **Content-Type**: application/json +- **Accept**: application/json + +## delete_cloud_workload_security_agent_rule + +> delete_cloud_workload_security_agent_rule(agent_rule_id) + +Delete a specific Agent rule. + +### Examples + +```ruby +require 'datadog_api_client' +api_instance = DatadogAPIClient::V2::CloudWorkloadSecurityAPI.new +agent_rule_id = '3b5-v82-ns6' # String | The ID of the Agent rule. + +begin + # Delete a Cloud Workload Security Agent rule + api_instance.delete_cloud_workload_security_agent_rule(agent_rule_id) +rescue DatadogAPIClient::V2::APIError => e + puts "Error when calling CloudWorkloadSecurityAPI->delete_cloud_workload_security_agent_rule: #{e}" +end +``` + +#### Using the delete_cloud_workload_security_agent_rule_with_http_info variant + +This returns an Array which contains the response data (`nil` in this case), status code and headers. + +> delete_cloud_workload_security_agent_rule_with_http_info(agent_rule_id) + +```ruby +begin + # Delete a Cloud Workload Security Agent rule + data, status_code, headers = api_instance.delete_cloud_workload_security_agent_rule_with_http_info(agent_rule_id) + p status_code # => 2xx + p headers # => { ... } + p data # => nil +rescue DatadogAPIClient::V2::APIError => e + puts "Error when calling CloudWorkloadSecurityAPI->delete_cloud_workload_security_agent_rule_with_http_info: #{e}" +end +``` + +### Parameters + +| Name | Type | Description | Notes | +| ----------------- | ---------- | ------------------------- | ----- | +| **agent_rule_id** | **String** | The ID of the Agent rule. | | + +### Return type + +nil (empty response body) + +### Authorization + +[AuthZ](README.md#AuthZ), [apiKeyAuth](README.md#apiKeyAuth), [appKeyAuth](README.md#appKeyAuth) + +### HTTP request headers + +- **Content-Type**: Not defined +- **Accept**: application/json + +## download_cloud_workload_policy_file + +> File download_cloud_workload_policy_file + +The download endpoint generates a Cloud Workload Security policy file from your currently active +Cloud Workload Security rules, and downloads them as a .policy file. This file can then be deployed to +your agents to update the policy running in your environment. + +### Examples + +```ruby +require 'datadog_api_client' +api_instance = DatadogAPIClient::V2::CloudWorkloadSecurityAPI.new + +begin + # Get the latest Cloud Workload Security policy + result = api_instance.download_cloud_workload_policy_file + p result +rescue DatadogAPIClient::V2::APIError => e + puts "Error when calling CloudWorkloadSecurityAPI->download_cloud_workload_policy_file: #{e}" +end +``` + +#### Using the download_cloud_workload_policy_file_with_http_info variant + +This returns an Array which contains the response data, status code and headers. + +> download_cloud_workload_policy_file_with_http_info + +```ruby +begin + # Get the latest Cloud Workload Security policy + data, status_code, headers = api_instance.download_cloud_workload_policy_file_with_http_info + p status_code # => 2xx + p headers # => { ... } + p data # => File +rescue DatadogAPIClient::V2::APIError => e + puts "Error when calling CloudWorkloadSecurityAPI->download_cloud_workload_policy_file_with_http_info: #{e}" +end +``` + +### Parameters + +This endpoint does not need any parameter. + +### Return type + +**File** + +### Authorization + +[AuthZ](README.md#AuthZ), [apiKeyAuth](README.md#apiKeyAuth), [appKeyAuth](README.md#appKeyAuth) + +### HTTP request headers + +- **Content-Type**: Not defined +- **Accept**: application/yaml, application/json + +## get_cloud_workload_security_agent_rule + +> get_cloud_workload_security_agent_rule(agent_rule_id) + +Get the details of a specific Agent rule. + +### Examples + +```ruby +require 'datadog_api_client' +api_instance = DatadogAPIClient::V2::CloudWorkloadSecurityAPI.new +agent_rule_id = '3b5-v82-ns6' # String | The ID of the Agent rule. + +begin + # Get a Cloud Workload Security Agent rule + result = api_instance.get_cloud_workload_security_agent_rule(agent_rule_id) + p result +rescue DatadogAPIClient::V2::APIError => e + puts "Error when calling CloudWorkloadSecurityAPI->get_cloud_workload_security_agent_rule: #{e}" +end +``` + +#### Using the get_cloud_workload_security_agent_rule_with_http_info variant + +This returns an Array which contains the response data, status code and headers. + +> , Integer, Hash)> get_cloud_workload_security_agent_rule_with_http_info(agent_rule_id) + +```ruby +begin + # Get a Cloud Workload Security Agent rule + data, status_code, headers = api_instance.get_cloud_workload_security_agent_rule_with_http_info(agent_rule_id) + p status_code # => 2xx + p headers # => { ... } + p data # => +rescue DatadogAPIClient::V2::APIError => e + puts "Error when calling CloudWorkloadSecurityAPI->get_cloud_workload_security_agent_rule_with_http_info: #{e}" +end +``` + +### Parameters + +| Name | Type | Description | Notes | +| ----------------- | ---------- | ------------------------- | ----- | +| **agent_rule_id** | **String** | The ID of the Agent rule. | | + +### Return type + +[**CloudWorkloadSecurityAgentRuleResponse**](CloudWorkloadSecurityAgentRuleResponse.md) + +### Authorization + +[AuthZ](README.md#AuthZ), [apiKeyAuth](README.md#apiKeyAuth), [appKeyAuth](README.md#appKeyAuth) + +### HTTP request headers + +- **Content-Type**: Not defined +- **Accept**: application/json + +## list_cloud_workload_security_agent_rules + +> list_cloud_workload_security_agent_rules + +Get the list of Agent rules. + +### Examples + +```ruby +require 'datadog_api_client' +api_instance = DatadogAPIClient::V2::CloudWorkloadSecurityAPI.new + +begin + # Get all Cloud Workload Security Agent rules + result = api_instance.list_cloud_workload_security_agent_rules + p result +rescue DatadogAPIClient::V2::APIError => e + puts "Error when calling CloudWorkloadSecurityAPI->list_cloud_workload_security_agent_rules: #{e}" +end +``` + +#### Using the list_cloud_workload_security_agent_rules_with_http_info variant + +This returns an Array which contains the response data, status code and headers. + +> , Integer, Hash)> list_cloud_workload_security_agent_rules_with_http_info + +```ruby +begin + # Get all Cloud Workload Security Agent rules + data, status_code, headers = api_instance.list_cloud_workload_security_agent_rules_with_http_info + p status_code # => 2xx + p headers # => { ... } + p data # => +rescue DatadogAPIClient::V2::APIError => e + puts "Error when calling CloudWorkloadSecurityAPI->list_cloud_workload_security_agent_rules_with_http_info: #{e}" +end +``` + +### Parameters + +This endpoint does not need any parameter. + +### Return type + +[**CloudWorkloadSecurityAgentRulesListResponse**](CloudWorkloadSecurityAgentRulesListResponse.md) + +### Authorization + +[AuthZ](README.md#AuthZ), [apiKeyAuth](README.md#apiKeyAuth), [appKeyAuth](README.md#appKeyAuth) + +### HTTP request headers + +- **Content-Type**: Not defined +- **Accept**: application/json + +## update_cloud_workload_security_agent_rule + +> update_cloud_workload_security_agent_rule(agent_rule_id, body) + +Update a specific Agent rule. +Returns the Agent rule object when the request is successful. + +### Examples + +```ruby +require 'datadog_api_client' +api_instance = DatadogAPIClient::V2::CloudWorkloadSecurityAPI.new +agent_rule_id = '3b5-v82-ns6' # String | The ID of the Agent rule. +body = DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateRequest.new({data: DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateData.new({attributes: DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateAttributes.new, type: DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleType::AGENT_RULE})}) # CloudWorkloadSecurityAgentRuleUpdateRequest | New definition of the Agent rule. + +begin + # Update a Cloud Workload Security Agent rule + result = api_instance.update_cloud_workload_security_agent_rule(agent_rule_id, body) + p result +rescue DatadogAPIClient::V2::APIError => e + puts "Error when calling CloudWorkloadSecurityAPI->update_cloud_workload_security_agent_rule: #{e}" +end +``` + +#### Using the update_cloud_workload_security_agent_rule_with_http_info variant + +This returns an Array which contains the response data, status code and headers. + +> , Integer, Hash)> update_cloud_workload_security_agent_rule_with_http_info(agent_rule_id, body) + +```ruby +begin + # Update a Cloud Workload Security Agent rule + data, status_code, headers = api_instance.update_cloud_workload_security_agent_rule_with_http_info(agent_rule_id, body) + p status_code # => 2xx + p headers # => { ... } + p data # => +rescue DatadogAPIClient::V2::APIError => e + puts "Error when calling CloudWorkloadSecurityAPI->update_cloud_workload_security_agent_rule_with_http_info: #{e}" +end +``` + +### Parameters + +| Name | Type | Description | Notes | +| ----------------- | ------------------------------------------------------------------------------------------------- | --------------------------------- | ----- | +| **agent_rule_id** | **String** | The ID of the Agent rule. | | +| **body** | [**CloudWorkloadSecurityAgentRuleUpdateRequest**](CloudWorkloadSecurityAgentRuleUpdateRequest.md) | New definition of the Agent rule. | | + +### Return type + +[**CloudWorkloadSecurityAgentRuleResponse**](CloudWorkloadSecurityAgentRuleResponse.md) + +### Authorization + +[AuthZ](README.md#AuthZ), [apiKeyAuth](README.md#apiKeyAuth), [appKeyAuth](README.md#appKeyAuth) + +### HTTP request headers + +- **Content-Type**: application/json +- **Accept**: application/json diff --git a/docs/v2/CloudWorkloadSecurityAgentRuleAttributes.md b/docs/v2/CloudWorkloadSecurityAgentRuleAttributes.md new file mode 100644 index 000000000000..c021b9398af3 --- /dev/null +++ b/docs/v2/CloudWorkloadSecurityAgentRuleAttributes.md @@ -0,0 +1,37 @@ +# DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleAttributes + +## Properties + +| Name | Type | Description | Notes | +| ----------------- | --------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------- | ---------- | +| **category** | **String** | The category of the Agent rule. | [optional] | +| **creation_date** | **Integer** | When the Agent rule was created, timestamp in milliseconds. | [optional] | +| **creator** | [**CloudWorkloadSecurityAgentRuleCreatorAttributes**](CloudWorkloadSecurityAgentRuleCreatorAttributes.md) | | [optional] | +| **default_rule** | **Boolean** | Whether the rule is included by default. | [optional] | +| **description** | **String** | The description of the Agent rule. | [optional] | +| **enabled** | **Boolean** | Whether the Agent rule is enabled. | [optional] | +| **expression** | **String** | The SECL expression of the Agent rule. | [optional] | +| **name** | **String** | The name of the Agent rule. | [optional] | +| **updated_at** | **Integer** | When the Agent rule was last updated, timestamp in milliseconds. | [optional] | +| **updater** | [**CloudWorkloadSecurityAgentRuleUpdaterAttributes**](CloudWorkloadSecurityAgentRuleUpdaterAttributes.md) | | [optional] | +| **version** | **Integer** | The version of the Agent rule. | [optional] | + +## Example + +```ruby +require 'datadog_api_client/v2' + +instance = DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleAttributes.new( + category: Process Activity, + creation_date: 1624366480320, + creator: null, + default_rule: false, + description: My Agent rule, + enabled: true, + expression: exec.file.name == \"sh\", + name: my_agent_rule, + updated_at: 1624366480320, + updater: null, + version: 23 +) +``` diff --git a/docs/v2/CloudWorkloadSecurityAgentRuleCreateAttributes.md b/docs/v2/CloudWorkloadSecurityAgentRuleCreateAttributes.md new file mode 100644 index 000000000000..2eacbff900b6 --- /dev/null +++ b/docs/v2/CloudWorkloadSecurityAgentRuleCreateAttributes.md @@ -0,0 +1,23 @@ +# DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateAttributes + +## Properties + +| Name | Type | Description | Notes | +| --------------- | ----------- | -------------------------------------- | ---------- | +| **description** | **String** | The description of the Agent rule. | [optional] | +| **enabled** | **Boolean** | Whether the Agent rule is enabled. | [optional] | +| **expression** | **String** | The SECL expression of the Agent rule. | | +| **name** | **String** | The name of the Agent rule. | | + +## Example + +```ruby +require 'datadog_api_client/v2' + +instance = DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateAttributes.new( + description: My Agent rule, + enabled: true, + expression: exec.file.name == \"sh\", + name: my_agent_rule +) +``` diff --git a/docs/v2/CloudWorkloadSecurityAgentRuleCreateData.md b/docs/v2/CloudWorkloadSecurityAgentRuleCreateData.md new file mode 100644 index 000000000000..7c02bbec70eb --- /dev/null +++ b/docs/v2/CloudWorkloadSecurityAgentRuleCreateData.md @@ -0,0 +1,19 @@ +# DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateData + +## Properties + +| Name | Type | Description | Notes | +| -------------- | ------------------------------------------------------------------------------------------------------- | ----------- | --------------------------------- | +| **attributes** | [**CloudWorkloadSecurityAgentRuleCreateAttributes**](CloudWorkloadSecurityAgentRuleCreateAttributes.md) | | | +| **type** | [**CloudWorkloadSecurityAgentRuleType**](CloudWorkloadSecurityAgentRuleType.md) | | [default to 'agent_rule'] | + +## Example + +```ruby +require 'datadog_api_client/v2' + +instance = DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateData.new( + attributes: null, + type: null +) +``` diff --git a/docs/v2/CloudWorkloadSecurityAgentRuleCreateRequest.md b/docs/v2/CloudWorkloadSecurityAgentRuleCreateRequest.md new file mode 100644 index 000000000000..067dff628da2 --- /dev/null +++ b/docs/v2/CloudWorkloadSecurityAgentRuleCreateRequest.md @@ -0,0 +1,17 @@ +# DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateRequest + +## Properties + +| Name | Type | Description | Notes | +| -------- | ------------------------------------------------------------------------------------------- | ----------- | ----- | +| **data** | [**CloudWorkloadSecurityAgentRuleCreateData**](CloudWorkloadSecurityAgentRuleCreateData.md) | | | + +## Example + +```ruby +require 'datadog_api_client/v2' + +instance = DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateRequest.new( + data: null +) +``` diff --git a/docs/v2/CloudWorkloadSecurityAgentRuleCreatorAttributes.md b/docs/v2/CloudWorkloadSecurityAgentRuleCreatorAttributes.md new file mode 100644 index 000000000000..3eac0492c1cc --- /dev/null +++ b/docs/v2/CloudWorkloadSecurityAgentRuleCreatorAttributes.md @@ -0,0 +1,19 @@ +# DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreatorAttributes + +## Properties + +| Name | Type | Description | Notes | +| ---------- | ---------- | ----------------------- | ---------- | +| **handle** | **String** | The handle of the user. | [optional] | +| **name** | **String** | The name of the user. | [optional] | + +## Example + +```ruby +require 'datadog_api_client/v2' + +instance = DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreatorAttributes.new( + handle: datadog.user@example.com, + name: Datadog User +) +``` diff --git a/docs/v2/CloudWorkloadSecurityAgentRuleData.md b/docs/v2/CloudWorkloadSecurityAgentRuleData.md new file mode 100644 index 000000000000..c07820d36388 --- /dev/null +++ b/docs/v2/CloudWorkloadSecurityAgentRuleData.md @@ -0,0 +1,21 @@ +# DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleData + +## Properties + +| Name | Type | Description | Notes | +| -------------- | ------------------------------------------------------------------------------------------- | ------------------------- | ------------------------------------------- | +| **attributes** | [**CloudWorkloadSecurityAgentRuleAttributes**](CloudWorkloadSecurityAgentRuleAttributes.md) | | [optional] | +| **id** | **String** | The ID of the Agent rule. | [optional] | +| **type** | [**CloudWorkloadSecurityAgentRuleType**](CloudWorkloadSecurityAgentRuleType.md) | | [optional][default to 'agent_rule'] | + +## Example + +```ruby +require 'datadog_api_client/v2' + +instance = DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleData.new( + attributes: null, + id: 3dd-0uc-h1s, + type: null +) +``` diff --git a/docs/v2/CloudWorkloadSecurityAgentRuleResponse.md b/docs/v2/CloudWorkloadSecurityAgentRuleResponse.md new file mode 100644 index 000000000000..184c4eb57e22 --- /dev/null +++ b/docs/v2/CloudWorkloadSecurityAgentRuleResponse.md @@ -0,0 +1,17 @@ +# DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleResponse + +## Properties + +| Name | Type | Description | Notes | +| -------- | ------------------------------------------------------------------------------- | ----------- | ---------- | +| **data** | [**CloudWorkloadSecurityAgentRuleData**](CloudWorkloadSecurityAgentRuleData.md) | | [optional] | + +## Example + +```ruby +require 'datadog_api_client/v2' + +instance = DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleResponse.new( + data: null +) +``` diff --git a/docs/v2/CloudWorkloadSecurityAgentRuleType.md b/docs/v2/CloudWorkloadSecurityAgentRuleType.md new file mode 100644 index 000000000000..2d0931b92c40 --- /dev/null +++ b/docs/v2/CloudWorkloadSecurityAgentRuleType.md @@ -0,0 +1,14 @@ +# DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleType + +## Properties + +| Name | Type | Description | Notes | +| ---- | ---- | ----------- | ----- | + +## Example + +```ruby +require 'datadog_api_client/v2' + +instance = DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleType.new() +``` diff --git a/docs/v2/CloudWorkloadSecurityAgentRuleUpdateAttributes.md b/docs/v2/CloudWorkloadSecurityAgentRuleUpdateAttributes.md new file mode 100644 index 000000000000..d5cf797353ea --- /dev/null +++ b/docs/v2/CloudWorkloadSecurityAgentRuleUpdateAttributes.md @@ -0,0 +1,21 @@ +# DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateAttributes + +## Properties + +| Name | Type | Description | Notes | +| --------------- | ----------- | -------------------------------------- | ---------- | +| **description** | **String** | The description of the Agent rule. | [optional] | +| **enabled** | **Boolean** | Whether the Agent rule is enabled. | [optional] | +| **expression** | **String** | The SECL expression of the Agent rule. | [optional] | + +## Example + +```ruby +require 'datadog_api_client/v2' + +instance = DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateAttributes.new( + description: My Agent rule, + enabled: true, + expression: exec.file.name == \"sh\" +) +``` diff --git a/docs/v2/CloudWorkloadSecurityAgentRuleUpdateData.md b/docs/v2/CloudWorkloadSecurityAgentRuleUpdateData.md new file mode 100644 index 000000000000..79f2f113541f --- /dev/null +++ b/docs/v2/CloudWorkloadSecurityAgentRuleUpdateData.md @@ -0,0 +1,19 @@ +# DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateData + +## Properties + +| Name | Type | Description | Notes | +| -------------- | ------------------------------------------------------------------------------------------------------- | ----------- | --------------------------------- | +| **attributes** | [**CloudWorkloadSecurityAgentRuleUpdateAttributes**](CloudWorkloadSecurityAgentRuleUpdateAttributes.md) | | | +| **type** | [**CloudWorkloadSecurityAgentRuleType**](CloudWorkloadSecurityAgentRuleType.md) | | [default to 'agent_rule'] | + +## Example + +```ruby +require 'datadog_api_client/v2' + +instance = DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateData.new( + attributes: null, + type: null +) +``` diff --git a/docs/v2/CloudWorkloadSecurityAgentRuleUpdateRequest.md b/docs/v2/CloudWorkloadSecurityAgentRuleUpdateRequest.md new file mode 100644 index 000000000000..c957074eda2a --- /dev/null +++ b/docs/v2/CloudWorkloadSecurityAgentRuleUpdateRequest.md @@ -0,0 +1,17 @@ +# DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateRequest + +## Properties + +| Name | Type | Description | Notes | +| -------- | ------------------------------------------------------------------------------------------- | ----------- | ----- | +| **data** | [**CloudWorkloadSecurityAgentRuleUpdateData**](CloudWorkloadSecurityAgentRuleUpdateData.md) | | | + +## Example + +```ruby +require 'datadog_api_client/v2' + +instance = DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateRequest.new( + data: null +) +``` diff --git a/docs/v2/CloudWorkloadSecurityAgentRuleUpdaterAttributes.md b/docs/v2/CloudWorkloadSecurityAgentRuleUpdaterAttributes.md new file mode 100644 index 000000000000..2b311d8d2821 --- /dev/null +++ b/docs/v2/CloudWorkloadSecurityAgentRuleUpdaterAttributes.md @@ -0,0 +1,19 @@ +# DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdaterAttributes + +## Properties + +| Name | Type | Description | Notes | +| ---------- | ---------- | ----------------------- | ---------- | +| **handle** | **String** | The handle of the user. | [optional] | +| **name** | **String** | The name of the user. | [optional] | + +## Example + +```ruby +require 'datadog_api_client/v2' + +instance = DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdaterAttributes.new( + handle: datadog.user@example.com, + name: Datadog User +) +``` diff --git a/docs/v2/CloudWorkloadSecurityAgentRulesListResponse.md b/docs/v2/CloudWorkloadSecurityAgentRulesListResponse.md new file mode 100644 index 000000000000..d04d22c5d5ff --- /dev/null +++ b/docs/v2/CloudWorkloadSecurityAgentRulesListResponse.md @@ -0,0 +1,17 @@ +# DatadogAPIClient::V2::CloudWorkloadSecurityAgentRulesListResponse + +## Properties + +| Name | Type | Description | Notes | +| -------- | -------------------------------------------------------------------------------------------------------- | ------------------------------ | ---------- | +| **data** | [**Array<CloudWorkloadSecurityAgentRuleAttributes>**](CloudWorkloadSecurityAgentRuleAttributes.md) | A list of Agent rules objects. | [optional] | + +## Example + +```ruby +require 'datadog_api_client/v2' + +instance = DatadogAPIClient::V2::CloudWorkloadSecurityAgentRulesListResponse.new( + data: null +) +``` diff --git a/docs/v2/README.md b/docs/v2/README.md index 0ef59d2b49d6..cf7829f665eb 100644 --- a/docs/v2/README.md +++ b/docs/v2/README.md @@ -12,16 +12,15 @@ Please follow the [installation](#installation) procedure and then run the follo # Load the gem require 'datadog_api_client/v2' -api_instance = DatadogAPIClient::V2::DashboardListsAPI.new -dashboard_list_id = 789 # Integer | ID of the dashboard list to add items to. -body = DatadogAPIClient::V2::DashboardListAddItemsRequest.new # DashboardListAddItemsRequest | Dashboards to add to the dashboard list. +api_instance = DatadogAPIClient::V2::CloudWorkloadSecurityAPI.new +body = DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateRequest.new({data: DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateData.new({attributes: DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateAttributes.new({expression: 'exec.file.name == \"sh\"', name: 'my_agent_rule'}), type: DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleType::AGENT_RULE})}) # CloudWorkloadSecurityAgentRuleCreateRequest | The definition of the new Agent rule. begin - #Add Items to a Dashboard List - result = api_instance.create_dashboard_list_items(dashboard_list_id, body) + #Create a Cloud Workload Security Agent rule + result = api_instance.create_cloud_workload_security_agent_rule(body) p result rescue DatadogAPIClient::V2::APIError => e - puts "Exception when calling DashboardListsAPI->create_dashboard_list_items: #{e}" + puts "Exception when calling CloudWorkloadSecurityAPI->create_cloud_workload_security_agent_rule: #{e}" end ``` @@ -30,108 +29,114 @@ end All URIs are relative to *https://api.datadoghq.com* -| Class | Method | HTTP request | Description | -| --------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------ | -------------------------------------------------- | -| _DatadogAPIClient::V2::DashboardListsAPI_ | [**create_dashboard_list_items**](DashboardListsAPI.md#create_dashboard_list_items) | **POST** /api/v2/dashboard/lists/manual/{dashboard_list_id}/dashboards | Add Items to a Dashboard List | -| _DatadogAPIClient::V2::DashboardListsAPI_ | [**delete_dashboard_list_items**](DashboardListsAPI.md#delete_dashboard_list_items) | **DELETE** /api/v2/dashboard/lists/manual/{dashboard_list_id}/dashboards | Delete items from a dashboard list | -| _DatadogAPIClient::V2::DashboardListsAPI_ | [**get_dashboard_list_items**](DashboardListsAPI.md#get_dashboard_list_items) | **GET** /api/v2/dashboard/lists/manual/{dashboard_list_id}/dashboards | Get items of a Dashboard List | -| _DatadogAPIClient::V2::DashboardListsAPI_ | [**update_dashboard_list_items**](DashboardListsAPI.md#update_dashboard_list_items) | **PUT** /api/v2/dashboard/lists/manual/{dashboard_list_id}/dashboards | Update items of a dashboard list | -| _DatadogAPIClient::V2::IncidentServicesAPI_ | [**create_incident_service**](IncidentServicesAPI.md#create_incident_service) | **POST** /api/v2/services | Create a new incident service | -| _DatadogAPIClient::V2::IncidentServicesAPI_ | [**delete_incident_service**](IncidentServicesAPI.md#delete_incident_service) | **DELETE** /api/v2/services/{service_id} | Delete an existing incident service | -| _DatadogAPIClient::V2::IncidentServicesAPI_ | [**get_incident_service**](IncidentServicesAPI.md#get_incident_service) | **GET** /api/v2/services/{service_id} | Get details of an incident service | -| _DatadogAPIClient::V2::IncidentServicesAPI_ | [**list_incident_services**](IncidentServicesAPI.md#list_incident_services) | **GET** /api/v2/services | Get a list of all incident services | -| _DatadogAPIClient::V2::IncidentServicesAPI_ | [**update_incident_service**](IncidentServicesAPI.md#update_incident_service) | **PATCH** /api/v2/services/{service_id} | Update an existing incident service | -| _DatadogAPIClient::V2::IncidentTeamsAPI_ | [**create_incident_team**](IncidentTeamsAPI.md#create_incident_team) | **POST** /api/v2/teams | Create a new incident team | -| _DatadogAPIClient::V2::IncidentTeamsAPI_ | [**delete_incident_team**](IncidentTeamsAPI.md#delete_incident_team) | **DELETE** /api/v2/teams/{team_id} | Delete an existing incident team | -| _DatadogAPIClient::V2::IncidentTeamsAPI_ | [**get_incident_team**](IncidentTeamsAPI.md#get_incident_team) | **GET** /api/v2/teams/{team_id} | Get details of an incident team | -| _DatadogAPIClient::V2::IncidentTeamsAPI_ | [**list_incident_teams**](IncidentTeamsAPI.md#list_incident_teams) | **GET** /api/v2/teams | Get a list of all incident teams | -| _DatadogAPIClient::V2::IncidentTeamsAPI_ | [**update_incident_team**](IncidentTeamsAPI.md#update_incident_team) | **PATCH** /api/v2/teams/{team_id} | Update an existing incident team | -| _DatadogAPIClient::V2::IncidentsAPI_ | [**create_incident**](IncidentsAPI.md#create_incident) | **POST** /api/v2/incidents | Create an incident | -| _DatadogAPIClient::V2::IncidentsAPI_ | [**delete_incident**](IncidentsAPI.md#delete_incident) | **DELETE** /api/v2/incidents/{incident_id} | Delete an existing incident | -| _DatadogAPIClient::V2::IncidentsAPI_ | [**get_incident**](IncidentsAPI.md#get_incident) | **GET** /api/v2/incidents/{incident_id} | Get the details of an incident | -| _DatadogAPIClient::V2::IncidentsAPI_ | [**list_incidents**](IncidentsAPI.md#list_incidents) | **GET** /api/v2/incidents | Get a list of incidents | -| _DatadogAPIClient::V2::IncidentsAPI_ | [**update_incident**](IncidentsAPI.md#update_incident) | **PATCH** /api/v2/incidents/{incident_id} | Update an existing incident | -| _DatadogAPIClient::V2::KeyManagementAPI_ | [**create_api_key**](KeyManagementAPI.md#create_api_key) | **POST** /api/v2/api_keys | Create an API key | -| _DatadogAPIClient::V2::KeyManagementAPI_ | [**create_current_user_application_key**](KeyManagementAPI.md#create_current_user_application_key) | **POST** /api/v2/current_user/application_keys | Create an application key for current user | -| _DatadogAPIClient::V2::KeyManagementAPI_ | [**delete_api_key**](KeyManagementAPI.md#delete_api_key) | **DELETE** /api/v2/api_keys/{api_key_id} | Delete an API key | -| _DatadogAPIClient::V2::KeyManagementAPI_ | [**delete_application_key**](KeyManagementAPI.md#delete_application_key) | **DELETE** /api/v2/application_keys/{app_key_id} | Delete an application key | -| _DatadogAPIClient::V2::KeyManagementAPI_ | [**delete_current_user_application_key**](KeyManagementAPI.md#delete_current_user_application_key) | **DELETE** /api/v2/current_user/application_keys/{app_key_id} | Delete an application key owned by current user | -| _DatadogAPIClient::V2::KeyManagementAPI_ | [**get_api_key**](KeyManagementAPI.md#get_api_key) | **GET** /api/v2/api_keys/{api_key_id} | Get API key | -| _DatadogAPIClient::V2::KeyManagementAPI_ | [**get_application_key**](KeyManagementAPI.md#get_application_key) | **GET** /api/v2/application_keys/{app_key_id} | Get an application key | -| _DatadogAPIClient::V2::KeyManagementAPI_ | [**get_current_user_application_key**](KeyManagementAPI.md#get_current_user_application_key) | **GET** /api/v2/current_user/application_keys/{app_key_id} | Get one application key owned by current user | -| _DatadogAPIClient::V2::KeyManagementAPI_ | [**list_api_keys**](KeyManagementAPI.md#list_api_keys) | **GET** /api/v2/api_keys | Get all API keys | -| _DatadogAPIClient::V2::KeyManagementAPI_ | [**list_application_keys**](KeyManagementAPI.md#list_application_keys) | **GET** /api/v2/application_keys | Get all application keys | -| _DatadogAPIClient::V2::KeyManagementAPI_ | [**list_current_user_application_keys**](KeyManagementAPI.md#list_current_user_application_keys) | **GET** /api/v2/current_user/application_keys | Get all application keys owned by current user | -| _DatadogAPIClient::V2::KeyManagementAPI_ | [**update_api_key**](KeyManagementAPI.md#update_api_key) | **PATCH** /api/v2/api_keys/{api_key_id} | Edit an API key | -| _DatadogAPIClient::V2::KeyManagementAPI_ | [**update_application_key**](KeyManagementAPI.md#update_application_key) | **PATCH** /api/v2/application_keys/{app_key_id} | Edit an application key | -| _DatadogAPIClient::V2::KeyManagementAPI_ | [**update_current_user_application_key**](KeyManagementAPI.md#update_current_user_application_key) | **PATCH** /api/v2/current_user/application_keys/{app_key_id} | Edit an application key owned by current user | -| _DatadogAPIClient::V2::LogsAPI_ | [**aggregate_logs**](LogsAPI.md#aggregate_logs) | **POST** /api/v2/logs/analytics/aggregate | Aggregate events | -| _DatadogAPIClient::V2::LogsAPI_ | [**list_logs**](LogsAPI.md#list_logs) | **POST** /api/v2/logs/events/search | Search logs | -| _DatadogAPIClient::V2::LogsAPI_ | [**list_logs_get**](LogsAPI.md#list_logs_get) | **GET** /api/v2/logs/events | Get a list of logs | -| _DatadogAPIClient::V2::LogsAPI_ | [**submit_log**](LogsAPI.md#submit_log) | **POST** /api/v2/logs | Send logs | -| _DatadogAPIClient::V2::LogsArchivesAPI_ | [**add_read_role_to_archive**](LogsArchivesAPI.md#add_read_role_to_archive) | **POST** /api/v2/logs/config/archives/{archive_id}/readers | Grant role to an archive | -| _DatadogAPIClient::V2::LogsArchivesAPI_ | [**create_logs_archive**](LogsArchivesAPI.md#create_logs_archive) | **POST** /api/v2/logs/config/archives | Create an archive | -| _DatadogAPIClient::V2::LogsArchivesAPI_ | [**delete_logs_archive**](LogsArchivesAPI.md#delete_logs_archive) | **DELETE** /api/v2/logs/config/archives/{archive_id} | Delete an archive | -| _DatadogAPIClient::V2::LogsArchivesAPI_ | [**get_logs_archive**](LogsArchivesAPI.md#get_logs_archive) | **GET** /api/v2/logs/config/archives/{archive_id} | Get an archive | -| _DatadogAPIClient::V2::LogsArchivesAPI_ | [**get_logs_archive_order**](LogsArchivesAPI.md#get_logs_archive_order) | **GET** /api/v2/logs/config/archive-order | Get archive order | -| _DatadogAPIClient::V2::LogsArchivesAPI_ | [**list_archive_read_roles**](LogsArchivesAPI.md#list_archive_read_roles) | **GET** /api/v2/logs/config/archives/{archive_id}/readers | List read roles for an archive | -| _DatadogAPIClient::V2::LogsArchivesAPI_ | [**list_logs_archives**](LogsArchivesAPI.md#list_logs_archives) | **GET** /api/v2/logs/config/archives | Get all archives | -| _DatadogAPIClient::V2::LogsArchivesAPI_ | [**remove_role_from_archive**](LogsArchivesAPI.md#remove_role_from_archive) | **DELETE** /api/v2/logs/config/archives/{archive_id}/readers | Revoke role from an archive | -| _DatadogAPIClient::V2::LogsArchivesAPI_ | [**update_logs_archive**](LogsArchivesAPI.md#update_logs_archive) | **PUT** /api/v2/logs/config/archives/{archive_id} | Update an archive | -| _DatadogAPIClient::V2::LogsArchivesAPI_ | [**update_logs_archive_order**](LogsArchivesAPI.md#update_logs_archive_order) | **PUT** /api/v2/logs/config/archive-order | Update archive order | -| _DatadogAPIClient::V2::LogsMetricsAPI_ | [**create_logs_metric**](LogsMetricsAPI.md#create_logs_metric) | **POST** /api/v2/logs/config/metrics | Create a log-based metric | -| _DatadogAPIClient::V2::LogsMetricsAPI_ | [**delete_logs_metric**](LogsMetricsAPI.md#delete_logs_metric) | **DELETE** /api/v2/logs/config/metrics/{metric_id} | Delete a log-based metric | -| _DatadogAPIClient::V2::LogsMetricsAPI_ | [**get_logs_metric**](LogsMetricsAPI.md#get_logs_metric) | **GET** /api/v2/logs/config/metrics/{metric_id} | Get a log-based metric | -| _DatadogAPIClient::V2::LogsMetricsAPI_ | [**list_logs_metrics**](LogsMetricsAPI.md#list_logs_metrics) | **GET** /api/v2/logs/config/metrics | Get all log-based metrics | -| _DatadogAPIClient::V2::LogsMetricsAPI_ | [**update_logs_metric**](LogsMetricsAPI.md#update_logs_metric) | **PATCH** /api/v2/logs/config/metrics/{metric_id} | Update a log-based metric | -| _DatadogAPIClient::V2::MetricsAPI_ | [**create_tag_configuration**](MetricsAPI.md#create_tag_configuration) | **POST** /api/v2/metrics/{metric_name}/tags | Create a tag configuration | -| _DatadogAPIClient::V2::MetricsAPI_ | [**delete_tag_configuration**](MetricsAPI.md#delete_tag_configuration) | **DELETE** /api/v2/metrics/{metric_name}/tags | Delete a tag configuration | -| _DatadogAPIClient::V2::MetricsAPI_ | [**list_tag_configuration_by_name**](MetricsAPI.md#list_tag_configuration_by_name) | **GET** /api/v2/metrics/{metric_name}/tags | List tag configuration by name | -| _DatadogAPIClient::V2::MetricsAPI_ | [**list_tag_configurations**](MetricsAPI.md#list_tag_configurations) | **GET** /api/v2/metrics | List tag configurations | -| _DatadogAPIClient::V2::MetricsAPI_ | [**list_tags_by_metric_name**](MetricsAPI.md#list_tags_by_metric_name) | **GET** /api/v2/metrics/{metric_name}/all-tags | List tags by metric name | -| _DatadogAPIClient::V2::MetricsAPI_ | [**list_volumes_by_metric_name**](MetricsAPI.md#list_volumes_by_metric_name) | **GET** /api/v2/metrics/{metric_name}/volumes | List distinct metric volumes by metric name | -| _DatadogAPIClient::V2::MetricsAPI_ | [**update_tag_configuration**](MetricsAPI.md#update_tag_configuration) | **PATCH** /api/v2/metrics/{metric_name}/tags | Update a tag configuration | -| _DatadogAPIClient::V2::ProcessesAPI_ | [**list_processes**](ProcessesAPI.md#list_processes) | **GET** /api/v2/processes | Get all processes | -| _DatadogAPIClient::V2::RolesAPI_ | [**add_permission_to_role**](RolesAPI.md#add_permission_to_role) | **POST** /api/v2/roles/{role_id}/permissions | Grant permission to a role | -| _DatadogAPIClient::V2::RolesAPI_ | [**add_user_to_role**](RolesAPI.md#add_user_to_role) | **POST** /api/v2/roles/{role_id}/users | Add a user to a role | -| _DatadogAPIClient::V2::RolesAPI_ | [**clone_role**](RolesAPI.md#clone_role) | **POST** /api/v2/roles/{role_id}/clone | Create a new role by cloning an existing role | -| _DatadogAPIClient::V2::RolesAPI_ | [**create_role**](RolesAPI.md#create_role) | **POST** /api/v2/roles | Create role | -| _DatadogAPIClient::V2::RolesAPI_ | [**delete_role**](RolesAPI.md#delete_role) | **DELETE** /api/v2/roles/{role_id} | Delete role | -| _DatadogAPIClient::V2::RolesAPI_ | [**get_role**](RolesAPI.md#get_role) | **GET** /api/v2/roles/{role_id} | Get a role | -| _DatadogAPIClient::V2::RolesAPI_ | [**list_permissions**](RolesAPI.md#list_permissions) | **GET** /api/v2/permissions | List permissions | -| _DatadogAPIClient::V2::RolesAPI_ | [**list_role_permissions**](RolesAPI.md#list_role_permissions) | **GET** /api/v2/roles/{role_id}/permissions | List permissions for a role | -| _DatadogAPIClient::V2::RolesAPI_ | [**list_role_users**](RolesAPI.md#list_role_users) | **GET** /api/v2/roles/{role_id}/users | Get all users of a role | -| _DatadogAPIClient::V2::RolesAPI_ | [**list_roles**](RolesAPI.md#list_roles) | **GET** /api/v2/roles | List roles | -| _DatadogAPIClient::V2::RolesAPI_ | [**remove_permission_from_role**](RolesAPI.md#remove_permission_from_role) | **DELETE** /api/v2/roles/{role_id}/permissions | Revoke permission | -| _DatadogAPIClient::V2::RolesAPI_ | [**remove_user_from_role**](RolesAPI.md#remove_user_from_role) | **DELETE** /api/v2/roles/{role_id}/users | Remove a user from a role | -| _DatadogAPIClient::V2::RolesAPI_ | [**update_role**](RolesAPI.md#update_role) | **PATCH** /api/v2/roles/{role_id} | Update a role | -| _DatadogAPIClient::V2::SecurityMonitoringAPI_ | [**create_security_filter**](SecurityMonitoringAPI.md#create_security_filter) | **POST** /api/v2/security_monitoring/configuration/security_filters | Create a security filter | -| _DatadogAPIClient::V2::SecurityMonitoringAPI_ | [**create_security_monitoring_rule**](SecurityMonitoringAPI.md#create_security_monitoring_rule) | **POST** /api/v2/security_monitoring/rules | Create a detection rule | -| _DatadogAPIClient::V2::SecurityMonitoringAPI_ | [**delete_security_filter**](SecurityMonitoringAPI.md#delete_security_filter) | **DELETE** /api/v2/security_monitoring/configuration/security_filters/{security_filter_id} | Delete a security filter | -| _DatadogAPIClient::V2::SecurityMonitoringAPI_ | [**delete_security_monitoring_rule**](SecurityMonitoringAPI.md#delete_security_monitoring_rule) | **DELETE** /api/v2/security_monitoring/rules/{rule_id} | Delete an existing rule | -| _DatadogAPIClient::V2::SecurityMonitoringAPI_ | [**get_security_filter**](SecurityMonitoringAPI.md#get_security_filter) | **GET** /api/v2/security_monitoring/configuration/security_filters/{security_filter_id} | Get a security filter | -| _DatadogAPIClient::V2::SecurityMonitoringAPI_ | [**get_security_monitoring_rule**](SecurityMonitoringAPI.md#get_security_monitoring_rule) | **GET** /api/v2/security_monitoring/rules/{rule_id} | Get a rule's details | -| _DatadogAPIClient::V2::SecurityMonitoringAPI_ | [**list_security_filters**](SecurityMonitoringAPI.md#list_security_filters) | **GET** /api/v2/security_monitoring/configuration/security_filters | Get all security filters | -| _DatadogAPIClient::V2::SecurityMonitoringAPI_ | [**list_security_monitoring_rules**](SecurityMonitoringAPI.md#list_security_monitoring_rules) | **GET** /api/v2/security_monitoring/rules | List rules | -| _DatadogAPIClient::V2::SecurityMonitoringAPI_ | [**list_security_monitoring_signals**](SecurityMonitoringAPI.md#list_security_monitoring_signals) | **GET** /api/v2/security_monitoring/signals | Get a quick list of security signals | -| _DatadogAPIClient::V2::SecurityMonitoringAPI_ | [**search_security_monitoring_signals**](SecurityMonitoringAPI.md#search_security_monitoring_signals) | **POST** /api/v2/security_monitoring/signals/search | Get a list of security signals | -| _DatadogAPIClient::V2::SecurityMonitoringAPI_ | [**update_security_filter**](SecurityMonitoringAPI.md#update_security_filter) | **PATCH** /api/v2/security_monitoring/configuration/security_filters/{security_filter_id} | Update a security filter | -| _DatadogAPIClient::V2::SecurityMonitoringAPI_ | [**update_security_monitoring_rule**](SecurityMonitoringAPI.md#update_security_monitoring_rule) | **PUT** /api/v2/security_monitoring/rules/{rule_id} | Update an existing rule | -| _DatadogAPIClient::V2::ServiceAccountsAPI_ | [**create_service_account_application_key**](ServiceAccountsAPI.md#create_service_account_application_key) | **POST** /api/v2/service_accounts/{service_account_id}/application_keys | Create an application key for this service account | -| _DatadogAPIClient::V2::ServiceAccountsAPI_ | [**delete_service_account_application_key**](ServiceAccountsAPI.md#delete_service_account_application_key) | **DELETE** /api/v2/service_accounts/{service_account_id}/application_keys/{app_key_id} | Delete an application key for this service account | -| _DatadogAPIClient::V2::ServiceAccountsAPI_ | [**get_service_account_application_key**](ServiceAccountsAPI.md#get_service_account_application_key) | **GET** /api/v2/service_accounts/{service_account_id}/application_keys/{app_key_id} | Get one application key for this service account | -| _DatadogAPIClient::V2::ServiceAccountsAPI_ | [**list_service_account_application_keys**](ServiceAccountsAPI.md#list_service_account_application_keys) | **GET** /api/v2/service_accounts/{service_account_id}/application_keys | List application keys for this service account | -| _DatadogAPIClient::V2::ServiceAccountsAPI_ | [**update_service_account_application_key**](ServiceAccountsAPI.md#update_service_account_application_key) | **PATCH** /api/v2/service_accounts/{service_account_id}/application_keys/{app_key_id} | Edit an application key for this service account | -| _DatadogAPIClient::V2::UsersAPI_ | [**create_service_account**](UsersAPI.md#create_service_account) | **POST** /api/v2/service_accounts | Create a service account | -| _DatadogAPIClient::V2::UsersAPI_ | [**create_user**](UsersAPI.md#create_user) | **POST** /api/v2/users | Create a user | -| _DatadogAPIClient::V2::UsersAPI_ | [**disable_user**](UsersAPI.md#disable_user) | **DELETE** /api/v2/users/{user_id} | Disable a user | -| _DatadogAPIClient::V2::UsersAPI_ | [**get_invitation**](UsersAPI.md#get_invitation) | **GET** /api/v2/user_invitations/{user_invitation_uuid} | Get a user invitation | -| _DatadogAPIClient::V2::UsersAPI_ | [**get_user**](UsersAPI.md#get_user) | **GET** /api/v2/users/{user_id} | Get user details | -| _DatadogAPIClient::V2::UsersAPI_ | [**list_user_organizations**](UsersAPI.md#list_user_organizations) | **GET** /api/v2/users/{user_id}/orgs | Get a user organization | -| _DatadogAPIClient::V2::UsersAPI_ | [**list_user_permissions**](UsersAPI.md#list_user_permissions) | **GET** /api/v2/users/{user_id}/permissions | Get a user permissions | -| _DatadogAPIClient::V2::UsersAPI_ | [**list_users**](UsersAPI.md#list_users) | **GET** /api/v2/users | List all users | -| _DatadogAPIClient::V2::UsersAPI_ | [**send_invitations**](UsersAPI.md#send_invitations) | **POST** /api/v2/user_invitations | Send invitation emails | -| _DatadogAPIClient::V2::UsersAPI_ | [**update_user**](UsersAPI.md#update_user) | **PATCH** /api/v2/users/{user_id} | Update a user | +| Class | Method | HTTP request | Description | +| ------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------ | -------------------------------------------------- | +| _DatadogAPIClient::V2::CloudWorkloadSecurityAPI_ | [**create_cloud_workload_security_agent_rule**](CloudWorkloadSecurityAPI.md#create_cloud_workload_security_agent_rule) | **POST** /api/v2/security_monitoring/cloud_workload_security/agent_rules | Create a Cloud Workload Security Agent rule | +| _DatadogAPIClient::V2::CloudWorkloadSecurityAPI_ | [**delete_cloud_workload_security_agent_rule**](CloudWorkloadSecurityAPI.md#delete_cloud_workload_security_agent_rule) | **DELETE** /api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | Delete a Cloud Workload Security Agent rule | +| _DatadogAPIClient::V2::CloudWorkloadSecurityAPI_ | [**download_cloud_workload_policy_file**](CloudWorkloadSecurityAPI.md#download_cloud_workload_policy_file) | **GET** /api/v2/security/cloud_workload/policy/download | Get the latest Cloud Workload Security policy | +| _DatadogAPIClient::V2::CloudWorkloadSecurityAPI_ | [**get_cloud_workload_security_agent_rule**](CloudWorkloadSecurityAPI.md#get_cloud_workload_security_agent_rule) | **GET** /api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | Get a Cloud Workload Security Agent rule | +| _DatadogAPIClient::V2::CloudWorkloadSecurityAPI_ | [**list_cloud_workload_security_agent_rules**](CloudWorkloadSecurityAPI.md#list_cloud_workload_security_agent_rules) | **GET** /api/v2/security_monitoring/cloud_workload_security/agent_rules | Get all Cloud Workload Security Agent rules | +| _DatadogAPIClient::V2::CloudWorkloadSecurityAPI_ | [**update_cloud_workload_security_agent_rule**](CloudWorkloadSecurityAPI.md#update_cloud_workload_security_agent_rule) | **PATCH** /api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id} | Update a Cloud Workload Security Agent rule | +| _DatadogAPIClient::V2::DashboardListsAPI_ | [**create_dashboard_list_items**](DashboardListsAPI.md#create_dashboard_list_items) | **POST** /api/v2/dashboard/lists/manual/{dashboard_list_id}/dashboards | Add Items to a Dashboard List | +| _DatadogAPIClient::V2::DashboardListsAPI_ | [**delete_dashboard_list_items**](DashboardListsAPI.md#delete_dashboard_list_items) | **DELETE** /api/v2/dashboard/lists/manual/{dashboard_list_id}/dashboards | Delete items from a dashboard list | +| _DatadogAPIClient::V2::DashboardListsAPI_ | [**get_dashboard_list_items**](DashboardListsAPI.md#get_dashboard_list_items) | **GET** /api/v2/dashboard/lists/manual/{dashboard_list_id}/dashboards | Get items of a Dashboard List | +| _DatadogAPIClient::V2::DashboardListsAPI_ | [**update_dashboard_list_items**](DashboardListsAPI.md#update_dashboard_list_items) | **PUT** /api/v2/dashboard/lists/manual/{dashboard_list_id}/dashboards | Update items of a dashboard list | +| _DatadogAPIClient::V2::IncidentServicesAPI_ | [**create_incident_service**](IncidentServicesAPI.md#create_incident_service) | **POST** /api/v2/services | Create a new incident service | +| _DatadogAPIClient::V2::IncidentServicesAPI_ | [**delete_incident_service**](IncidentServicesAPI.md#delete_incident_service) | **DELETE** /api/v2/services/{service_id} | Delete an existing incident service | +| _DatadogAPIClient::V2::IncidentServicesAPI_ | [**get_incident_service**](IncidentServicesAPI.md#get_incident_service) | **GET** /api/v2/services/{service_id} | Get details of an incident service | +| _DatadogAPIClient::V2::IncidentServicesAPI_ | [**list_incident_services**](IncidentServicesAPI.md#list_incident_services) | **GET** /api/v2/services | Get a list of all incident services | +| _DatadogAPIClient::V2::IncidentServicesAPI_ | [**update_incident_service**](IncidentServicesAPI.md#update_incident_service) | **PATCH** /api/v2/services/{service_id} | Update an existing incident service | +| _DatadogAPIClient::V2::IncidentTeamsAPI_ | [**create_incident_team**](IncidentTeamsAPI.md#create_incident_team) | **POST** /api/v2/teams | Create a new incident team | +| _DatadogAPIClient::V2::IncidentTeamsAPI_ | [**delete_incident_team**](IncidentTeamsAPI.md#delete_incident_team) | **DELETE** /api/v2/teams/{team_id} | Delete an existing incident team | +| _DatadogAPIClient::V2::IncidentTeamsAPI_ | [**get_incident_team**](IncidentTeamsAPI.md#get_incident_team) | **GET** /api/v2/teams/{team_id} | Get details of an incident team | +| _DatadogAPIClient::V2::IncidentTeamsAPI_ | [**list_incident_teams**](IncidentTeamsAPI.md#list_incident_teams) | **GET** /api/v2/teams | Get a list of all incident teams | +| _DatadogAPIClient::V2::IncidentTeamsAPI_ | [**update_incident_team**](IncidentTeamsAPI.md#update_incident_team) | **PATCH** /api/v2/teams/{team_id} | Update an existing incident team | +| _DatadogAPIClient::V2::IncidentsAPI_ | [**create_incident**](IncidentsAPI.md#create_incident) | **POST** /api/v2/incidents | Create an incident | +| _DatadogAPIClient::V2::IncidentsAPI_ | [**delete_incident**](IncidentsAPI.md#delete_incident) | **DELETE** /api/v2/incidents/{incident_id} | Delete an existing incident | +| _DatadogAPIClient::V2::IncidentsAPI_ | [**get_incident**](IncidentsAPI.md#get_incident) | **GET** /api/v2/incidents/{incident_id} | Get the details of an incident | +| _DatadogAPIClient::V2::IncidentsAPI_ | [**list_incidents**](IncidentsAPI.md#list_incidents) | **GET** /api/v2/incidents | Get a list of incidents | +| _DatadogAPIClient::V2::IncidentsAPI_ | [**update_incident**](IncidentsAPI.md#update_incident) | **PATCH** /api/v2/incidents/{incident_id} | Update an existing incident | +| _DatadogAPIClient::V2::KeyManagementAPI_ | [**create_api_key**](KeyManagementAPI.md#create_api_key) | **POST** /api/v2/api_keys | Create an API key | +| _DatadogAPIClient::V2::KeyManagementAPI_ | [**create_current_user_application_key**](KeyManagementAPI.md#create_current_user_application_key) | **POST** /api/v2/current_user/application_keys | Create an application key for current user | +| _DatadogAPIClient::V2::KeyManagementAPI_ | [**delete_api_key**](KeyManagementAPI.md#delete_api_key) | **DELETE** /api/v2/api_keys/{api_key_id} | Delete an API key | +| _DatadogAPIClient::V2::KeyManagementAPI_ | [**delete_application_key**](KeyManagementAPI.md#delete_application_key) | **DELETE** /api/v2/application_keys/{app_key_id} | Delete an application key | +| _DatadogAPIClient::V2::KeyManagementAPI_ | [**delete_current_user_application_key**](KeyManagementAPI.md#delete_current_user_application_key) | **DELETE** /api/v2/current_user/application_keys/{app_key_id} | Delete an application key owned by current user | +| _DatadogAPIClient::V2::KeyManagementAPI_ | [**get_api_key**](KeyManagementAPI.md#get_api_key) | **GET** /api/v2/api_keys/{api_key_id} | Get API key | +| _DatadogAPIClient::V2::KeyManagementAPI_ | [**get_application_key**](KeyManagementAPI.md#get_application_key) | **GET** /api/v2/application_keys/{app_key_id} | Get an application key | +| _DatadogAPIClient::V2::KeyManagementAPI_ | [**get_current_user_application_key**](KeyManagementAPI.md#get_current_user_application_key) | **GET** /api/v2/current_user/application_keys/{app_key_id} | Get one application key owned by current user | +| _DatadogAPIClient::V2::KeyManagementAPI_ | [**list_api_keys**](KeyManagementAPI.md#list_api_keys) | **GET** /api/v2/api_keys | Get all API keys | +| _DatadogAPIClient::V2::KeyManagementAPI_ | [**list_application_keys**](KeyManagementAPI.md#list_application_keys) | **GET** /api/v2/application_keys | Get all application keys | +| _DatadogAPIClient::V2::KeyManagementAPI_ | [**list_current_user_application_keys**](KeyManagementAPI.md#list_current_user_application_keys) | **GET** /api/v2/current_user/application_keys | Get all application keys owned by current user | +| _DatadogAPIClient::V2::KeyManagementAPI_ | [**update_api_key**](KeyManagementAPI.md#update_api_key) | **PATCH** /api/v2/api_keys/{api_key_id} | Edit an API key | +| _DatadogAPIClient::V2::KeyManagementAPI_ | [**update_application_key**](KeyManagementAPI.md#update_application_key) | **PATCH** /api/v2/application_keys/{app_key_id} | Edit an application key | +| _DatadogAPIClient::V2::KeyManagementAPI_ | [**update_current_user_application_key**](KeyManagementAPI.md#update_current_user_application_key) | **PATCH** /api/v2/current_user/application_keys/{app_key_id} | Edit an application key owned by current user | +| _DatadogAPIClient::V2::LogsAPI_ | [**aggregate_logs**](LogsAPI.md#aggregate_logs) | **POST** /api/v2/logs/analytics/aggregate | Aggregate events | +| _DatadogAPIClient::V2::LogsAPI_ | [**list_logs**](LogsAPI.md#list_logs) | **POST** /api/v2/logs/events/search | Search logs | +| _DatadogAPIClient::V2::LogsAPI_ | [**list_logs_get**](LogsAPI.md#list_logs_get) | **GET** /api/v2/logs/events | Get a list of logs | +| _DatadogAPIClient::V2::LogsAPI_ | [**submit_log**](LogsAPI.md#submit_log) | **POST** /api/v2/logs | Send logs | +| _DatadogAPIClient::V2::LogsArchivesAPI_ | [**add_read_role_to_archive**](LogsArchivesAPI.md#add_read_role_to_archive) | **POST** /api/v2/logs/config/archives/{archive_id}/readers | Grant role to an archive | +| _DatadogAPIClient::V2::LogsArchivesAPI_ | [**create_logs_archive**](LogsArchivesAPI.md#create_logs_archive) | **POST** /api/v2/logs/config/archives | Create an archive | +| _DatadogAPIClient::V2::LogsArchivesAPI_ | [**delete_logs_archive**](LogsArchivesAPI.md#delete_logs_archive) | **DELETE** /api/v2/logs/config/archives/{archive_id} | Delete an archive | +| _DatadogAPIClient::V2::LogsArchivesAPI_ | [**get_logs_archive**](LogsArchivesAPI.md#get_logs_archive) | **GET** /api/v2/logs/config/archives/{archive_id} | Get an archive | +| _DatadogAPIClient::V2::LogsArchivesAPI_ | [**get_logs_archive_order**](LogsArchivesAPI.md#get_logs_archive_order) | **GET** /api/v2/logs/config/archive-order | Get archive order | +| _DatadogAPIClient::V2::LogsArchivesAPI_ | [**list_archive_read_roles**](LogsArchivesAPI.md#list_archive_read_roles) | **GET** /api/v2/logs/config/archives/{archive_id}/readers | List read roles for an archive | +| _DatadogAPIClient::V2::LogsArchivesAPI_ | [**list_logs_archives**](LogsArchivesAPI.md#list_logs_archives) | **GET** /api/v2/logs/config/archives | Get all archives | +| _DatadogAPIClient::V2::LogsArchivesAPI_ | [**remove_role_from_archive**](LogsArchivesAPI.md#remove_role_from_archive) | **DELETE** /api/v2/logs/config/archives/{archive_id}/readers | Revoke role from an archive | +| _DatadogAPIClient::V2::LogsArchivesAPI_ | [**update_logs_archive**](LogsArchivesAPI.md#update_logs_archive) | **PUT** /api/v2/logs/config/archives/{archive_id} | Update an archive | +| _DatadogAPIClient::V2::LogsArchivesAPI_ | [**update_logs_archive_order**](LogsArchivesAPI.md#update_logs_archive_order) | **PUT** /api/v2/logs/config/archive-order | Update archive order | +| _DatadogAPIClient::V2::LogsMetricsAPI_ | [**create_logs_metric**](LogsMetricsAPI.md#create_logs_metric) | **POST** /api/v2/logs/config/metrics | Create a log-based metric | +| _DatadogAPIClient::V2::LogsMetricsAPI_ | [**delete_logs_metric**](LogsMetricsAPI.md#delete_logs_metric) | **DELETE** /api/v2/logs/config/metrics/{metric_id} | Delete a log-based metric | +| _DatadogAPIClient::V2::LogsMetricsAPI_ | [**get_logs_metric**](LogsMetricsAPI.md#get_logs_metric) | **GET** /api/v2/logs/config/metrics/{metric_id} | Get a log-based metric | +| _DatadogAPIClient::V2::LogsMetricsAPI_ | [**list_logs_metrics**](LogsMetricsAPI.md#list_logs_metrics) | **GET** /api/v2/logs/config/metrics | Get all log-based metrics | +| _DatadogAPIClient::V2::LogsMetricsAPI_ | [**update_logs_metric**](LogsMetricsAPI.md#update_logs_metric) | **PATCH** /api/v2/logs/config/metrics/{metric_id} | Update a log-based metric | +| _DatadogAPIClient::V2::MetricsAPI_ | [**create_tag_configuration**](MetricsAPI.md#create_tag_configuration) | **POST** /api/v2/metrics/{metric_name}/tags | Create a tag configuration | +| _DatadogAPIClient::V2::MetricsAPI_ | [**delete_tag_configuration**](MetricsAPI.md#delete_tag_configuration) | **DELETE** /api/v2/metrics/{metric_name}/tags | Delete a tag configuration | +| _DatadogAPIClient::V2::MetricsAPI_ | [**list_tag_configuration_by_name**](MetricsAPI.md#list_tag_configuration_by_name) | **GET** /api/v2/metrics/{metric_name}/tags | List tag configuration by name | +| _DatadogAPIClient::V2::MetricsAPI_ | [**list_tag_configurations**](MetricsAPI.md#list_tag_configurations) | **GET** /api/v2/metrics | List tag configurations | +| _DatadogAPIClient::V2::MetricsAPI_ | [**list_tags_by_metric_name**](MetricsAPI.md#list_tags_by_metric_name) | **GET** /api/v2/metrics/{metric_name}/all-tags | List tags by metric name | +| _DatadogAPIClient::V2::MetricsAPI_ | [**list_volumes_by_metric_name**](MetricsAPI.md#list_volumes_by_metric_name) | **GET** /api/v2/metrics/{metric_name}/volumes | List distinct metric volumes by metric name | +| _DatadogAPIClient::V2::MetricsAPI_ | [**update_tag_configuration**](MetricsAPI.md#update_tag_configuration) | **PATCH** /api/v2/metrics/{metric_name}/tags | Update a tag configuration | +| _DatadogAPIClient::V2::ProcessesAPI_ | [**list_processes**](ProcessesAPI.md#list_processes) | **GET** /api/v2/processes | Get all processes | +| _DatadogAPIClient::V2::RolesAPI_ | [**add_permission_to_role**](RolesAPI.md#add_permission_to_role) | **POST** /api/v2/roles/{role_id}/permissions | Grant permission to a role | +| _DatadogAPIClient::V2::RolesAPI_ | [**add_user_to_role**](RolesAPI.md#add_user_to_role) | **POST** /api/v2/roles/{role_id}/users | Add a user to a role | +| _DatadogAPIClient::V2::RolesAPI_ | [**clone_role**](RolesAPI.md#clone_role) | **POST** /api/v2/roles/{role_id}/clone | Create a new role by cloning an existing role | +| _DatadogAPIClient::V2::RolesAPI_ | [**create_role**](RolesAPI.md#create_role) | **POST** /api/v2/roles | Create role | +| _DatadogAPIClient::V2::RolesAPI_ | [**delete_role**](RolesAPI.md#delete_role) | **DELETE** /api/v2/roles/{role_id} | Delete role | +| _DatadogAPIClient::V2::RolesAPI_ | [**get_role**](RolesAPI.md#get_role) | **GET** /api/v2/roles/{role_id} | Get a role | +| _DatadogAPIClient::V2::RolesAPI_ | [**list_permissions**](RolesAPI.md#list_permissions) | **GET** /api/v2/permissions | List permissions | +| _DatadogAPIClient::V2::RolesAPI_ | [**list_role_permissions**](RolesAPI.md#list_role_permissions) | **GET** /api/v2/roles/{role_id}/permissions | List permissions for a role | +| _DatadogAPIClient::V2::RolesAPI_ | [**list_role_users**](RolesAPI.md#list_role_users) | **GET** /api/v2/roles/{role_id}/users | Get all users of a role | +| _DatadogAPIClient::V2::RolesAPI_ | [**list_roles**](RolesAPI.md#list_roles) | **GET** /api/v2/roles | List roles | +| _DatadogAPIClient::V2::RolesAPI_ | [**remove_permission_from_role**](RolesAPI.md#remove_permission_from_role) | **DELETE** /api/v2/roles/{role_id}/permissions | Revoke permission | +| _DatadogAPIClient::V2::RolesAPI_ | [**remove_user_from_role**](RolesAPI.md#remove_user_from_role) | **DELETE** /api/v2/roles/{role_id}/users | Remove a user from a role | +| _DatadogAPIClient::V2::RolesAPI_ | [**update_role**](RolesAPI.md#update_role) | **PATCH** /api/v2/roles/{role_id} | Update a role | +| _DatadogAPIClient::V2::SecurityMonitoringAPI_ | [**create_security_filter**](SecurityMonitoringAPI.md#create_security_filter) | **POST** /api/v2/security_monitoring/configuration/security_filters | Create a security filter | +| _DatadogAPIClient::V2::SecurityMonitoringAPI_ | [**create_security_monitoring_rule**](SecurityMonitoringAPI.md#create_security_monitoring_rule) | **POST** /api/v2/security_monitoring/rules | Create a detection rule | +| _DatadogAPIClient::V2::SecurityMonitoringAPI_ | [**delete_security_filter**](SecurityMonitoringAPI.md#delete_security_filter) | **DELETE** /api/v2/security_monitoring/configuration/security_filters/{security_filter_id} | Delete a security filter | +| _DatadogAPIClient::V2::SecurityMonitoringAPI_ | [**delete_security_monitoring_rule**](SecurityMonitoringAPI.md#delete_security_monitoring_rule) | **DELETE** /api/v2/security_monitoring/rules/{rule_id} | Delete an existing rule | +| _DatadogAPIClient::V2::SecurityMonitoringAPI_ | [**get_security_filter**](SecurityMonitoringAPI.md#get_security_filter) | **GET** /api/v2/security_monitoring/configuration/security_filters/{security_filter_id} | Get a security filter | +| _DatadogAPIClient::V2::SecurityMonitoringAPI_ | [**get_security_monitoring_rule**](SecurityMonitoringAPI.md#get_security_monitoring_rule) | **GET** /api/v2/security_monitoring/rules/{rule_id} | Get a rule's details | +| _DatadogAPIClient::V2::SecurityMonitoringAPI_ | [**list_security_filters**](SecurityMonitoringAPI.md#list_security_filters) | **GET** /api/v2/security_monitoring/configuration/security_filters | Get all security filters | +| _DatadogAPIClient::V2::SecurityMonitoringAPI_ | [**list_security_monitoring_rules**](SecurityMonitoringAPI.md#list_security_monitoring_rules) | **GET** /api/v2/security_monitoring/rules | List rules | +| _DatadogAPIClient::V2::SecurityMonitoringAPI_ | [**list_security_monitoring_signals**](SecurityMonitoringAPI.md#list_security_monitoring_signals) | **GET** /api/v2/security_monitoring/signals | Get a quick list of security signals | +| _DatadogAPIClient::V2::SecurityMonitoringAPI_ | [**search_security_monitoring_signals**](SecurityMonitoringAPI.md#search_security_monitoring_signals) | **POST** /api/v2/security_monitoring/signals/search | Get a list of security signals | +| _DatadogAPIClient::V2::SecurityMonitoringAPI_ | [**update_security_filter**](SecurityMonitoringAPI.md#update_security_filter) | **PATCH** /api/v2/security_monitoring/configuration/security_filters/{security_filter_id} | Update a security filter | +| _DatadogAPIClient::V2::SecurityMonitoringAPI_ | [**update_security_monitoring_rule**](SecurityMonitoringAPI.md#update_security_monitoring_rule) | **PUT** /api/v2/security_monitoring/rules/{rule_id} | Update an existing rule | +| _DatadogAPIClient::V2::ServiceAccountsAPI_ | [**create_service_account_application_key**](ServiceAccountsAPI.md#create_service_account_application_key) | **POST** /api/v2/service_accounts/{service_account_id}/application_keys | Create an application key for this service account | +| _DatadogAPIClient::V2::ServiceAccountsAPI_ | [**delete_service_account_application_key**](ServiceAccountsAPI.md#delete_service_account_application_key) | **DELETE** /api/v2/service_accounts/{service_account_id}/application_keys/{app_key_id} | Delete an application key for this service account | +| _DatadogAPIClient::V2::ServiceAccountsAPI_ | [**get_service_account_application_key**](ServiceAccountsAPI.md#get_service_account_application_key) | **GET** /api/v2/service_accounts/{service_account_id}/application_keys/{app_key_id} | Get one application key for this service account | +| _DatadogAPIClient::V2::ServiceAccountsAPI_ | [**list_service_account_application_keys**](ServiceAccountsAPI.md#list_service_account_application_keys) | **GET** /api/v2/service_accounts/{service_account_id}/application_keys | List application keys for this service account | +| _DatadogAPIClient::V2::ServiceAccountsAPI_ | [**update_service_account_application_key**](ServiceAccountsAPI.md#update_service_account_application_key) | **PATCH** /api/v2/service_accounts/{service_account_id}/application_keys/{app_key_id} | Edit an application key for this service account | +| _DatadogAPIClient::V2::UsersAPI_ | [**create_service_account**](UsersAPI.md#create_service_account) | **POST** /api/v2/service_accounts | Create a service account | +| _DatadogAPIClient::V2::UsersAPI_ | [**create_user**](UsersAPI.md#create_user) | **POST** /api/v2/users | Create a user | +| _DatadogAPIClient::V2::UsersAPI_ | [**disable_user**](UsersAPI.md#disable_user) | **DELETE** /api/v2/users/{user_id} | Disable a user | +| _DatadogAPIClient::V2::UsersAPI_ | [**get_invitation**](UsersAPI.md#get_invitation) | **GET** /api/v2/user_invitations/{user_invitation_uuid} | Get a user invitation | +| _DatadogAPIClient::V2::UsersAPI_ | [**get_user**](UsersAPI.md#get_user) | **GET** /api/v2/users/{user_id} | Get user details | +| _DatadogAPIClient::V2::UsersAPI_ | [**list_user_organizations**](UsersAPI.md#list_user_organizations) | **GET** /api/v2/users/{user_id}/orgs | Get a user organization | +| _DatadogAPIClient::V2::UsersAPI_ | [**list_user_permissions**](UsersAPI.md#list_user_permissions) | **GET** /api/v2/users/{user_id}/permissions | Get a user permissions | +| _DatadogAPIClient::V2::UsersAPI_ | [**list_users**](UsersAPI.md#list_users) | **GET** /api/v2/users | List all users | +| _DatadogAPIClient::V2::UsersAPI_ | [**send_invitations**](UsersAPI.md#send_invitations) | **POST** /api/v2/user_invitations | Send invitation emails | +| _DatadogAPIClient::V2::UsersAPI_ | [**update_user**](UsersAPI.md#update_user) | **PATCH** /api/v2/users/{user_id} | Update a user | ## Documentation for Models @@ -159,6 +164,19 @@ All URIs are relative to *https://api.datadoghq.com* - [DatadogAPIClient::V2::ApplicationKeyUpdateRequest](ApplicationKeyUpdateRequest.md) - [DatadogAPIClient::V2::ApplicationKeysSort](ApplicationKeysSort.md) - [DatadogAPIClient::V2::ApplicationKeysType](ApplicationKeysType.md) +- [DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleAttributes](CloudWorkloadSecurityAgentRuleAttributes.md) +- [DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateAttributes](CloudWorkloadSecurityAgentRuleCreateAttributes.md) +- [DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateData](CloudWorkloadSecurityAgentRuleCreateData.md) +- [DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateRequest](CloudWorkloadSecurityAgentRuleCreateRequest.md) +- [DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreatorAttributes](CloudWorkloadSecurityAgentRuleCreatorAttributes.md) +- [DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleData](CloudWorkloadSecurityAgentRuleData.md) +- [DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleResponse](CloudWorkloadSecurityAgentRuleResponse.md) +- [DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleType](CloudWorkloadSecurityAgentRuleType.md) +- [DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateAttributes](CloudWorkloadSecurityAgentRuleUpdateAttributes.md) +- [DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateData](CloudWorkloadSecurityAgentRuleUpdateData.md) +- [DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateRequest](CloudWorkloadSecurityAgentRuleUpdateRequest.md) +- [DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdaterAttributes](CloudWorkloadSecurityAgentRuleUpdaterAttributes.md) +- [DatadogAPIClient::V2::CloudWorkloadSecurityAgentRulesListResponse](CloudWorkloadSecurityAgentRulesListResponse.md) - [DatadogAPIClient::V2::ContentEncoding](ContentEncoding.md) - [DatadogAPIClient::V2::Creator](Creator.md) - [DatadogAPIClient::V2::DashboardListAddItemsRequest](DashboardListAddItemsRequest.md) diff --git a/examples/v2/cloud-workload-security/CreateCloudWorkloadSecurityAgentRule.rb b/examples/v2/cloud-workload-security/CreateCloudWorkloadSecurityAgentRule.rb new file mode 100644 index 000000000000..4326bcc79527 --- /dev/null +++ b/examples/v2/cloud-workload-security/CreateCloudWorkloadSecurityAgentRule.rb @@ -0,0 +1,17 @@ +# Create a Cloud Workload Security Agent rule returns "OK" response + +require "datadog_api_client" +api_instance = DatadogAPIClient::V2::CloudWorkloadSecurityAPI.new + +body = DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateRequest.new({ + data: DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateData.new({ + attributes: DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateAttributes.new({ + description: "Test Agent rule", + enabled: true, + expression: 'exec.file.name == "sh"', + name: "examplecreateacloudworkloadsecurityagentrulereturnsokresponse", + }), + type: DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleType::AGENT_RULE, + }), +}) +p api_instance.create_cloud_workload_security_agent_rule(body) diff --git a/examples/v2/cloud-workload-security/DeleteCloudWorkloadSecurityAgentRule.rb b/examples/v2/cloud-workload-security/DeleteCloudWorkloadSecurityAgentRule.rb new file mode 100644 index 000000000000..f0b7635a7052 --- /dev/null +++ b/examples/v2/cloud-workload-security/DeleteCloudWorkloadSecurityAgentRule.rb @@ -0,0 +1,8 @@ +# Delete a Cloud Workload Security Agent rule returns "OK" response + +require "datadog_api_client" +api_instance = DatadogAPIClient::V2::CloudWorkloadSecurityAPI.new + +# there is a valid "agent_rule" in the system +AGENT_RULE_DATA_ID = ENV["AGENT_RULE_DATA_ID"] +api_instance.delete_cloud_workload_security_agent_rule(AGENT_RULE_DATA_ID) diff --git a/examples/v2/cloud-workload-security/DownloadCloudWorkloadPolicyFile.rb b/examples/v2/cloud-workload-security/DownloadCloudWorkloadPolicyFile.rb new file mode 100644 index 000000000000..9949a8ce4ec3 --- /dev/null +++ b/examples/v2/cloud-workload-security/DownloadCloudWorkloadPolicyFile.rb @@ -0,0 +1,5 @@ +# Get the latest Cloud Workload Security policy returns "OK" response + +require "datadog_api_client" +api_instance = DatadogAPIClient::V2::CloudWorkloadSecurityAPI.new +p api_instance.download_cloud_workload_policy_file() diff --git a/examples/v2/cloud-workload-security/GetCloudWorkloadSecurityAgentRule.rb b/examples/v2/cloud-workload-security/GetCloudWorkloadSecurityAgentRule.rb new file mode 100644 index 000000000000..85cef6588c0c --- /dev/null +++ b/examples/v2/cloud-workload-security/GetCloudWorkloadSecurityAgentRule.rb @@ -0,0 +1,8 @@ +# Get a Cloud Workload Security Agent rule returns "OK" response + +require "datadog_api_client" +api_instance = DatadogAPIClient::V2::CloudWorkloadSecurityAPI.new + +# there is a valid "agent_rule" in the system +AGENT_RULE_DATA_ID = ENV["AGENT_RULE_DATA_ID"] +p api_instance.get_cloud_workload_security_agent_rule(AGENT_RULE_DATA_ID) diff --git a/examples/v2/cloud-workload-security/ListCloudWorkloadSecurityAgentRules.rb b/examples/v2/cloud-workload-security/ListCloudWorkloadSecurityAgentRules.rb new file mode 100644 index 000000000000..012a4f408080 --- /dev/null +++ b/examples/v2/cloud-workload-security/ListCloudWorkloadSecurityAgentRules.rb @@ -0,0 +1,5 @@ +# Get all Cloud Workload Security Agent rules returns "OK" response + +require "datadog_api_client" +api_instance = DatadogAPIClient::V2::CloudWorkloadSecurityAPI.new +p api_instance.list_cloud_workload_security_agent_rules() diff --git a/examples/v2/cloud-workload-security/UpdateCloudWorkloadSecurityAgentRule.rb b/examples/v2/cloud-workload-security/UpdateCloudWorkloadSecurityAgentRule.rb new file mode 100644 index 000000000000..33493200ebdf --- /dev/null +++ b/examples/v2/cloud-workload-security/UpdateCloudWorkloadSecurityAgentRule.rb @@ -0,0 +1,19 @@ +# Update a Cloud Workload Security Agent rule returns "OK" response + +require "datadog_api_client" +api_instance = DatadogAPIClient::V2::CloudWorkloadSecurityAPI.new + +# there is a valid "agent_rule" in the system +AGENT_RULE_DATA_ID = ENV["AGENT_RULE_DATA_ID"] + +body = DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateRequest.new({ + data: DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateData.new({ + attributes: DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateAttributes.new({ + description: "Test Agent rule", + enabled: true, + expression: 'exec.file.name == "sh"', + }), + type: DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleType::AGENT_RULE, + }), +}) +p api_instance.update_cloud_workload_security_agent_rule(AGENT_RULE_DATA_ID, body) diff --git a/features/v2/cloud_workload_security.feature b/features/v2/cloud_workload_security.feature new file mode 100644 index 000000000000..563757f01afb --- /dev/null +++ b/features/v2/cloud_workload_security.feature @@ -0,0 +1,107 @@ +@endpoint(cloud-workload-security) @endpoint(cloud-workload-security-v2) +Feature: Cloud Workload Security + Workload activity security rules for generating events using the Datadog + security Agent. + + Background: + Given a valid "apiKeyAuth" key in the system + And a valid "appKeyAuth" key in the system + And an instance of "CloudWorkloadSecurity" API + + @team:DataDog/cws-backend @team:DataDog/security-monitoring + Scenario: Create a Cloud Workload Security Agent rule returns "Bad Request" response + Given new "CreateCloudWorkloadSecurityAgentRule" request + And body with value {"data": {"attributes": {"description": "Test Agent rule", "enabled": true, "expression": "open.file.path = sh", "name": "{{ unique_lower_alnum }}"}, "type": "agent_rule"}} + When the request is sent + Then the response status is 400 Bad Request + + @skip @team:DataDog/cws-backend @team:DataDog/security-monitoring + Scenario: Create a Cloud Workload Security Agent rule returns "Conflict" response + Given new "CreateCloudWorkloadSecurityAgentRule" request + And body with value {"data": {"attributes": {"description": "Test Agent rule", "enabled": true, "expression": "exec.file.name == \"sh\"", "name": "{{ unique_lower_alnum }}"}, "type": "agent_rule"}} + When the request is sent + Then the response status is 409 Conflict + + @team:DataDog/cws-backend @team:DataDog/security-monitoring + Scenario: Create a Cloud Workload Security Agent rule returns "OK" response + Given new "CreateCloudWorkloadSecurityAgentRule" request + And body with value {"data": {"attributes": {"description": "Test Agent rule", "enabled": true, "expression": "exec.file.name == \"sh\"", "name": "{{ unique_lower_alnum }}"}, "type": "agent_rule"}} + When the request is sent + Then the response status is 200 OK + + @team:DataDog/cws-backend @team:DataDog/security-monitoring + Scenario: Delete a Cloud Workload Security Agent rule returns "Not Found" response + Given new "DeleteCloudWorkloadSecurityAgentRule" request + And request contains "agent_rule_id" parameter with value "abc-123-xyz" + When the request is sent + Then the response status is 404 Not Found + + @team:DataDog/cws-backend @team:DataDog/security-monitoring + Scenario: Delete a Cloud Workload Security Agent rule returns "OK" response + Given there is a valid "agent_rule" in the system + And new "DeleteCloudWorkloadSecurityAgentRule" request + And request contains "agent_rule_id" parameter from "agent_rule.data.id" + When the request is sent + Then the response status is 204 OK + + @team:DataDog/cws-backend @team:DataDog/security-monitoring + Scenario: Get a Cloud Workload Security Agent rule returns "Not Found" response + Given new "GetCloudWorkloadSecurityAgentRule" request + And request contains "agent_rule_id" parameter with value "abc-123-xyz" + When the request is sent + Then the response status is 404 Not Found + + @team:DataDog/cws-backend @team:DataDog/security-monitoring + Scenario: Get a Cloud Workload Security Agent rule returns "OK" response + Given there is a valid "agent_rule" in the system + And new "GetCloudWorkloadSecurityAgentRule" request + And request contains "agent_rule_id" parameter from "agent_rule.data.id" + When the request is sent + Then the response status is 200 OK + + @team:DataDog/cws-backend @team:DataDog/security-monitoring + Scenario: Get all Cloud Workload Security Agent rules returns "OK" response + Given there is a valid "agent_rule" in the system + And new "ListCloudWorkloadSecurityAgentRules" request + When the request is sent + Then the response status is 200 OK + + @team:DataDog/cws-backend @team:DataDog/security-monitoring + Scenario: Get the latest Cloud Workload Security policy returns "OK" response + Given new "DownloadCloudWorkloadPolicyFile" request + When the request is sent + Then the response status is 200 OK + + @team:DataDog/cws-backend @team:DataDog/security-monitoring + Scenario: Update a Cloud Workload Security Agent rule returns "Bad Request" response + Given there is a valid "agent_rule" in the system + And new "UpdateCloudWorkloadSecurityAgentRule" request + And request contains "agent_rule_id" parameter from "agent_rule.data.id" + And body with value {"data": {"attributes": {"description": "Test Agent rule", "enabled": true, "expression": "open.file.path = sh"}, "type": "agent_rule"}} + When the request is sent + Then the response status is 400 Bad Request + + @skip @team:DataDog/cws-backend @team:DataDog/security-monitoring + Scenario: Update a Cloud Workload Security Agent rule returns "Concurrent Modification" response + Given new "UpdateCloudWorkloadSecurityAgentRule" request + And request contains "agent_rule_id" parameter from "agent_rule.data.id" + And body with value {"data": {"attributes": {"description": "Test Agent rule", "enabled": true, "expression": "exec.file.name == \"sh\""}, "type": "agent_rule"}} + When the request is sent + Then the response status is 409 Concurrent Modification + + @team:DataDog/cws-backend @team:DataDog/security-monitoring + Scenario: Update a Cloud Workload Security Agent rule returns "Not Found" response + Given new "UpdateCloudWorkloadSecurityAgentRule" request + And request contains "agent_rule_id" parameter with value "abc-123-xyz" + And body with value {"data": {"attributes": {"description": "Test Agent rule", "enabled": true, "expression": "exec.file.name == \"sh\""}, "type": "agent_rule"}} + When the request is sent + Then the response status is 404 Not Found + + @team:DataDog/cws-backend @team:DataDog/security-monitoring + Scenario: Update a Cloud Workload Security Agent rule returns "OK" response + Given there is a valid "agent_rule" in the system + And new "UpdateCloudWorkloadSecurityAgentRule" request + And request contains "agent_rule_id" parameter from "agent_rule.data.id" + And body with value {"data": {"attributes": {"description": "Test Agent rule", "enabled": true, "expression": "exec.file.name == \"sh\""}, "type": "agent_rule"}} + When the request is sent + Then the response status is 200 OK diff --git a/features/v2/given.json b/features/v2/given.json index cbb87157f2c0..96ec90d5b013 100644 --- a/features/v2/given.json +++ b/features/v2/given.json @@ -114,6 +114,18 @@ "tag": "Roles", "operationId": "AddUserToRole" }, + { + "parameters": [ + { + "name": "body", + "value": "{\n \"data\": {\n \"type\": \"agent_rule\",\n \"attributes\": {\n \"name\": \"{{ unique_lower_alnum }}\",\n \"description\": \"My Agent rule\",\n \"expression\": \"exec.file.name == \\\"sh\\\"\",\n \"enabled\": true\n }\n }\n}" + } + ], + "step": "there is a valid \"agent_rule\" in the system", + "key": "agent_rule", + "tag": "Cloud Workload Security", + "operationId": "CreateCloudWorkloadSecurityAgentRule" + }, { "parameters": [ { diff --git a/features/v2/undo.json b/features/v2/undo.json index bd019435e025..87b3ef53d95c 100644 --- a/features/v2/undo.json +++ b/features/v2/undo.json @@ -433,6 +433,49 @@ "type": "safe" } }, + "DownloadCloudWorkloadPolicyFile": { + "tag": "Cloud Workload Security", + "undo": { + "type": "safe" + } + }, + "ListCloudWorkloadSecurityAgentRules": { + "tag": "Cloud Workload Security", + "undo": { + "type": "safe" + } + }, + "CreateCloudWorkloadSecurityAgentRule": { + "tag": "Cloud Workload Security", + "undo": { + "operationId": "DeleteCloudWorkloadSecurityAgentRule", + "parameters": [ + { + "name": "agent_rule_id", + "source": "data.id" + } + ], + "type": "unsafe" + } + }, + "DeleteCloudWorkloadSecurityAgentRule": { + "tag": "Cloud Workload Security", + "undo": { + "type": "idempotent" + } + }, + "GetCloudWorkloadSecurityAgentRule": { + "tag": "Cloud Workload Security", + "undo": { + "type": "safe" + } + }, + "UpdateCloudWorkloadSecurityAgentRule": { + "tag": "Cloud Workload Security", + "undo": { + "type": "idempotent" + } + }, "ListSecurityFilters": { "tag": "Security Monitoring", "undo": { diff --git a/lib/datadog_api_client/v2.rb b/lib/datadog_api_client/v2.rb index c2a1471be249..4f24764f04d6 100644 --- a/lib/datadog_api_client/v2.rb +++ b/lib/datadog_api_client/v2.rb @@ -44,6 +44,19 @@ require 'datadog_api_client/v2/models/application_key_update_request' require 'datadog_api_client/v2/models/application_keys_sort' require 'datadog_api_client/v2/models/application_keys_type' +require 'datadog_api_client/v2/models/cloud_workload_security_agent_rule_attributes' +require 'datadog_api_client/v2/models/cloud_workload_security_agent_rule_create_attributes' +require 'datadog_api_client/v2/models/cloud_workload_security_agent_rule_create_data' +require 'datadog_api_client/v2/models/cloud_workload_security_agent_rule_create_request' +require 'datadog_api_client/v2/models/cloud_workload_security_agent_rule_creator_attributes' +require 'datadog_api_client/v2/models/cloud_workload_security_agent_rule_data' +require 'datadog_api_client/v2/models/cloud_workload_security_agent_rule_response' +require 'datadog_api_client/v2/models/cloud_workload_security_agent_rule_type' +require 'datadog_api_client/v2/models/cloud_workload_security_agent_rule_update_attributes' +require 'datadog_api_client/v2/models/cloud_workload_security_agent_rule_update_data' +require 'datadog_api_client/v2/models/cloud_workload_security_agent_rule_update_request' +require 'datadog_api_client/v2/models/cloud_workload_security_agent_rule_updater_attributes' +require 'datadog_api_client/v2/models/cloud_workload_security_agent_rules_list_response' require 'datadog_api_client/v2/models/content_encoding' require 'datadog_api_client/v2/models/creator' require 'datadog_api_client/v2/models/dashboard_list_add_items_request' @@ -356,6 +369,7 @@ require 'datadog_api_client/v2/models/users_type' # APIs +require 'datadog_api_client/v2/api/cloud_workload_security_api' require 'datadog_api_client/v2/api/dashboard_lists_api' require 'datadog_api_client/v2/api/incident_services_api' require 'datadog_api_client/v2/api/incident_teams_api' diff --git a/lib/datadog_api_client/v2/api/cloud_workload_security_api.rb b/lib/datadog_api_client/v2/api/cloud_workload_security_api.rb new file mode 100644 index 000000000000..bbe82e9bbea4 --- /dev/null +++ b/lib/datadog_api_client/v2/api/cloud_workload_security_api.rb @@ -0,0 +1,461 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://openapi-generator.tech + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'cgi' + +module DatadogAPIClient::V2 + class CloudWorkloadSecurityAPI + attr_accessor :api_client + + def initialize(api_client = APIClient.default) + @api_client = api_client + end + # Create a Cloud Workload Security Agent rule + # Create a new Agent rule with the given parameters. + # @param body [CloudWorkloadSecurityAgentRuleCreateRequest] The definition of the new Agent rule. + # @param [Hash] opts the optional parameters + # @return [CloudWorkloadSecurityAgentRuleResponse] + def create_cloud_workload_security_agent_rule(body, opts = {}) + data, _status_code, _headers = create_cloud_workload_security_agent_rule_with_http_info(body, opts) + data + end + + # Create a Cloud Workload Security Agent rule + # Create a new Agent rule with the given parameters. + # @param body [CloudWorkloadSecurityAgentRuleCreateRequest] The definition of the new Agent rule. + # @param [Hash] opts the optional parameters + # @return [Array<(CloudWorkloadSecurityAgentRuleResponse, Integer, Hash)>] CloudWorkloadSecurityAgentRuleResponse data, response status code and response headers + def create_cloud_workload_security_agent_rule_with_http_info(body, opts = {}) + + if @api_client.config.unstable_operations.has_key?(:create_cloud_workload_security_agent_rule) + unstable_enabled = @api_client.config.unstable_operations[:create_cloud_workload_security_agent_rule] + if unstable_enabled + @api_client.config.logger.warn format("Using unstable operation '%s'", "create_cloud_workload_security_agent_rule") + else + raise APIError.new(message: format("Unstable operation '%s' is disabled", "create_cloud_workload_security_agent_rule")) + end + end + + if @api_client.config.debugging + @api_client.config.logger.debug 'Calling API: CloudWorkloadSecurityAPI.create_cloud_workload_security_agent_rule ...' + end + # verify the required parameter 'body' is set + if @api_client.config.client_side_validation && body.nil? + fail ArgumentError, "Missing the required parameter 'body' when calling CloudWorkloadSecurityAPI.create_cloud_workload_security_agent_rule" + end + # resource path + local_var_path = '/api/v2/security_monitoring/cloud_workload_security/agent_rules' + + # query parameters + query_params = opts[:query_params] || {} + + # header parameters + header_params = opts[:header_params] || {} + # HTTP header 'Accept' (if needed) + header_params['Accept'] = @api_client.select_header_accept(['application/json']) + # HTTP header 'Content-Type' + header_params['Content-Type'] = @api_client.select_header_content_type(['application/json']) + + # form parameters + form_params = opts[:form_params] || {} + + # http body (model) + post_body = opts[:debug_body] || @api_client.object_to_http_body(body) + + # return_type + return_type = opts[:debug_return_type] || 'CloudWorkloadSecurityAgentRuleResponse' + + # auth_names + auth_names = opts[:debug_auth_names] || [:AuthZ, :apiKeyAuth, :appKeyAuth] + + new_options = opts.merge( + :operation => :create_cloud_workload_security_agent_rule, + :header_params => header_params, + :query_params => query_params, + :form_params => form_params, + :body => post_body, + :auth_names => auth_names, + :return_type => return_type + ) + + data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options) + if @api_client.config.debugging + @api_client.config.logger.debug "API called: CloudWorkloadSecurityAPI#create_cloud_workload_security_agent_rule\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + end + return data, status_code, headers + end + + # Delete a Cloud Workload Security Agent rule + # Delete a specific Agent rule. + # @param agent_rule_id [String] The ID of the Agent rule. + # @param [Hash] opts the optional parameters + # @return [nil] + def delete_cloud_workload_security_agent_rule(agent_rule_id, opts = {}) + delete_cloud_workload_security_agent_rule_with_http_info(agent_rule_id, opts) + nil + end + + # Delete a Cloud Workload Security Agent rule + # Delete a specific Agent rule. + # @param agent_rule_id [String] The ID of the Agent rule. + # @param [Hash] opts the optional parameters + # @return [Array<(nil, Integer, Hash)>] nil, response status code and response headers + def delete_cloud_workload_security_agent_rule_with_http_info(agent_rule_id, opts = {}) + + if @api_client.config.unstable_operations.has_key?(:delete_cloud_workload_security_agent_rule) + unstable_enabled = @api_client.config.unstable_operations[:delete_cloud_workload_security_agent_rule] + if unstable_enabled + @api_client.config.logger.warn format("Using unstable operation '%s'", "delete_cloud_workload_security_agent_rule") + else + raise APIError.new(message: format("Unstable operation '%s' is disabled", "delete_cloud_workload_security_agent_rule")) + end + end + + if @api_client.config.debugging + @api_client.config.logger.debug 'Calling API: CloudWorkloadSecurityAPI.delete_cloud_workload_security_agent_rule ...' + end + # verify the required parameter 'agent_rule_id' is set + if @api_client.config.client_side_validation && agent_rule_id.nil? + fail ArgumentError, "Missing the required parameter 'agent_rule_id' when calling CloudWorkloadSecurityAPI.delete_cloud_workload_security_agent_rule" + end + # resource path + local_var_path = '/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}'.sub('{' + 'agent_rule_id' + '}', CGI.escape(agent_rule_id.to_s)) + + # query parameters + query_params = opts[:query_params] || {} + + # header parameters + header_params = opts[:header_params] || {} + # HTTP header 'Accept' (if needed) + header_params['Accept'] = @api_client.select_header_accept(['application/json']) + + # form parameters + form_params = opts[:form_params] || {} + + # http body (model) + post_body = opts[:debug_body] + + # return_type + return_type = opts[:debug_return_type] + + # auth_names + auth_names = opts[:debug_auth_names] || [:AuthZ, :apiKeyAuth, :appKeyAuth] + + new_options = opts.merge( + :operation => :delete_cloud_workload_security_agent_rule, + :header_params => header_params, + :query_params => query_params, + :form_params => form_params, + :body => post_body, + :auth_names => auth_names, + :return_type => return_type + ) + + data, status_code, headers = @api_client.call_api(:DELETE, local_var_path, new_options) + if @api_client.config.debugging + @api_client.config.logger.debug "API called: CloudWorkloadSecurityAPI#delete_cloud_workload_security_agent_rule\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + end + return data, status_code, headers + end + + # Get the latest Cloud Workload Security policy + # The download endpoint generates a Cloud Workload Security policy file from your currently active Cloud Workload Security rules, and downloads them as a .policy file. This file can then be deployed to your agents to update the policy running in your environment. + # @param [Hash] opts the optional parameters + # @return [File] + def download_cloud_workload_policy_file(opts = {}) + data, _status_code, _headers = download_cloud_workload_policy_file_with_http_info(opts) + data + end + + # Get the latest Cloud Workload Security policy + # The download endpoint generates a Cloud Workload Security policy file from your currently active Cloud Workload Security rules, and downloads them as a .policy file. This file can then be deployed to your agents to update the policy running in your environment. + # @param [Hash] opts the optional parameters + # @return [Array<(File, Integer, Hash)>] File data, response status code and response headers + def download_cloud_workload_policy_file_with_http_info(opts = {}) + + if @api_client.config.unstable_operations.has_key?(:download_cloud_workload_policy_file) + unstable_enabled = @api_client.config.unstable_operations[:download_cloud_workload_policy_file] + if unstable_enabled + @api_client.config.logger.warn format("Using unstable operation '%s'", "download_cloud_workload_policy_file") + else + raise APIError.new(message: format("Unstable operation '%s' is disabled", "download_cloud_workload_policy_file")) + end + end + + if @api_client.config.debugging + @api_client.config.logger.debug 'Calling API: CloudWorkloadSecurityAPI.download_cloud_workload_policy_file ...' + end + # resource path + local_var_path = '/api/v2/security/cloud_workload/policy/download' + + # query parameters + query_params = opts[:query_params] || {} + + # header parameters + header_params = opts[:header_params] || {} + # HTTP header 'Accept' (if needed) + header_params['Accept'] = @api_client.select_header_accept(['application/yaml', 'application/json']) + + # form parameters + form_params = opts[:form_params] || {} + + # http body (model) + post_body = opts[:debug_body] + + # return_type + return_type = opts[:debug_return_type] || 'File' + + # auth_names + auth_names = opts[:debug_auth_names] || [:AuthZ, :apiKeyAuth, :appKeyAuth] + + new_options = opts.merge( + :operation => :download_cloud_workload_policy_file, + :header_params => header_params, + :query_params => query_params, + :form_params => form_params, + :body => post_body, + :auth_names => auth_names, + :return_type => return_type + ) + + data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options) + if @api_client.config.debugging + @api_client.config.logger.debug "API called: CloudWorkloadSecurityAPI#download_cloud_workload_policy_file\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + end + return data, status_code, headers + end + + # Get a Cloud Workload Security Agent rule + # Get the details of a specific Agent rule. + # @param agent_rule_id [String] The ID of the Agent rule. + # @param [Hash] opts the optional parameters + # @return [CloudWorkloadSecurityAgentRuleResponse] + def get_cloud_workload_security_agent_rule(agent_rule_id, opts = {}) + data, _status_code, _headers = get_cloud_workload_security_agent_rule_with_http_info(agent_rule_id, opts) + data + end + + # Get a Cloud Workload Security Agent rule + # Get the details of a specific Agent rule. + # @param agent_rule_id [String] The ID of the Agent rule. + # @param [Hash] opts the optional parameters + # @return [Array<(CloudWorkloadSecurityAgentRuleResponse, Integer, Hash)>] CloudWorkloadSecurityAgentRuleResponse data, response status code and response headers + def get_cloud_workload_security_agent_rule_with_http_info(agent_rule_id, opts = {}) + + if @api_client.config.unstable_operations.has_key?(:get_cloud_workload_security_agent_rule) + unstable_enabled = @api_client.config.unstable_operations[:get_cloud_workload_security_agent_rule] + if unstable_enabled + @api_client.config.logger.warn format("Using unstable operation '%s'", "get_cloud_workload_security_agent_rule") + else + raise APIError.new(message: format("Unstable operation '%s' is disabled", "get_cloud_workload_security_agent_rule")) + end + end + + if @api_client.config.debugging + @api_client.config.logger.debug 'Calling API: CloudWorkloadSecurityAPI.get_cloud_workload_security_agent_rule ...' + end + # verify the required parameter 'agent_rule_id' is set + if @api_client.config.client_side_validation && agent_rule_id.nil? + fail ArgumentError, "Missing the required parameter 'agent_rule_id' when calling CloudWorkloadSecurityAPI.get_cloud_workload_security_agent_rule" + end + # resource path + local_var_path = '/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}'.sub('{' + 'agent_rule_id' + '}', CGI.escape(agent_rule_id.to_s)) + + # query parameters + query_params = opts[:query_params] || {} + + # header parameters + header_params = opts[:header_params] || {} + # HTTP header 'Accept' (if needed) + header_params['Accept'] = @api_client.select_header_accept(['application/json']) + + # form parameters + form_params = opts[:form_params] || {} + + # http body (model) + post_body = opts[:debug_body] + + # return_type + return_type = opts[:debug_return_type] || 'CloudWorkloadSecurityAgentRuleResponse' + + # auth_names + auth_names = opts[:debug_auth_names] || [:AuthZ, :apiKeyAuth, :appKeyAuth] + + new_options = opts.merge( + :operation => :get_cloud_workload_security_agent_rule, + :header_params => header_params, + :query_params => query_params, + :form_params => form_params, + :body => post_body, + :auth_names => auth_names, + :return_type => return_type + ) + + data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options) + if @api_client.config.debugging + @api_client.config.logger.debug "API called: CloudWorkloadSecurityAPI#get_cloud_workload_security_agent_rule\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + end + return data, status_code, headers + end + + # Get all Cloud Workload Security Agent rules + # Get the list of Agent rules. + # @param [Hash] opts the optional parameters + # @return [CloudWorkloadSecurityAgentRulesListResponse] + def list_cloud_workload_security_agent_rules(opts = {}) + data, _status_code, _headers = list_cloud_workload_security_agent_rules_with_http_info(opts) + data + end + + # Get all Cloud Workload Security Agent rules + # Get the list of Agent rules. + # @param [Hash] opts the optional parameters + # @return [Array<(CloudWorkloadSecurityAgentRulesListResponse, Integer, Hash)>] CloudWorkloadSecurityAgentRulesListResponse data, response status code and response headers + def list_cloud_workload_security_agent_rules_with_http_info(opts = {}) + + if @api_client.config.unstable_operations.has_key?(:list_cloud_workload_security_agent_rules) + unstable_enabled = @api_client.config.unstable_operations[:list_cloud_workload_security_agent_rules] + if unstable_enabled + @api_client.config.logger.warn format("Using unstable operation '%s'", "list_cloud_workload_security_agent_rules") + else + raise APIError.new(message: format("Unstable operation '%s' is disabled", "list_cloud_workload_security_agent_rules")) + end + end + + if @api_client.config.debugging + @api_client.config.logger.debug 'Calling API: CloudWorkloadSecurityAPI.list_cloud_workload_security_agent_rules ...' + end + # resource path + local_var_path = '/api/v2/security_monitoring/cloud_workload_security/agent_rules' + + # query parameters + query_params = opts[:query_params] || {} + + # header parameters + header_params = opts[:header_params] || {} + # HTTP header 'Accept' (if needed) + header_params['Accept'] = @api_client.select_header_accept(['application/json']) + + # form parameters + form_params = opts[:form_params] || {} + + # http body (model) + post_body = opts[:debug_body] + + # return_type + return_type = opts[:debug_return_type] || 'CloudWorkloadSecurityAgentRulesListResponse' + + # auth_names + auth_names = opts[:debug_auth_names] || [:AuthZ, :apiKeyAuth, :appKeyAuth] + + new_options = opts.merge( + :operation => :list_cloud_workload_security_agent_rules, + :header_params => header_params, + :query_params => query_params, + :form_params => form_params, + :body => post_body, + :auth_names => auth_names, + :return_type => return_type + ) + + data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options) + if @api_client.config.debugging + @api_client.config.logger.debug "API called: CloudWorkloadSecurityAPI#list_cloud_workload_security_agent_rules\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + end + return data, status_code, headers + end + + # Update a Cloud Workload Security Agent rule + # Update a specific Agent rule. Returns the Agent rule object when the request is successful. + # @param agent_rule_id [String] The ID of the Agent rule. + # @param body [CloudWorkloadSecurityAgentRuleUpdateRequest] New definition of the Agent rule. + # @param [Hash] opts the optional parameters + # @return [CloudWorkloadSecurityAgentRuleResponse] + def update_cloud_workload_security_agent_rule(agent_rule_id, body, opts = {}) + data, _status_code, _headers = update_cloud_workload_security_agent_rule_with_http_info(agent_rule_id, body, opts) + data + end + + # Update a Cloud Workload Security Agent rule + # Update a specific Agent rule. Returns the Agent rule object when the request is successful. + # @param agent_rule_id [String] The ID of the Agent rule. + # @param body [CloudWorkloadSecurityAgentRuleUpdateRequest] New definition of the Agent rule. + # @param [Hash] opts the optional parameters + # @return [Array<(CloudWorkloadSecurityAgentRuleResponse, Integer, Hash)>] CloudWorkloadSecurityAgentRuleResponse data, response status code and response headers + def update_cloud_workload_security_agent_rule_with_http_info(agent_rule_id, body, opts = {}) + + if @api_client.config.unstable_operations.has_key?(:update_cloud_workload_security_agent_rule) + unstable_enabled = @api_client.config.unstable_operations[:update_cloud_workload_security_agent_rule] + if unstable_enabled + @api_client.config.logger.warn format("Using unstable operation '%s'", "update_cloud_workload_security_agent_rule") + else + raise APIError.new(message: format("Unstable operation '%s' is disabled", "update_cloud_workload_security_agent_rule")) + end + end + + if @api_client.config.debugging + @api_client.config.logger.debug 'Calling API: CloudWorkloadSecurityAPI.update_cloud_workload_security_agent_rule ...' + end + # verify the required parameter 'agent_rule_id' is set + if @api_client.config.client_side_validation && agent_rule_id.nil? + fail ArgumentError, "Missing the required parameter 'agent_rule_id' when calling CloudWorkloadSecurityAPI.update_cloud_workload_security_agent_rule" + end + # verify the required parameter 'body' is set + if @api_client.config.client_side_validation && body.nil? + fail ArgumentError, "Missing the required parameter 'body' when calling CloudWorkloadSecurityAPI.update_cloud_workload_security_agent_rule" + end + # resource path + local_var_path = '/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}'.sub('{' + 'agent_rule_id' + '}', CGI.escape(agent_rule_id.to_s)) + + # query parameters + query_params = opts[:query_params] || {} + + # header parameters + header_params = opts[:header_params] || {} + # HTTP header 'Accept' (if needed) + header_params['Accept'] = @api_client.select_header_accept(['application/json']) + # HTTP header 'Content-Type' + header_params['Content-Type'] = @api_client.select_header_content_type(['application/json']) + + # form parameters + form_params = opts[:form_params] || {} + + # http body (model) + post_body = opts[:debug_body] || @api_client.object_to_http_body(body) + + # return_type + return_type = opts[:debug_return_type] || 'CloudWorkloadSecurityAgentRuleResponse' + + # auth_names + auth_names = opts[:debug_auth_names] || [:AuthZ, :apiKeyAuth, :appKeyAuth] + + new_options = opts.merge( + :operation => :update_cloud_workload_security_agent_rule, + :header_params => header_params, + :query_params => query_params, + :form_params => form_params, + :body => post_body, + :auth_names => auth_names, + :return_type => return_type + ) + + data, status_code, headers = @api_client.call_api(:PATCH, local_var_path, new_options) + if @api_client.config.debugging + @api_client.config.logger.debug "API called: CloudWorkloadSecurityAPI#update_cloud_workload_security_agent_rule\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" + end + return data, status_code, headers + end + end +end diff --git a/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_attributes.rb b/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_attributes.rb new file mode 100644 index 000000000000..5aeae2ed5fd9 --- /dev/null +++ b/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_attributes.rb @@ -0,0 +1,331 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://openapi-generator.tech + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # A Cloud Workload Security Agent rule returned by the API. + class CloudWorkloadSecurityAgentRuleAttributes + # whether the object has unparsed attributes + attr_accessor :_unparsed + + # The category of the Agent rule. + attr_accessor :category + + # When the Agent rule was created, timestamp in milliseconds. + attr_accessor :creation_date + + attr_accessor :creator + + # Whether the rule is included by default. + attr_accessor :default_rule + + # The description of the Agent rule. + attr_accessor :description + + # Whether the Agent rule is enabled. + attr_accessor :enabled + + # The SECL expression of the Agent rule. + attr_accessor :expression + + # The name of the Agent rule. + attr_accessor :name + + # When the Agent rule was last updated, timestamp in milliseconds. + attr_accessor :updated_at + + attr_accessor :updater + + # The version of the Agent rule. + attr_accessor :version + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'category' => :'category', + :'creation_date' => :'creationDate', + :'creator' => :'creator', + :'default_rule' => :'defaultRule', + :'description' => :'description', + :'enabled' => :'enabled', + :'expression' => :'expression', + :'name' => :'name', + :'updated_at' => :'updatedAt', + :'updater' => :'updater', + :'version' => :'version' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'category' => :'String', + :'creation_date' => :'Integer', + :'creator' => :'CloudWorkloadSecurityAgentRuleCreatorAttributes', + :'default_rule' => :'Boolean', + :'description' => :'String', + :'enabled' => :'Boolean', + :'expression' => :'String', + :'name' => :'String', + :'updated_at' => :'Integer', + :'updater' => :'CloudWorkloadSecurityAgentRuleUpdaterAttributes', + :'version' => :'Integer' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleAttributes` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleAttributes`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'category') + self.category = attributes[:'category'] + end + + if attributes.key?(:'creation_date') + self.creation_date = attributes[:'creation_date'] + end + + if attributes.key?(:'creator') + self.creator = attributes[:'creator'] + end + + if attributes.key?(:'default_rule') + self.default_rule = attributes[:'default_rule'] + end + + if attributes.key?(:'description') + self.description = attributes[:'description'] + end + + if attributes.key?(:'enabled') + self.enabled = attributes[:'enabled'] + end + + if attributes.key?(:'expression') + self.expression = attributes[:'expression'] + end + + if attributes.key?(:'name') + self.name = attributes[:'name'] + end + + if attributes.key?(:'updated_at') + self.updated_at = attributes[:'updated_at'] + end + + if attributes.key?(:'updater') + self.updater = attributes[:'updater'] + end + + if attributes.key?(:'version') + self.version = attributes[:'version'] + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + category == o.category && + creation_date == o.creation_date && + creator == o.creator && + default_rule == o.default_rule && + description == o.description && + enabled == o.enabled && + expression == o.expression && + name == o.name && + updated_at == o.updated_at && + updater == o.updater && + version == o.version + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [category, creation_date, creator, default_rule, description, enabled, expression, name, updated_at, updater, version].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when :Array + # generic array, return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = DatadogAPIClient::V2.const_get(type) + res = klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + if res.instance_of? DatadogAPIClient::V2::UnparsedObject + self._unparsed = true + end + res + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + + end + +end diff --git a/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_create_attributes.rb b/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_create_attributes.rb new file mode 100644 index 000000000000..d6a0ff0c3510 --- /dev/null +++ b/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_create_attributes.rb @@ -0,0 +1,273 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://openapi-generator.tech + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Create a new Cloud Workload Security Agent rule. + class CloudWorkloadSecurityAgentRuleCreateAttributes + # whether the object has unparsed attributes + attr_accessor :_unparsed + + # The description of the Agent rule. + attr_accessor :description + + # Whether the Agent rule is enabled. + attr_accessor :enabled + + # The SECL expression of the Agent rule. + attr_accessor :expression + + # The name of the Agent rule. + attr_accessor :name + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'description' => :'description', + :'enabled' => :'enabled', + :'expression' => :'expression', + :'name' => :'name' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'description' => :'String', + :'enabled' => :'Boolean', + :'expression' => :'String', + :'name' => :'String' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateAttributes` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateAttributes`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'description') + self.description = attributes[:'description'] + end + + if attributes.key?(:'enabled') + self.enabled = attributes[:'enabled'] + end + + if attributes.key?(:'expression') + self.expression = attributes[:'expression'] + end + + if attributes.key?(:'name') + self.name = attributes[:'name'] + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + if @expression.nil? + invalid_properties.push('invalid value for "expression", expression cannot be nil.') + end + + if @name.nil? + invalid_properties.push('invalid value for "name", name cannot be nil.') + end + + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + return false if @expression.nil? + return false if @name.nil? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + description == o.description && + enabled == o.enabled && + expression == o.expression && + name == o.name + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [description, enabled, expression, name].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when :Array + # generic array, return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = DatadogAPIClient::V2.const_get(type) + res = klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + if res.instance_of? DatadogAPIClient::V2::UnparsedObject + self._unparsed = true + end + res + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + + end + +end diff --git a/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_create_data.rb b/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_create_data.rb new file mode 100644 index 000000000000..fdc890eb6277 --- /dev/null +++ b/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_create_data.rb @@ -0,0 +1,253 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://openapi-generator.tech + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Object for a single Agent rule. + class CloudWorkloadSecurityAgentRuleCreateData + # whether the object has unparsed attributes + attr_accessor :_unparsed + + attr_accessor :attributes + + attr_accessor :type + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'attributes' => :'attributes', + :'type' => :'type' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'attributes' => :'CloudWorkloadSecurityAgentRuleCreateAttributes', + :'type' => :'CloudWorkloadSecurityAgentRuleType' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateData` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateData`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'attributes') + self.attributes = attributes[:'attributes'] + end + + if attributes.key?(:'type') + self.type = attributes[:'type'] + else + self.type = 'agent_rule' + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + if @attributes.nil? + invalid_properties.push('invalid value for "attributes", attributes cannot be nil.') + end + + if @type.nil? + invalid_properties.push('invalid value for "type", type cannot be nil.') + end + + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + return false if @attributes.nil? + return false if @type.nil? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + attributes == o.attributes && + type == o.type + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [attributes, type].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when :Array + # generic array, return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = DatadogAPIClient::V2.const_get(type) + res = klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + if res.instance_of? DatadogAPIClient::V2::UnparsedObject + self._unparsed = true + end + res + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + + end + +end diff --git a/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_create_request.rb b/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_create_request.rb new file mode 100644 index 000000000000..b9d5d53ce9ab --- /dev/null +++ b/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_create_request.rb @@ -0,0 +1,237 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://openapi-generator.tech + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Request object that includes the Agent rule to create. + class CloudWorkloadSecurityAgentRuleCreateRequest + # whether the object has unparsed attributes + attr_accessor :_unparsed + + attr_accessor :data + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'data' => :'data' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'data' => :'CloudWorkloadSecurityAgentRuleCreateData' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateRequest` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateRequest`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'data') + self.data = attributes[:'data'] + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + if @data.nil? + invalid_properties.push('invalid value for "data", data cannot be nil.') + end + + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + return false if @data.nil? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + data == o.data + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [data].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when :Array + # generic array, return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = DatadogAPIClient::V2.const_get(type) + res = klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + if res.instance_of? DatadogAPIClient::V2::UnparsedObject + self._unparsed = true + end + res + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + + end + +end diff --git a/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_creator_attributes.rb b/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_creator_attributes.rb new file mode 100644 index 000000000000..7debf335f946 --- /dev/null +++ b/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_creator_attributes.rb @@ -0,0 +1,243 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://openapi-generator.tech + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # The attributes of the user who created the Agent rule. + class CloudWorkloadSecurityAgentRuleCreatorAttributes + # whether the object has unparsed attributes + attr_accessor :_unparsed + + # The handle of the user. + attr_accessor :handle + + # The name of the user. + attr_accessor :name + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'handle' => :'handle', + :'name' => :'name' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'handle' => :'String', + :'name' => :'String' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreatorAttributes` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreatorAttributes`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'handle') + self.handle = attributes[:'handle'] + end + + if attributes.key?(:'name') + self.name = attributes[:'name'] + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + handle == o.handle && + name == o.name + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [handle, name].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when :Array + # generic array, return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = DatadogAPIClient::V2.const_get(type) + res = klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + if res.instance_of? DatadogAPIClient::V2::UnparsedObject + self._unparsed = true + end + res + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + + end + +end diff --git a/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_data.rb b/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_data.rb new file mode 100644 index 000000000000..0cfa8f7365b7 --- /dev/null +++ b/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_data.rb @@ -0,0 +1,253 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://openapi-generator.tech + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Object for a single Agent rule. + class CloudWorkloadSecurityAgentRuleData + # whether the object has unparsed attributes + attr_accessor :_unparsed + + attr_accessor :attributes + + # The ID of the Agent rule. + attr_accessor :id + + attr_accessor :type + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'attributes' => :'attributes', + :'id' => :'id', + :'type' => :'type' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'attributes' => :'CloudWorkloadSecurityAgentRuleAttributes', + :'id' => :'String', + :'type' => :'CloudWorkloadSecurityAgentRuleType' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleData` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleData`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'attributes') + self.attributes = attributes[:'attributes'] + end + + if attributes.key?(:'id') + self.id = attributes[:'id'] + end + + if attributes.key?(:'type') + self.type = attributes[:'type'] + else + self.type = 'agent_rule' + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + attributes == o.attributes && + id == o.id && + type == o.type + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [attributes, id, type].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when :Array + # generic array, return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = DatadogAPIClient::V2.const_get(type) + res = klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + if res.instance_of? DatadogAPIClient::V2::UnparsedObject + self._unparsed = true + end + res + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + + end + +end diff --git a/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_response.rb b/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_response.rb new file mode 100644 index 000000000000..ce1f7afc79e7 --- /dev/null +++ b/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_response.rb @@ -0,0 +1,232 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://openapi-generator.tech + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Response object that includes an Agent rule. + class CloudWorkloadSecurityAgentRuleResponse + # whether the object has unparsed attributes + attr_accessor :_unparsed + + attr_accessor :data + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'data' => :'data' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'data' => :'CloudWorkloadSecurityAgentRuleData' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleResponse` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleResponse`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'data') + self.data = attributes[:'data'] + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + data == o.data + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [data].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when :Array + # generic array, return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = DatadogAPIClient::V2.const_get(type) + res = klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + if res.instance_of? DatadogAPIClient::V2::UnparsedObject + self._unparsed = true + end + res + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + + end + +end diff --git a/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_type.rb b/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_type.rb new file mode 100644 index 000000000000..32e02d0a96d0 --- /dev/null +++ b/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_type.rb @@ -0,0 +1,38 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://openapi-generator.tech + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + class CloudWorkloadSecurityAgentRuleType + AGENT_RULE = "agent_rule".freeze + + # Builds the enum from string + # @param [String] The enum value in the form of the string + # @return [String] The enum value + def self.build_from_hash(value) + new.build_from_hash(value) + end + + # Builds the enum from string + # @param [String] The enum value in the form of the string + # @return [String] The enum value + def build_from_hash(value) + constantValues = CloudWorkloadSecurityAgentRuleType.constants.select { |c| CloudWorkloadSecurityAgentRuleType::const_get(c) == value } + constantValues.empty? ? DatadogAPIClient::V2::UnparsedObject.new(value) : value + end + end +end diff --git a/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_update_attributes.rb b/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_update_attributes.rb new file mode 100644 index 000000000000..ece86700dde3 --- /dev/null +++ b/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_update_attributes.rb @@ -0,0 +1,253 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://openapi-generator.tech + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Update an existing Cloud Workload Security Agent rule. + class CloudWorkloadSecurityAgentRuleUpdateAttributes + # whether the object has unparsed attributes + attr_accessor :_unparsed + + # The description of the Agent rule. + attr_accessor :description + + # Whether the Agent rule is enabled. + attr_accessor :enabled + + # The SECL expression of the Agent rule. + attr_accessor :expression + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'description' => :'description', + :'enabled' => :'enabled', + :'expression' => :'expression' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'description' => :'String', + :'enabled' => :'Boolean', + :'expression' => :'String' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateAttributes` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateAttributes`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'description') + self.description = attributes[:'description'] + end + + if attributes.key?(:'enabled') + self.enabled = attributes[:'enabled'] + end + + if attributes.key?(:'expression') + self.expression = attributes[:'expression'] + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + description == o.description && + enabled == o.enabled && + expression == o.expression + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [description, enabled, expression].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when :Array + # generic array, return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = DatadogAPIClient::V2.const_get(type) + res = klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + if res.instance_of? DatadogAPIClient::V2::UnparsedObject + self._unparsed = true + end + res + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + + end + +end diff --git a/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_update_data.rb b/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_update_data.rb new file mode 100644 index 000000000000..e6ecbb71d124 --- /dev/null +++ b/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_update_data.rb @@ -0,0 +1,253 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://openapi-generator.tech + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Object for a single Agent rule. + class CloudWorkloadSecurityAgentRuleUpdateData + # whether the object has unparsed attributes + attr_accessor :_unparsed + + attr_accessor :attributes + + attr_accessor :type + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'attributes' => :'attributes', + :'type' => :'type' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'attributes' => :'CloudWorkloadSecurityAgentRuleUpdateAttributes', + :'type' => :'CloudWorkloadSecurityAgentRuleType' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateData` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateData`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'attributes') + self.attributes = attributes[:'attributes'] + end + + if attributes.key?(:'type') + self.type = attributes[:'type'] + else + self.type = 'agent_rule' + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + if @attributes.nil? + invalid_properties.push('invalid value for "attributes", attributes cannot be nil.') + end + + if @type.nil? + invalid_properties.push('invalid value for "type", type cannot be nil.') + end + + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + return false if @attributes.nil? + return false if @type.nil? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + attributes == o.attributes && + type == o.type + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [attributes, type].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when :Array + # generic array, return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = DatadogAPIClient::V2.const_get(type) + res = klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + if res.instance_of? DatadogAPIClient::V2::UnparsedObject + self._unparsed = true + end + res + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + + end + +end diff --git a/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_update_request.rb b/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_update_request.rb new file mode 100644 index 000000000000..05d3345c5879 --- /dev/null +++ b/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_update_request.rb @@ -0,0 +1,237 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://openapi-generator.tech + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Request object that includes the Agent rule with the attributes to update. + class CloudWorkloadSecurityAgentRuleUpdateRequest + # whether the object has unparsed attributes + attr_accessor :_unparsed + + attr_accessor :data + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'data' => :'data' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'data' => :'CloudWorkloadSecurityAgentRuleUpdateData' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateRequest` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateRequest`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'data') + self.data = attributes[:'data'] + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + if @data.nil? + invalid_properties.push('invalid value for "data", data cannot be nil.') + end + + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + return false if @data.nil? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + data == o.data + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [data].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when :Array + # generic array, return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = DatadogAPIClient::V2.const_get(type) + res = klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + if res.instance_of? DatadogAPIClient::V2::UnparsedObject + self._unparsed = true + end + res + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + + end + +end diff --git a/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_updater_attributes.rb b/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_updater_attributes.rb new file mode 100644 index 000000000000..85894c4997fb --- /dev/null +++ b/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rule_updater_attributes.rb @@ -0,0 +1,243 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://openapi-generator.tech + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # The attributes of the user who last updated the Agent rule. + class CloudWorkloadSecurityAgentRuleUpdaterAttributes + # whether the object has unparsed attributes + attr_accessor :_unparsed + + # The handle of the user. + attr_accessor :handle + + # The name of the user. + attr_accessor :name + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'handle' => :'handle', + :'name' => :'name' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'handle' => :'String', + :'name' => :'String' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdaterAttributes` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdaterAttributes`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'handle') + self.handle = attributes[:'handle'] + end + + if attributes.key?(:'name') + self.name = attributes[:'name'] + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + handle == o.handle && + name == o.name + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [handle, name].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when :Array + # generic array, return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = DatadogAPIClient::V2.const_get(type) + res = klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + if res.instance_of? DatadogAPIClient::V2::UnparsedObject + self._unparsed = true + end + res + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + + end + +end diff --git a/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rules_list_response.rb b/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rules_list_response.rb new file mode 100644 index 000000000000..5b17fda6c407 --- /dev/null +++ b/lib/datadog_api_client/v2/models/cloud_workload_security_agent_rules_list_response.rb @@ -0,0 +1,235 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://openapi-generator.tech + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V2 + # Response object that includes a list of Agent rule. + class CloudWorkloadSecurityAgentRulesListResponse + # whether the object has unparsed attributes + attr_accessor :_unparsed + + # A list of Agent rules objects. + attr_accessor :data + + # Attribute mapping from ruby-style variable name to JSON key. + def self.attribute_map + { + :'data' => :'data' + } + end + + # Returns all the JSON keys this model knows about + def self.acceptable_attributes + attribute_map.values + end + + # Attribute type mapping. + def self.openapi_types + { + :'data' => :'Array' + } + end + + # List of attributes with nullable: true + def self.openapi_nullable + Set.new([ + ]) + end + + # Initializes the object + # @param [Hash] attributes Model attributes in the form of hash + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::CloudWorkloadSecurityAgentRulesListResponse` initialize method" + end + + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + fail ArgumentError, "`#{k}` is not a valid attribute in `DatadogAPIClient::V2::CloudWorkloadSecurityAgentRulesListResponse`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect + end + h[k.to_sym] = v + } + + if attributes.key?(:'data') + if (value = attributes[:'data']).is_a?(Array) + self.data = value + end + end + end + + # Show invalid properties with the reasons. Usually used together with valid? + # @return Array for valid properties with the reasons + def list_invalid_properties + invalid_properties = Array.new + invalid_properties + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + def valid? + true + end + + # Checks equality by comparing each attribute. + # @param [Object] Object to be compared + def ==(o) + return true if self.equal?(o) + self.class == o.class && + data == o.data + end + + # @see the `==` method + # @param [Object] Object to be compared + def eql?(o) + self == o + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + def hash + [data].hash + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def self.build_from_hash(attributes) + new.build_from_hash(attributes) + end + + # Builds the object from hash + # @param [Hash] attributes Model attributes in the form of hash + # @return [Object] Returns the model itself + def build_from_hash(attributes) + return nil unless attributes.is_a?(Hash) + self.class.openapi_types.each_pair do |key, type| + if attributes[self.class.attribute_map[key]].nil? && self.class.openapi_nullable.include?(key) + self.send("#{key}=", nil) + elsif type =~ /\AArray<(.*)>/i + # check to ensure the input is an array given that the attribute + # is documented as an array but the input is not + if attributes[self.class.attribute_map[key]].is_a?(Array) + self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) }) + end + elsif !attributes[self.class.attribute_map[key]].nil? + self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]])) + end + end + + self + end + + # Deserializes the data based on type + # @param string type Data type + # @param string value Value to be deserialized + # @return [Object] Deserialized data + def _deserialize(type, value) + case type.to_sym + when :Time + Time.parse(value) + when :Date + Date.parse(value) + when :String + value.to_s + when :Integer + value.to_i + when :Float + value.to_f + when :Boolean + if value.to_s =~ /\A(true|t|yes|y|1)\z/i + true + else + false + end + when :Object + # generic object (usually a Hash), return directly + value + when :Array + # generic array, return directly + value + when /\AArray<(?.+)>\z/ + inner_type = Regexp.last_match[:inner_type] + value.map { |v| _deserialize(inner_type, v) } + when /\AHash<(?.+?), (?.+)>\z/ + k_type = Regexp.last_match[:k_type] + v_type = Regexp.last_match[:v_type] + {}.tap do |hash| + value.each do |k, v| + hash[_deserialize(k_type, k)] = _deserialize(v_type, v) + end + end + else # model + # models (e.g. Pet) or oneOf + klass = DatadogAPIClient::V2.const_get(type) + res = klass.respond_to?(:openapi_one_of) ? klass.build(value) : klass.build_from_hash(value) + if res.instance_of? DatadogAPIClient::V2::UnparsedObject + self._unparsed = true + end + res + end + end + + # Returns the string representation of the object + # @return [String] String presentation of the object + def to_s + to_hash.to_s + end + + # to_body is an alias to to_hash (backward compatibility) + # @return [Hash] Returns the object in the form of hash + def to_body + to_hash + end + + # Returns the object in the form of hash + # @return [Hash] Returns the object in the form of hash + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + hash + end + + # Outputs non-array value in the form of hash + # For object, use to_hash. Otherwise, just return the value + # @param [Object] value Any valid value + # @return [Hash] Returns the value in the form of hash + def _to_hash(value) + if value.is_a?(Array) + value.compact.map { |v| _to_hash(v) } + elsif value.is_a?(Hash) + {}.tap do |hash| + value.each { |k, v| hash[k] = _to_hash(v) } + end + elsif value.respond_to? :to_hash + value.to_hash + else + value + end + end + + end + +end diff --git a/spec/v2/api/cloud_workload_security_api_spec.rb b/spec/v2/api/cloud_workload_security_api_spec.rb new file mode 100644 index 000000000000..eb9455ed1640 --- /dev/null +++ b/spec/v2/api/cloud_workload_security_api_spec.rb @@ -0,0 +1,109 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://openapi-generator.tech + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'spec_helper' +require 'json' + +# Unit tests for DatadogAPIClient::V2::CloudWorkloadSecurityAPI +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe 'CloudWorkloadSecurityAPI' do + before do + # run before each test + @api_instance = DatadogAPIClient::V2::CloudWorkloadSecurityAPI.new + end + + after do + # run after each test + end + + describe 'test an instance of CloudWorkloadSecurityAPI' do + it 'should create an instance of CloudWorkloadSecurityAPI' do + expect(@api_instance).to be_instance_of(DatadogAPIClient::V2::CloudWorkloadSecurityAPI) + end + end + + # unit tests for create_cloud_workload_security_agent_rule + # Create a Cloud Workload Security Agent rule + # Create a new Agent rule with the given parameters. + # @param body The definition of the new Agent rule. + # @param [Hash] opts the optional parameters + # @return [CloudWorkloadSecurityAgentRuleResponse] + describe 'create_cloud_workload_security_agent_rule test' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + + # unit tests for delete_cloud_workload_security_agent_rule + # Delete a Cloud Workload Security Agent rule + # Delete a specific Agent rule. + # @param agent_rule_id The ID of the Agent rule. + # @param [Hash] opts the optional parameters + # @return [nil] + describe 'delete_cloud_workload_security_agent_rule test' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + + # unit tests for download_cloud_workload_policy_file + # Get the latest Cloud Workload Security policy + # The download endpoint generates a Cloud Workload Security policy file from your currently active Cloud Workload Security rules, and downloads them as a .policy file. This file can then be deployed to your agents to update the policy running in your environment. + # @param [Hash] opts the optional parameters + # @return [File] + describe 'download_cloud_workload_policy_file test' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + + # unit tests for get_cloud_workload_security_agent_rule + # Get a Cloud Workload Security Agent rule + # Get the details of a specific Agent rule. + # @param agent_rule_id The ID of the Agent rule. + # @param [Hash] opts the optional parameters + # @return [CloudWorkloadSecurityAgentRuleResponse] + describe 'get_cloud_workload_security_agent_rule test' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + + # unit tests for list_cloud_workload_security_agent_rules + # Get all Cloud Workload Security Agent rules + # Get the list of Agent rules. + # @param [Hash] opts the optional parameters + # @return [CloudWorkloadSecurityAgentRulesListResponse] + describe 'list_cloud_workload_security_agent_rules test' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + + # unit tests for update_cloud_workload_security_agent_rule + # Update a Cloud Workload Security Agent rule + # Update a specific Agent rule. Returns the Agent rule object when the request is successful. + # @param agent_rule_id The ID of the Agent rule. + # @param body New definition of the Agent rule. + # @param [Hash] opts the optional parameters + # @return [CloudWorkloadSecurityAgentRuleResponse] + describe 'update_cloud_workload_security_agent_rule test' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + +end diff --git a/spec/v2/models/cloud_workload_security_agent_rule_attributes_spec.rb b/spec/v2/models/cloud_workload_security_agent_rule_attributes_spec.rb new file mode 100644 index 000000000000..16b48a71c392 --- /dev/null +++ b/spec/v2/models/cloud_workload_security_agent_rule_attributes_spec.rb @@ -0,0 +1,97 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://openapi-generator.tech + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleAttributes +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleAttributes do + let(:instance) { DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleAttributes.new } + + describe 'test an instance of CloudWorkloadSecurityAgentRuleAttributes' do + it 'should create an instance of CloudWorkloadSecurityAgentRuleAttributes' do + expect(instance).to be_instance_of(DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleAttributes) + end + end + describe 'test attribute "category"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + + describe 'test attribute "creation_date"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + + describe 'test attribute "creator"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + + describe 'test attribute "default_rule"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + + describe 'test attribute "description"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + + describe 'test attribute "enabled"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + + describe 'test attribute "expression"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + + describe 'test attribute "name"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + + describe 'test attribute "updated_at"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + + describe 'test attribute "updater"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + + describe 'test attribute "version"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + +end diff --git a/spec/v2/models/cloud_workload_security_agent_rule_create_attributes_spec.rb b/spec/v2/models/cloud_workload_security_agent_rule_create_attributes_spec.rb new file mode 100644 index 000000000000..fc87dba6aeac --- /dev/null +++ b/spec/v2/models/cloud_workload_security_agent_rule_create_attributes_spec.rb @@ -0,0 +1,55 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://openapi-generator.tech + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateAttributes +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateAttributes do + let(:instance) { DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateAttributes.new } + + describe 'test an instance of CloudWorkloadSecurityAgentRuleCreateAttributes' do + it 'should create an instance of CloudWorkloadSecurityAgentRuleCreateAttributes' do + expect(instance).to be_instance_of(DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateAttributes) + end + end + describe 'test attribute "description"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + + describe 'test attribute "enabled"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + + describe 'test attribute "expression"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + + describe 'test attribute "name"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + +end diff --git a/spec/v2/models/cloud_workload_security_agent_rule_create_data_spec.rb b/spec/v2/models/cloud_workload_security_agent_rule_create_data_spec.rb new file mode 100644 index 000000000000..d7c2f574c628 --- /dev/null +++ b/spec/v2/models/cloud_workload_security_agent_rule_create_data_spec.rb @@ -0,0 +1,43 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://openapi-generator.tech + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateData +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateData do + let(:instance) { DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateData.new } + + describe 'test an instance of CloudWorkloadSecurityAgentRuleCreateData' do + it 'should create an instance of CloudWorkloadSecurityAgentRuleCreateData' do + expect(instance).to be_instance_of(DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateData) + end + end + describe 'test attribute "attributes"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + + describe 'test attribute "type"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + +end diff --git a/spec/v2/models/cloud_workload_security_agent_rule_create_request_spec.rb b/spec/v2/models/cloud_workload_security_agent_rule_create_request_spec.rb new file mode 100644 index 000000000000..4a477f45ae72 --- /dev/null +++ b/spec/v2/models/cloud_workload_security_agent_rule_create_request_spec.rb @@ -0,0 +1,37 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://openapi-generator.tech + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateRequest +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateRequest do + let(:instance) { DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateRequest.new } + + describe 'test an instance of CloudWorkloadSecurityAgentRuleCreateRequest' do + it 'should create an instance of CloudWorkloadSecurityAgentRuleCreateRequest' do + expect(instance).to be_instance_of(DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreateRequest) + end + end + describe 'test attribute "data"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + +end diff --git a/spec/v2/models/cloud_workload_security_agent_rule_creator_attributes_spec.rb b/spec/v2/models/cloud_workload_security_agent_rule_creator_attributes_spec.rb new file mode 100644 index 000000000000..80fbe0eb7a2d --- /dev/null +++ b/spec/v2/models/cloud_workload_security_agent_rule_creator_attributes_spec.rb @@ -0,0 +1,43 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://openapi-generator.tech + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreatorAttributes +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreatorAttributes do + let(:instance) { DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreatorAttributes.new } + + describe 'test an instance of CloudWorkloadSecurityAgentRuleCreatorAttributes' do + it 'should create an instance of CloudWorkloadSecurityAgentRuleCreatorAttributes' do + expect(instance).to be_instance_of(DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleCreatorAttributes) + end + end + describe 'test attribute "handle"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + + describe 'test attribute "name"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + +end diff --git a/spec/v2/models/cloud_workload_security_agent_rule_data_spec.rb b/spec/v2/models/cloud_workload_security_agent_rule_data_spec.rb new file mode 100644 index 000000000000..41b142274bb5 --- /dev/null +++ b/spec/v2/models/cloud_workload_security_agent_rule_data_spec.rb @@ -0,0 +1,49 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://openapi-generator.tech + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleData +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleData do + let(:instance) { DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleData.new } + + describe 'test an instance of CloudWorkloadSecurityAgentRuleData' do + it 'should create an instance of CloudWorkloadSecurityAgentRuleData' do + expect(instance).to be_instance_of(DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleData) + end + end + describe 'test attribute "attributes"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + + describe 'test attribute "id"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + + describe 'test attribute "type"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + +end diff --git a/spec/v2/models/cloud_workload_security_agent_rule_response_spec.rb b/spec/v2/models/cloud_workload_security_agent_rule_response_spec.rb new file mode 100644 index 000000000000..467f3f1d6e1d --- /dev/null +++ b/spec/v2/models/cloud_workload_security_agent_rule_response_spec.rb @@ -0,0 +1,37 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://openapi-generator.tech + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleResponse +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleResponse do + let(:instance) { DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleResponse.new } + + describe 'test an instance of CloudWorkloadSecurityAgentRuleResponse' do + it 'should create an instance of CloudWorkloadSecurityAgentRuleResponse' do + expect(instance).to be_instance_of(DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleResponse) + end + end + describe 'test attribute "data"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + +end diff --git a/spec/v2/models/cloud_workload_security_agent_rule_type_spec.rb b/spec/v2/models/cloud_workload_security_agent_rule_type_spec.rb new file mode 100644 index 000000000000..07877103cb8b --- /dev/null +++ b/spec/v2/models/cloud_workload_security_agent_rule_type_spec.rb @@ -0,0 +1,31 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://openapi-generator.tech + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleType +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleType do + let(:instance) { DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleType.new } + + describe 'test an instance of CloudWorkloadSecurityAgentRuleType' do + it 'should create an instance of CloudWorkloadSecurityAgentRuleType' do + expect(instance).to be_instance_of(DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleType) + end + end +end diff --git a/spec/v2/models/cloud_workload_security_agent_rule_update_attributes_spec.rb b/spec/v2/models/cloud_workload_security_agent_rule_update_attributes_spec.rb new file mode 100644 index 000000000000..9f34a5dea1f3 --- /dev/null +++ b/spec/v2/models/cloud_workload_security_agent_rule_update_attributes_spec.rb @@ -0,0 +1,49 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://openapi-generator.tech + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateAttributes +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateAttributes do + let(:instance) { DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateAttributes.new } + + describe 'test an instance of CloudWorkloadSecurityAgentRuleUpdateAttributes' do + it 'should create an instance of CloudWorkloadSecurityAgentRuleUpdateAttributes' do + expect(instance).to be_instance_of(DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateAttributes) + end + end + describe 'test attribute "description"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + + describe 'test attribute "enabled"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + + describe 'test attribute "expression"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + +end diff --git a/spec/v2/models/cloud_workload_security_agent_rule_update_data_spec.rb b/spec/v2/models/cloud_workload_security_agent_rule_update_data_spec.rb new file mode 100644 index 000000000000..afef734b5904 --- /dev/null +++ b/spec/v2/models/cloud_workload_security_agent_rule_update_data_spec.rb @@ -0,0 +1,43 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://openapi-generator.tech + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateData +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateData do + let(:instance) { DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateData.new } + + describe 'test an instance of CloudWorkloadSecurityAgentRuleUpdateData' do + it 'should create an instance of CloudWorkloadSecurityAgentRuleUpdateData' do + expect(instance).to be_instance_of(DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateData) + end + end + describe 'test attribute "attributes"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + + describe 'test attribute "type"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + +end diff --git a/spec/v2/models/cloud_workload_security_agent_rule_update_request_spec.rb b/spec/v2/models/cloud_workload_security_agent_rule_update_request_spec.rb new file mode 100644 index 000000000000..efb82af9f531 --- /dev/null +++ b/spec/v2/models/cloud_workload_security_agent_rule_update_request_spec.rb @@ -0,0 +1,37 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://openapi-generator.tech + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateRequest +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateRequest do + let(:instance) { DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateRequest.new } + + describe 'test an instance of CloudWorkloadSecurityAgentRuleUpdateRequest' do + it 'should create an instance of CloudWorkloadSecurityAgentRuleUpdateRequest' do + expect(instance).to be_instance_of(DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdateRequest) + end + end + describe 'test attribute "data"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + +end diff --git a/spec/v2/models/cloud_workload_security_agent_rule_updater_attributes_spec.rb b/spec/v2/models/cloud_workload_security_agent_rule_updater_attributes_spec.rb new file mode 100644 index 000000000000..587644244d04 --- /dev/null +++ b/spec/v2/models/cloud_workload_security_agent_rule_updater_attributes_spec.rb @@ -0,0 +1,43 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://openapi-generator.tech + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdaterAttributes +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdaterAttributes do + let(:instance) { DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdaterAttributes.new } + + describe 'test an instance of CloudWorkloadSecurityAgentRuleUpdaterAttributes' do + it 'should create an instance of CloudWorkloadSecurityAgentRuleUpdaterAttributes' do + expect(instance).to be_instance_of(DatadogAPIClient::V2::CloudWorkloadSecurityAgentRuleUpdaterAttributes) + end + end + describe 'test attribute "handle"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + + describe 'test attribute "name"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + +end diff --git a/spec/v2/models/cloud_workload_security_agent_rules_list_response_spec.rb b/spec/v2/models/cloud_workload_security_agent_rules_list_response_spec.rb new file mode 100644 index 000000000000..d809e7dc7d7b --- /dev/null +++ b/spec/v2/models/cloud_workload_security_agent_rules_list_response_spec.rb @@ -0,0 +1,37 @@ +=begin +#Datadog API V2 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://openapi-generator.tech + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'spec_helper' +require 'json' +require 'date' + +# Unit tests for DatadogAPIClient::V2::CloudWorkloadSecurityAgentRulesListResponse +# Automatically generated by openapi-generator (https://openapi-generator.tech) +# Please update as you see appropriate +describe DatadogAPIClient::V2::CloudWorkloadSecurityAgentRulesListResponse do + let(:instance) { DatadogAPIClient::V2::CloudWorkloadSecurityAgentRulesListResponse.new } + + describe 'test an instance of CloudWorkloadSecurityAgentRulesListResponse' do + it 'should create an instance of CloudWorkloadSecurityAgentRulesListResponse' do + expect(instance).to be_instance_of(DatadogAPIClient::V2::CloudWorkloadSecurityAgentRulesListResponse) + end + end + describe 'test attribute "data"' do + it 'should work' do + # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers + end + end + +end