diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 759d9cf062..d9b40c6857 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -529,6 +529,20 @@ components: required: true schema: type: string + HistoricalJobID: + description: The ID of the job. + in: path + name: job_id + required: true + schema: + type: string + HistoricalSignalID: + description: The ID of the historical signal. + in: path + name: histsignal_id + required: true + schema: + type: string IncidentIDPathParameter: description: The UUID of the incident. in: path @@ -1238,20 +1252,6 @@ components: required: true schema: type: string - ThreatHuntingJobID: - description: The ID of the job. - in: path - name: job_id - required: true - schema: - type: string - ThreatHuntingSignalID: - description: The ID of the threat hunting signal. - in: path - name: histsignal_id - required: true - schema: - type: string ToTimestamp: description: The ending timestamp for the SLO status query in epoch seconds. in: query @@ -14414,7 +14414,7 @@ components: - GZIP - DEFLATE ConvertJobResultsToSignalsAttributes: - description: Attributes for converting threat hunting job results to signals. + description: Attributes for converting historical job results to signals. properties: id: description: Request ID. @@ -14448,7 +14448,7 @@ components: - notifications type: object ConvertJobResultsToSignalsData: - description: Data for converting threat hunting job results to signals. + description: Data for converting historical job results to signals. properties: attributes: $ref: "#/components/schemas/ConvertJobResultsToSignalsAttributes" @@ -14463,7 +14463,7 @@ components: x-enum-varnames: - HISTORICALDETECTIONSJOBRESULTSIGNALCONVERSION ConvertJobResultsToSignalsRequest: - description: Request for converting threat hunting job results to signals. + description: Request for converting historical job results to signals. properties: data: $ref: "#/components/schemas/ConvertJobResultsToSignalsData" @@ -30621,6 +30621,129 @@ components: type: string x-enum-varnames: - HAMR_ORG_CONNECTIONS + HistoricalJobDataType: + description: Type of payload. + enum: + - historicalDetectionsJob + type: string + x-enum-varnames: + - HISTORICALDETECTIONSJOB + HistoricalJobListMeta: + description: Metadata about the list of jobs. + properties: + totalCount: + description: Number of jobs in the list. + format: int32 + maximum: 2147483647 + type: integer + type: object + HistoricalJobOptions: + description: Job options. + properties: + anomalyDetectionOptions: + $ref: "#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptions" + detectionMethod: + $ref: "#/components/schemas/SecurityMonitoringRuleDetectionMethod" + evaluationWindow: + $ref: "#/components/schemas/SecurityMonitoringRuleEvaluationWindow" + impossibleTravelOptions: + $ref: "#/components/schemas/SecurityMonitoringRuleImpossibleTravelOptions" + keepAlive: + $ref: "#/components/schemas/SecurityMonitoringRuleKeepAlive" + maxSignalDuration: + $ref: "#/components/schemas/SecurityMonitoringRuleMaxSignalDuration" + newValueOptions: + $ref: "#/components/schemas/SecurityMonitoringRuleNewValueOptions" + sequenceDetectionOptions: + $ref: "#/components/schemas/SecurityMonitoringRuleSequenceDetectionOptions" + thirdPartyRuleOptions: + $ref: "#/components/schemas/SecurityMonitoringRuleThirdPartyOptions" + type: object + HistoricalJobQuery: + description: Query for selecting logs analyzed by the historical job. + properties: + aggregation: + $ref: "#/components/schemas/SecurityMonitoringRuleQueryAggregation" + dataSource: + $ref: "#/components/schemas/SecurityMonitoringStandardDataSource" + distinctFields: + description: Field for which the cardinality is measured. Sent as an array. + items: + description: Field. + type: string + type: array + groupByFields: + description: Fields to group by. + items: + description: Field. + type: string + type: array + hasOptionalGroupByFields: + default: false + description: When false, events without a group-by value are ignored by the query. When true, events with missing group-by fields are processed with `N/A`, replacing the missing values. + example: false + type: boolean + metrics: + description: Group of target fields to aggregate over when using the sum, max, geo data, or new value aggregations. The sum, max, and geo data aggregations only accept one value in this list, whereas the new value aggregation accepts up to five values. + items: + description: Field. + type: string + type: array + name: + description: Name of the query. + type: string + query: + description: Query to run on logs. + example: a > 3 + type: string + type: object + HistoricalJobResponse: + description: Historical job response. + properties: + data: + $ref: "#/components/schemas/HistoricalJobResponseData" + type: object + HistoricalJobResponseAttributes: + description: Historical job attributes. + properties: + createdAt: + description: Time when the job was created. + type: string + createdByHandle: + description: The handle of the user who created the job. + type: string + createdByName: + description: The name of the user who created the job. + type: string + createdFromRuleId: + description: ID of the rule used to create the job (if it is created from a rule). + type: string + jobDefinition: + $ref: "#/components/schemas/JobDefinition" + jobName: + description: Job name. + type: string + jobStatus: + description: Job status. + type: string + modifiedAt: + description: Last modification time of the job. + type: string + signalOutput: + description: Whether the job outputs signals. + type: boolean + type: object + HistoricalJobResponseData: + description: Historical job response data. + properties: + attributes: + $ref: "#/components/schemas/HistoricalJobResponseAttributes" + id: + description: ID of the job. + type: string + type: + $ref: "#/components/schemas/HistoricalJobDataType" + type: object HourlyUsage: description: Hourly usage for a product family for an org. properties: @@ -35919,7 +36042,7 @@ components: x-enum-varnames: - JIRA_ISSUES JobCreateResponse: - description: Run a threat hunting job response. + description: Run a historical job response. properties: data: $ref: "#/components/schemas/JobCreateResponseData" @@ -35931,10 +36054,10 @@ components: description: ID of the created job. type: string type: - $ref: "#/components/schemas/ThreatHuntingJobDataType" + $ref: "#/components/schemas/HistoricalJobDataType" type: object JobDefinition: - description: Definition of a threat hunting job. + description: Definition of a historical job. properties: calculatedFields: description: Calculated fields. @@ -35972,11 +36095,11 @@ components: example: Excessive number of failed attempts. type: string options: - $ref: "#/components/schemas/ThreatHuntingJobOptions" + $ref: "#/components/schemas/HistoricalJobOptions" queries: description: Queries for selecting logs analyzed by the job. items: - $ref: "#/components/schemas/ThreatHuntingJobQuery" + $ref: "#/components/schemas/HistoricalJobQuery" type: array referenceTables: description: Reference tables used in the queries. @@ -36013,7 +36136,7 @@ components: - message type: object JobDefinitionFromRule: - description: Definition of a threat hunting job based on a security monitoring rule. + description: Definition of a historical job based on a security monitoring rule. properties: from: description: Starting time of data analyzed by the job. @@ -38412,6 +38535,17 @@ components: - data - meta type: object + ListHistoricalJobsResponse: + description: List of historical jobs. + properties: + data: + description: Array containing the list of historical jobs. + items: + $ref: "#/components/schemas/HistoricalJobResponseData" + type: array + meta: + $ref: "#/components/schemas/HistoricalJobListMeta" + type: object ListIntegrationsResponse: description: Response containing information about multiple integrations. properties: @@ -38763,17 +38897,6 @@ components: - _NAME - USER_COUNT - _USER_COUNT - ListThreatHuntingJobsResponse: - description: List of threat hunting jobs. - properties: - data: - description: Array containing the list of threat hunting jobs. - items: - $ref: "#/components/schemas/ThreatHuntingJobResponseData" - type: array - meta: - $ref: "#/components/schemas/ThreatHuntingJobListMeta" - type: object ListVulnerabilitiesResponse: description: The expected response schema when listing vulnerabilities. properties: @@ -56533,18 +56656,14 @@ components: $ref: "#/components/schemas/RumRetentionFilterData" type: array type: object - RunRetentionFilterName: - description: The name of a RUM retention filter. - example: "Retention filter for session" - type: string - RunThreatHuntingJobRequest: - description: Run a threat hunting job request. + RunHistoricalJobRequest: + description: Run a historical job request. properties: data: - $ref: "#/components/schemas/RunThreatHuntingJobRequestData" + $ref: "#/components/schemas/RunHistoricalJobRequestData" type: object - RunThreatHuntingJobRequestAttributes: - description: Run a threat hunting job request. + RunHistoricalJobRequestAttributes: + description: Run a historical job request. properties: fromRule: $ref: "#/components/schemas/JobDefinitionFromRule" @@ -56554,21 +56673,25 @@ components: jobDefinition: $ref: "#/components/schemas/JobDefinition" type: object - RunThreatHuntingJobRequestData: - description: Data for running a threat hunting job request. + RunHistoricalJobRequestData: + description: Data for running a historical job request. properties: attributes: - $ref: "#/components/schemas/RunThreatHuntingJobRequestAttributes" + $ref: "#/components/schemas/RunHistoricalJobRequestAttributes" type: - $ref: "#/components/schemas/RunThreatHuntingJobRequestDataType" + $ref: "#/components/schemas/RunHistoricalJobRequestDataType" type: object - RunThreatHuntingJobRequestDataType: + RunHistoricalJobRequestDataType: description: Type of data. enum: - historicalDetectionsJobCreate type: string x-enum-varnames: - HISTORICALDETECTIONSJOBCREATE + RunRetentionFilterName: + description: The name of a RUM retention filter. + example: "Retention filter for session" + type: string SAMLAssertionAttribute: description: SAML assertion attribute. properties: @@ -71480,129 +71603,6 @@ components: type: string x-enum-varnames: - TEST_OPTIMIZATION_UPDATE_SERVICE_SETTINGS_REQUEST - ThreatHuntingJobDataType: - description: Type of payload. - enum: - - historicalDetectionsJob - type: string - x-enum-varnames: - - HISTORICALDETECTIONSJOB - ThreatHuntingJobListMeta: - description: Metadata about the list of jobs. - properties: - totalCount: - description: Number of jobs in the list. - format: int32 - maximum: 2147483647 - type: integer - type: object - ThreatHuntingJobOptions: - description: Job options. - properties: - anomalyDetectionOptions: - $ref: "#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptions" - detectionMethod: - $ref: "#/components/schemas/SecurityMonitoringRuleDetectionMethod" - evaluationWindow: - $ref: "#/components/schemas/SecurityMonitoringRuleEvaluationWindow" - impossibleTravelOptions: - $ref: "#/components/schemas/SecurityMonitoringRuleImpossibleTravelOptions" - keepAlive: - $ref: "#/components/schemas/SecurityMonitoringRuleKeepAlive" - maxSignalDuration: - $ref: "#/components/schemas/SecurityMonitoringRuleMaxSignalDuration" - newValueOptions: - $ref: "#/components/schemas/SecurityMonitoringRuleNewValueOptions" - sequenceDetectionOptions: - $ref: "#/components/schemas/SecurityMonitoringRuleSequenceDetectionOptions" - thirdPartyRuleOptions: - $ref: "#/components/schemas/SecurityMonitoringRuleThirdPartyOptions" - type: object - ThreatHuntingJobQuery: - description: Query for selecting logs analyzed by the threat hunting job. - properties: - aggregation: - $ref: "#/components/schemas/SecurityMonitoringRuleQueryAggregation" - dataSource: - $ref: "#/components/schemas/SecurityMonitoringStandardDataSource" - distinctFields: - description: Field for which the cardinality is measured. Sent as an array. - items: - description: Field. - type: string - type: array - groupByFields: - description: Fields to group by. - items: - description: Field. - type: string - type: array - hasOptionalGroupByFields: - default: false - description: When false, events without a group-by value are ignored by the query. When true, events with missing group-by fields are processed with `N/A`, replacing the missing values. - example: false - type: boolean - metrics: - description: Group of target fields to aggregate over when using the sum, max, geo data, or new value aggregations. The sum, max, and geo data aggregations only accept one value in this list, whereas the new value aggregation accepts up to five values. - items: - description: Field. - type: string - type: array - name: - description: Name of the query. - type: string - query: - description: Query to run on logs. - example: a > 3 - type: string - type: object - ThreatHuntingJobResponse: - description: Threat hunting job response. - properties: - data: - $ref: "#/components/schemas/ThreatHuntingJobResponseData" - type: object - ThreatHuntingJobResponseAttributes: - description: Threat hunting job attributes. - properties: - createdAt: - description: Time when the job was created. - type: string - createdByHandle: - description: The handle of the user who created the job. - type: string - createdByName: - description: The name of the user who created the job. - type: string - createdFromRuleId: - description: ID of the rule used to create the job (if it is created from a rule). - type: string - jobDefinition: - $ref: "#/components/schemas/JobDefinition" - jobName: - description: Job name. - type: string - jobStatus: - description: Job status. - type: string - modifiedAt: - description: Last modification time of the job. - type: string - signalOutput: - description: Whether the job outputs signals. - type: boolean - type: object - ThreatHuntingJobResponseData: - description: Threat hunting job response data. - properties: - attributes: - $ref: "#/components/schemas/ThreatHuntingJobResponseAttributes" - id: - description: ID of the job. - type: string - type: - $ref: "#/components/schemas/ThreatHuntingJobDataType" - type: object TimeAggregation: description: |- Time aggregation period (in seconds) is used to aggregate the results of the notification rule evaluation. @@ -109986,7 +109986,7 @@ paths: - incident_settings_write x-unstable: |- **Note**: This endpoint is deprecated. - /api/v2/siem-threat-hunting/histsignals: + /api/v2/siem-historical-detections/histsignals: get: description: List hist signals. operationId: ListSecurityMonitoringHistsignals @@ -110026,7 +110026,7 @@ paths: x-unstable: |- **Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates. - /api/v2/siem-threat-hunting/histsignals/search: + /api/v2/siem-historical-detections/histsignals/search: get: description: Search hist signals. operationId: SearchSecurityMonitoringHistsignals @@ -110065,12 +110065,12 @@ paths: x-unstable: |- **Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates. - /api/v2/siem-threat-hunting/histsignals/{histsignal_id}: + /api/v2/siem-historical-detections/histsignals/{histsignal_id}: get: description: Get a hist signal's details. operationId: GetSecurityMonitoringHistsignal parameters: - - $ref: "#/components/parameters/ThreatHuntingSignalID" + - $ref: "#/components/parameters/HistoricalSignalID" responses: "200": content: @@ -110100,10 +110100,10 @@ paths: x-unstable: |- **Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates. - /api/v2/siem-threat-hunting/jobs: + /api/v2/siem-historical-detections/jobs: get: - description: List threat hunting jobs. - operationId: ListThreatHuntingJobs + description: List historical jobs. + operationId: ListHistoricalJobs parameters: - $ref: "#/components/parameters/PageSize" - $ref: "#/components/parameters/PageNumber" @@ -110126,7 +110126,7 @@ paths: content: "application/json": schema: - $ref: "#/components/schemas/ListThreatHuntingJobsResponse" + $ref: "#/components/schemas/ListHistoricalJobsResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" @@ -110138,20 +110138,20 @@ paths: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] - summary: List threat hunting jobs + summary: List historical jobs tags: ["Security Monitoring"] x-unstable: |- **Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates. post: description: |- - Run a threat hunting job. - operationId: RunThreatHuntingJob + Run a historical job. + operationId: RunHistoricalJob requestBody: content: "application/json": schema: - $ref: "#/components/schemas/RunThreatHuntingJobRequest" + $ref: "#/components/schemas/RunHistoricalJobRequest" required: true responses: "201": @@ -110175,7 +110175,7 @@ paths: appKeyAuth: [] - AuthZ: - security_monitoring_rules_write - summary: Run a threat hunting job + summary: Run a historical job tags: ["Security Monitoring"] x-codegen-request-body-name: body "x-permission": @@ -110185,7 +110185,7 @@ paths: x-unstable: |- **Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates. - /api/v2/siem-threat-hunting/jobs/signal_convert: + /api/v2/siem-historical-detections/jobs/signal_convert: post: description: |- Convert a job result to a signal. @@ -110219,13 +110219,13 @@ paths: x-unstable: |- **Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates. - /api/v2/siem-threat-hunting/jobs/{job_id}: + /api/v2/siem-historical-detections/jobs/{job_id}: delete: description: |- Delete an existing job. - operationId: DeleteThreatHuntingJob + operationId: DeleteHistoricalJob parameters: - - $ref: "#/components/parameters/ThreatHuntingJobID" + - $ref: "#/components/parameters/HistoricalJobID" responses: "204": description: OK @@ -110252,15 +110252,15 @@ paths: Please check the documentation regularly for updates. get: description: Get a job's details. - operationId: GetThreatHuntingJob + operationId: GetHistoricalJob parameters: - - $ref: "#/components/parameters/ThreatHuntingJobID" + - $ref: "#/components/parameters/HistoricalJobID" responses: "200": content: "application/json": schema: - $ref: "#/components/schemas/ThreatHuntingJobResponse" + $ref: "#/components/schemas/HistoricalJobResponse" description: OK "400": $ref: "#/components/responses/BadRequestResponse" @@ -110284,12 +110284,12 @@ paths: x-unstable: |- **Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates. - /api/v2/siem-threat-hunting/jobs/{job_id}/cancel: + /api/v2/siem-historical-detections/jobs/{job_id}/cancel: patch: - description: Cancel a threat hunting job. - operationId: CancelThreatHuntingJob + description: Cancel a historical job. + operationId: CancelHistoricalJob parameters: - - $ref: "#/components/parameters/ThreatHuntingJobID" + - $ref: "#/components/parameters/HistoricalJobID" responses: "204": description: OK @@ -110310,7 +110310,7 @@ paths: appKeyAuth: [] - AuthZ: - security_monitoring_rules_write - summary: Cancel a threat hunting job + summary: Cancel a historical job tags: ["Security Monitoring"] "x-permission": operator: OR @@ -110319,12 +110319,12 @@ paths: x-unstable: |- **Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates. - /api/v2/siem-threat-hunting/jobs/{job_id}/histsignals: + /api/v2/siem-historical-detections/jobs/{job_id}/histsignals: get: description: Get a job's hist signals. operationId: GetSecurityMonitoringHistsignalsByJobId parameters: - - $ref: "#/components/parameters/ThreatHuntingJobID" + - $ref: "#/components/parameters/HistoricalJobID" - $ref: "#/components/parameters/QueryFilterSearch" - $ref: "#/components/parameters/QueryFilterFrom" - $ref: "#/components/parameters/QueryFilterTo" diff --git a/docs/datadog_api_client.v2.model.rst b/docs/datadog_api_client.v2.model.rst index 9626a11073..f492b878da 100644 --- a/docs/datadog_api_client.v2.model.rst +++ b/docs/datadog_api_client.v2.model.rst @@ -13017,6 +13017,55 @@ datadog\_api\_client.v2.model.hamr\_org\_connection\_type module :members: :show-inheritance: +datadog\_api\_client.v2.model.historical\_job\_data\_type module +---------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.historical_job_data_type + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.historical\_job\_list\_meta module +---------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.historical_job_list_meta + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.historical\_job\_options module +------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.historical_job_options + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.historical\_job\_query module +----------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.historical_job_query + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.historical\_job\_response module +-------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.historical_job_response + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.historical\_job\_response\_attributes module +-------------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.historical_job_response_attributes + :members: + :show-inheritance: + +datadog\_api\_client.v2.model.historical\_job\_response\_data module +-------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.historical_job_response_data + :members: + :show-inheritance: + datadog\_api\_client.v2.model.hourly\_usage module -------------------------------------------------- @@ -16104,6 +16153,13 @@ datadog\_api\_client.v2.model.list\_findings\_response module :members: :show-inheritance: +datadog\_api\_client.v2.model.list\_historical\_jobs\_response module +--------------------------------------------------------------------- + +.. automodule:: datadog_api_client.v2.model.list_historical_jobs_response + :members: + :show-inheritance: + datadog\_api\_client.v2.model.list\_integrations\_response module ----------------------------------------------------------------- @@ -16293,13 +16349,6 @@ datadog\_api\_client.v2.model.list\_teams\_sort module :members: :show-inheritance: -datadog\_api\_client.v2.model.list\_threat\_hunting\_jobs\_response module --------------------------------------------------------------------------- - -.. automodule:: datadog_api_client.v2.model.list_threat_hunting_jobs_response - :members: - :show-inheritance: - datadog\_api\_client.v2.model.list\_vulnerabilities\_response module -------------------------------------------------------------------- @@ -25547,31 +25596,31 @@ datadog\_api\_client.v2.model.rum\_warning module :members: :show-inheritance: -datadog\_api\_client.v2.model.run\_threat\_hunting\_job\_request module ------------------------------------------------------------------------ +datadog\_api\_client.v2.model.run\_historical\_job\_request module +------------------------------------------------------------------ -.. automodule:: datadog_api_client.v2.model.run_threat_hunting_job_request +.. automodule:: datadog_api_client.v2.model.run_historical_job_request :members: :show-inheritance: -datadog\_api\_client.v2.model.run\_threat\_hunting\_job\_request\_attributes module ------------------------------------------------------------------------------------ +datadog\_api\_client.v2.model.run\_historical\_job\_request\_attributes module +------------------------------------------------------------------------------ -.. automodule:: datadog_api_client.v2.model.run_threat_hunting_job_request_attributes +.. automodule:: datadog_api_client.v2.model.run_historical_job_request_attributes :members: :show-inheritance: -datadog\_api\_client.v2.model.run\_threat\_hunting\_job\_request\_data module ------------------------------------------------------------------------------ +datadog\_api\_client.v2.model.run\_historical\_job\_request\_data module +------------------------------------------------------------------------ -.. automodule:: datadog_api_client.v2.model.run_threat_hunting_job_request_data +.. automodule:: datadog_api_client.v2.model.run_historical_job_request_data :members: :show-inheritance: -datadog\_api\_client.v2.model.run\_threat\_hunting\_job\_request\_data\_type module ------------------------------------------------------------------------------------ +datadog\_api\_client.v2.model.run\_historical\_job\_request\_data\_type module +------------------------------------------------------------------------------ -.. automodule:: datadog_api_client.v2.model.run_threat_hunting_job_request_data_type +.. automodule:: datadog_api_client.v2.model.run_historical_job_request_data_type :members: :show-inheritance: @@ -32225,55 +32274,6 @@ datadog\_api\_client.v2.model.test\_optimization\_update\_service\_settings\_req :members: :show-inheritance: -datadog\_api\_client.v2.model.threat\_hunting\_job\_data\_type module ---------------------------------------------------------------------- - -.. automodule:: datadog_api_client.v2.model.threat_hunting_job_data_type - :members: - :show-inheritance: - -datadog\_api\_client.v2.model.threat\_hunting\_job\_list\_meta module ---------------------------------------------------------------------- - -.. automodule:: datadog_api_client.v2.model.threat_hunting_job_list_meta - :members: - :show-inheritance: - -datadog\_api\_client.v2.model.threat\_hunting\_job\_options module ------------------------------------------------------------------- - -.. automodule:: datadog_api_client.v2.model.threat_hunting_job_options - :members: - :show-inheritance: - -datadog\_api\_client.v2.model.threat\_hunting\_job\_query module ----------------------------------------------------------------- - -.. automodule:: datadog_api_client.v2.model.threat_hunting_job_query - :members: - :show-inheritance: - -datadog\_api\_client.v2.model.threat\_hunting\_job\_response module -------------------------------------------------------------------- - -.. automodule:: datadog_api_client.v2.model.threat_hunting_job_response - :members: - :show-inheritance: - -datadog\_api\_client.v2.model.threat\_hunting\_job\_response\_attributes module -------------------------------------------------------------------------------- - -.. automodule:: datadog_api_client.v2.model.threat_hunting_job_response_attributes - :members: - :show-inheritance: - -datadog\_api\_client.v2.model.threat\_hunting\_job\_response\_data module -------------------------------------------------------------------------- - -.. automodule:: datadog_api_client.v2.model.threat_hunting_job_response_data - :members: - :show-inheritance: - datadog\_api\_client.v2.model.time\_restriction module ------------------------------------------------------ diff --git a/examples/v2/security-monitoring/CancelThreatHuntingJob_1945505845.py b/examples/v2/security-monitoring/CancelHistoricalJob.py similarity index 50% rename from examples/v2/security-monitoring/CancelThreatHuntingJob_1945505845.py rename to examples/v2/security-monitoring/CancelHistoricalJob.py index b15aed48a4..ffade0ee16 100644 --- a/examples/v2/security-monitoring/CancelThreatHuntingJob_1945505845.py +++ b/examples/v2/security-monitoring/CancelHistoricalJob.py @@ -6,14 +6,14 @@ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi -# there is a valid "threat_hunting_job" in the system -THREAT_HUNTING_JOB_DATA_ID = environ["THREAT_HUNTING_JOB_DATA_ID"] +# there is a valid "historical_job" in the system +HISTORICAL_JOB_DATA_ID = environ["HISTORICAL_JOB_DATA_ID"] configuration = Configuration() -configuration.unstable_operations["cancel_threat_hunting_job"] = True -configuration.unstable_operations["run_threat_hunting_job"] = True +configuration.unstable_operations["cancel_historical_job"] = True +configuration.unstable_operations["run_historical_job"] = True with ApiClient(configuration) as api_client: api_instance = SecurityMonitoringApi(api_client) - api_instance.cancel_threat_hunting_job( - job_id=THREAT_HUNTING_JOB_DATA_ID, + api_instance.cancel_historical_job( + job_id=HISTORICAL_JOB_DATA_ID, ) diff --git a/examples/v2/security-monitoring/CancelThreatHuntingJob.py b/examples/v2/security-monitoring/CancelThreatHuntingJob.py deleted file mode 100644 index 96a2bd4d25..0000000000 --- a/examples/v2/security-monitoring/CancelThreatHuntingJob.py +++ /dev/null @@ -1,14 +0,0 @@ -""" -Cancel a threat hunting job returns "OK" response -""" - -from datadog_api_client import ApiClient, Configuration -from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi - -configuration = Configuration() -configuration.unstable_operations["cancel_threat_hunting_job"] = True -with ApiClient(configuration) as api_client: - api_instance = SecurityMonitoringApi(api_client) - api_instance.cancel_threat_hunting_job( - job_id="job_id", - ) diff --git a/examples/v2/security-monitoring/DeleteThreatHuntingJob.py b/examples/v2/security-monitoring/DeleteHistoricalJob.py similarity index 75% rename from examples/v2/security-monitoring/DeleteThreatHuntingJob.py rename to examples/v2/security-monitoring/DeleteHistoricalJob.py index 9f77a92e25..59811de16d 100644 --- a/examples/v2/security-monitoring/DeleteThreatHuntingJob.py +++ b/examples/v2/security-monitoring/DeleteHistoricalJob.py @@ -6,9 +6,9 @@ from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi configuration = Configuration() -configuration.unstable_operations["delete_threat_hunting_job"] = True +configuration.unstable_operations["delete_historical_job"] = True with ApiClient(configuration) as api_client: api_instance = SecurityMonitoringApi(api_client) - api_instance.delete_threat_hunting_job( + api_instance.delete_historical_job( job_id="job_id", ) diff --git a/examples/v2/security-monitoring/GetThreatHuntingJob.py b/examples/v2/security-monitoring/GetHistoricalJob.py similarity index 51% rename from examples/v2/security-monitoring/GetThreatHuntingJob.py rename to examples/v2/security-monitoring/GetHistoricalJob.py index 1a890147b7..e975c05c19 100644 --- a/examples/v2/security-monitoring/GetThreatHuntingJob.py +++ b/examples/v2/security-monitoring/GetHistoricalJob.py @@ -6,16 +6,16 @@ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi -# there is a valid "threat_hunting_job" in the system -THREAT_HUNTING_JOB_DATA_ID = environ["THREAT_HUNTING_JOB_DATA_ID"] +# there is a valid "historical_job" in the system +HISTORICAL_JOB_DATA_ID = environ["HISTORICAL_JOB_DATA_ID"] configuration = Configuration() -configuration.unstable_operations["get_threat_hunting_job"] = True -configuration.unstable_operations["run_threat_hunting_job"] = True +configuration.unstable_operations["get_historical_job"] = True +configuration.unstable_operations["run_historical_job"] = True with ApiClient(configuration) as api_client: api_instance = SecurityMonitoringApi(api_client) - response = api_instance.get_threat_hunting_job( - job_id=THREAT_HUNTING_JOB_DATA_ID, + response = api_instance.get_historical_job( + job_id=HISTORICAL_JOB_DATA_ID, ) print(response) diff --git a/examples/v2/security-monitoring/ListThreatHuntingJobs.py b/examples/v2/security-monitoring/ListHistoricalJobs.py similarity index 63% rename from examples/v2/security-monitoring/ListThreatHuntingJobs.py rename to examples/v2/security-monitoring/ListHistoricalJobs.py index 865b1636fe..0903e6db1f 100644 --- a/examples/v2/security-monitoring/ListThreatHuntingJobs.py +++ b/examples/v2/security-monitoring/ListHistoricalJobs.py @@ -1,14 +1,14 @@ """ -List threat hunting jobs returns "OK" response +List historical jobs returns "OK" response """ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi configuration = Configuration() -configuration.unstable_operations["list_threat_hunting_jobs"] = True +configuration.unstable_operations["list_historical_jobs"] = True with ApiClient(configuration) as api_client: api_instance = SecurityMonitoringApi(api_client) - response = api_instance.list_threat_hunting_jobs() + response = api_instance.list_historical_jobs() print(response) diff --git a/examples/v2/security-monitoring/ListThreatHuntingJobs_1365512061.py b/examples/v2/security-monitoring/ListThreatHuntingJobs_1365512061.py deleted file mode 100644 index 51a5bcda36..0000000000 --- a/examples/v2/security-monitoring/ListThreatHuntingJobs_1365512061.py +++ /dev/null @@ -1,21 +0,0 @@ -""" -List historical jobs returns "OK" response -""" - -from os import environ -from datadog_api_client import ApiClient, Configuration -from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi - -# there is a valid "threat_hunting_job" in the system -THREAT_HUNTING_JOB_DATA_ID = environ["THREAT_HUNTING_JOB_DATA_ID"] - -configuration = Configuration() -configuration.unstable_operations["list_threat_hunting_jobs"] = True -configuration.unstable_operations["run_threat_hunting_job"] = True -with ApiClient(configuration) as api_client: - api_instance = SecurityMonitoringApi(api_client) - response = api_instance.list_threat_hunting_jobs( - filter_query="id:string", - ) - - print(response) diff --git a/examples/v2/security-monitoring/RunThreatHuntingJob.py b/examples/v2/security-monitoring/RunHistoricalJob.py similarity index 67% rename from examples/v2/security-monitoring/RunThreatHuntingJob.py rename to examples/v2/security-monitoring/RunHistoricalJob.py index 4f8da41e2f..737bb0d3a3 100644 --- a/examples/v2/security-monitoring/RunThreatHuntingJob.py +++ b/examples/v2/security-monitoring/RunHistoricalJob.py @@ -1,14 +1,16 @@ """ -Run a threat hunting job returns "Status created" response +Run a historical job returns "Status created" response """ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi +from datadog_api_client.v2.model.historical_job_options import HistoricalJobOptions +from datadog_api_client.v2.model.historical_job_query import HistoricalJobQuery from datadog_api_client.v2.model.job_definition import JobDefinition -from datadog_api_client.v2.model.run_threat_hunting_job_request import RunThreatHuntingJobRequest -from datadog_api_client.v2.model.run_threat_hunting_job_request_attributes import RunThreatHuntingJobRequestAttributes -from datadog_api_client.v2.model.run_threat_hunting_job_request_data import RunThreatHuntingJobRequestData -from datadog_api_client.v2.model.run_threat_hunting_job_request_data_type import RunThreatHuntingJobRequestDataType +from datadog_api_client.v2.model.run_historical_job_request import RunHistoricalJobRequest +from datadog_api_client.v2.model.run_historical_job_request_attributes import RunHistoricalJobRequestAttributes +from datadog_api_client.v2.model.run_historical_job_request_data import RunHistoricalJobRequestData +from datadog_api_client.v2.model.run_historical_job_request_data_type import RunHistoricalJobRequestDataType from datadog_api_client.v2.model.security_monitoring_rule_case_create import SecurityMonitoringRuleCaseCreate from datadog_api_client.v2.model.security_monitoring_rule_evaluation_window import ( SecurityMonitoringRuleEvaluationWindow, @@ -21,18 +23,16 @@ SecurityMonitoringRuleQueryAggregation, ) from datadog_api_client.v2.model.security_monitoring_rule_severity import SecurityMonitoringRuleSeverity -from datadog_api_client.v2.model.threat_hunting_job_options import ThreatHuntingJobOptions -from datadog_api_client.v2.model.threat_hunting_job_query import ThreatHuntingJobQuery -body = RunThreatHuntingJobRequest( - data=RunThreatHuntingJobRequestData( - type=RunThreatHuntingJobRequestDataType.HISTORICALDETECTIONSJOBCREATE, - attributes=RunThreatHuntingJobRequestAttributes( +body = RunHistoricalJobRequest( + data=RunHistoricalJobRequestData( + type=RunHistoricalJobRequestDataType.HISTORICALDETECTIONSJOBCREATE, + attributes=RunHistoricalJobRequestAttributes( job_definition=JobDefinition( type="log_detection", name="Excessive number of failed attempts.", queries=[ - ThreatHuntingJobQuery( + HistoricalJobQuery( query="source:non_existing_src_weekend", aggregation=SecurityMonitoringRuleQueryAggregation.COUNT, group_by_fields=[], @@ -47,7 +47,7 @@ condition="a > 1", ), ], - options=ThreatHuntingJobOptions( + options=HistoricalJobOptions( keep_alive=SecurityMonitoringRuleKeepAlive.ONE_HOUR, max_signal_duration=SecurityMonitoringRuleMaxSignalDuration.ONE_DAY, evaluation_window=SecurityMonitoringRuleEvaluationWindow.FIFTEEN_MINUTES, @@ -63,9 +63,9 @@ ) configuration = Configuration() -configuration.unstable_operations["run_threat_hunting_job"] = True +configuration.unstable_operations["run_historical_job"] = True with ApiClient(configuration) as api_client: api_instance = SecurityMonitoringApi(api_client) - response = api_instance.run_threat_hunting_job(body=body) + response = api_instance.run_historical_job(body=body) print(response) diff --git a/src/datadog_api_client/configuration.py b/src/datadog_api_client/configuration.py index 12ff3b49fc..269cbf4c83 100644 --- a/src/datadog_api_client/configuration.py +++ b/src/datadog_api_client/configuration.py @@ -294,26 +294,26 @@ def __init__( "v2.get_aws_cloud_auth_persona_mapping": False, "v2.list_aws_cloud_auth_persona_mappings": False, "v2.activate_content_pack": False, - "v2.cancel_threat_hunting_job": False, + "v2.cancel_historical_job": False, "v2.convert_job_result_to_signal": False, "v2.deactivate_content_pack": False, - "v2.delete_threat_hunting_job": False, + "v2.delete_historical_job": False, "v2.get_content_packs_states": False, "v2.get_finding": False, + "v2.get_historical_job": False, "v2.get_rule_version_history": False, "v2.get_secrets_rules": False, "v2.get_security_monitoring_histsignal": False, "v2.get_security_monitoring_histsignals_by_job_id": False, - "v2.get_threat_hunting_job": False, "v2.list_findings": False, + "v2.list_historical_jobs": False, "v2.list_multiple_rulesets": False, "v2.list_scanned_assets_metadata": False, "v2.list_security_monitoring_histsignals": False, - "v2.list_threat_hunting_jobs": False, "v2.list_vulnerabilities": False, "v2.list_vulnerable_assets": False, "v2.mute_findings": False, - "v2.run_threat_hunting_job": False, + "v2.run_historical_job": False, "v2.search_security_monitoring_histsignals": False, "v2.get_code_coverage_branch_summary": False, "v2.get_code_coverage_commit_summary": False, diff --git a/src/datadog_api_client/v2/api/security_monitoring_api.py b/src/datadog_api_client/v2/api/security_monitoring_api.py index 3456effdab..95f72f68cb 100644 --- a/src/datadog_api_client/v2/api/security_monitoring_api.py +++ b/src/datadog_api_client/v2/api/security_monitoring_api.py @@ -151,11 +151,11 @@ from datadog_api_client.v2.model.security_monitoring_signal_state_update_request import ( SecurityMonitoringSignalStateUpdateRequest, ) -from datadog_api_client.v2.model.list_threat_hunting_jobs_response import ListThreatHuntingJobsResponse +from datadog_api_client.v2.model.list_historical_jobs_response import ListHistoricalJobsResponse from datadog_api_client.v2.model.job_create_response import JobCreateResponse -from datadog_api_client.v2.model.run_threat_hunting_job_request import RunThreatHuntingJobRequest +from datadog_api_client.v2.model.run_historical_job_request import RunHistoricalJobRequest from datadog_api_client.v2.model.convert_job_results_to_signals_request import ConvertJobResultsToSignalsRequest -from datadog_api_client.v2.model.threat_hunting_job_response import ThreatHuntingJobResponse +from datadog_api_client.v2.model.historical_job_response import HistoricalJobResponse from datadog_api_client.v2.model.get_multiple_rulesets_response import GetMultipleRulesetsResponse from datadog_api_client.v2.model.get_multiple_rulesets_request import GetMultipleRulesetsRequest from datadog_api_client.v2.model.secret_rule_array import SecretRuleArray @@ -300,12 +300,12 @@ def __init__(self, api_client=None): api_client=api_client, ) - self._cancel_threat_hunting_job_endpoint = _Endpoint( + self._cancel_historical_job_endpoint = _Endpoint( settings={ "response_type": None, "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], - "endpoint_path": "/api/v2/siem-threat-hunting/jobs/{job_id}/cancel", - "operation_id": "cancel_threat_hunting_job", + "endpoint_path": "/api/v2/siem-historical-detections/jobs/{job_id}/cancel", + "operation_id": "cancel_historical_job", "http_method": "PATCH", "version": "v2", }, @@ -350,7 +350,7 @@ def __init__(self, api_client=None): settings={ "response_type": None, "auth": ["apiKeyAuth", "appKeyAuth"], - "endpoint_path": "/api/v2/siem-threat-hunting/jobs/signal_convert", + "endpoint_path": "/api/v2/siem-historical-detections/jobs/signal_convert", "operation_id": "convert_job_result_to_signal", "http_method": "POST", "version": "v2", @@ -618,6 +618,29 @@ def __init__(self, api_client=None): api_client=api_client, ) + self._delete_historical_job_endpoint = _Endpoint( + settings={ + "response_type": None, + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/siem-historical-detections/jobs/{job_id}", + "operation_id": "delete_historical_job", + "http_method": "DELETE", + "version": "v2", + }, + params_map={ + "job_id": { + "required": True, + "openapi_types": (str,), + "attribute": "job_id", + "location": "path", + }, + }, + headers_map={ + "accept": ["*/*"], + }, + api_client=api_client, + ) + self._delete_security_filter_endpoint = _Endpoint( settings={ "response_type": None, @@ -733,29 +756,6 @@ def __init__(self, api_client=None): api_client=api_client, ) - self._delete_threat_hunting_job_endpoint = _Endpoint( - settings={ - "response_type": None, - "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], - "endpoint_path": "/api/v2/siem-threat-hunting/jobs/{job_id}", - "operation_id": "delete_threat_hunting_job", - "http_method": "DELETE", - "version": "v2", - }, - params_map={ - "job_id": { - "required": True, - "openapi_types": (str,), - "attribute": "job_id", - "location": "path", - }, - }, - headers_map={ - "accept": ["*/*"], - }, - api_client=api_client, - ) - self._delete_vulnerability_notification_rule_endpoint = _Endpoint( settings={ "response_type": None, @@ -976,6 +976,29 @@ def __init__(self, api_client=None): api_client=api_client, ) + self._get_historical_job_endpoint = _Endpoint( + settings={ + "response_type": (HistoricalJobResponse,), + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/siem-historical-detections/jobs/{job_id}", + "operation_id": "get_historical_job", + "http_method": "GET", + "version": "v2", + }, + params_map={ + "job_id": { + "required": True, + "openapi_types": (str,), + "attribute": "job_id", + "location": "path", + }, + }, + headers_map={ + "accept": ["application/json"], + }, + api_client=api_client, + ) + self._get_investigation_log_queries_matching_signal_endpoint = _Endpoint( settings={ "response_type": (SecurityMonitoringSignalSuggestedActionsResponse,), @@ -1169,7 +1192,7 @@ def __init__(self, api_client=None): settings={ "response_type": (SecurityMonitoringSignalResponse,), "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], - "endpoint_path": "/api/v2/siem-threat-hunting/histsignals/{histsignal_id}", + "endpoint_path": "/api/v2/siem-historical-detections/histsignals/{histsignal_id}", "operation_id": "get_security_monitoring_histsignal", "http_method": "GET", "version": "v2", @@ -1192,7 +1215,7 @@ def __init__(self, api_client=None): settings={ "response_type": (SecurityMonitoringSignalsListResponse,), "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], - "endpoint_path": "/api/v2/siem-threat-hunting/jobs/{job_id}/histsignals", + "endpoint_path": "/api/v2/siem-historical-detections/jobs/{job_id}/histsignals", "operation_id": "get_security_monitoring_histsignals_by_job_id", "http_method": "GET", "version": "v2", @@ -1451,29 +1474,6 @@ def __init__(self, api_client=None): api_client=api_client, ) - self._get_threat_hunting_job_endpoint = _Endpoint( - settings={ - "response_type": (ThreatHuntingJobResponse,), - "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], - "endpoint_path": "/api/v2/siem-threat-hunting/jobs/{job_id}", - "operation_id": "get_threat_hunting_job", - "http_method": "GET", - "version": "v2", - }, - params_map={ - "job_id": { - "required": True, - "openapi_types": (str,), - "attribute": "job_id", - "location": "path", - }, - }, - headers_map={ - "accept": ["application/json"], - }, - api_client=api_client, - ) - self._get_vulnerability_notification_rule_endpoint = _Endpoint( settings={ "response_type": (NotificationRuleResponse,), @@ -1673,6 +1673,43 @@ def __init__(self, api_client=None): api_client=api_client, ) + self._list_historical_jobs_endpoint = _Endpoint( + settings={ + "response_type": (ListHistoricalJobsResponse,), + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], + "endpoint_path": "/api/v2/siem-historical-detections/jobs", + "operation_id": "list_historical_jobs", + "http_method": "GET", + "version": "v2", + }, + params_map={ + "page_size": { + "openapi_types": (int,), + "attribute": "page[size]", + "location": "query", + }, + "page_number": { + "openapi_types": (int,), + "attribute": "page[number]", + "location": "query", + }, + "sort": { + "openapi_types": (str,), + "attribute": "sort", + "location": "query", + }, + "filter_query": { + "openapi_types": (str,), + "attribute": "filter[query]", + "location": "query", + }, + }, + headers_map={ + "accept": ["application/json"], + }, + api_client=api_client, + ) + self._list_multiple_rulesets_endpoint = _Endpoint( settings={ "response_type": (GetMultipleRulesetsResponse,), @@ -1820,7 +1857,7 @@ def __init__(self, api_client=None): settings={ "response_type": (SecurityMonitoringSignalsListResponse,), "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], - "endpoint_path": "/api/v2/siem-threat-hunting/histsignals", + "endpoint_path": "/api/v2/siem-historical-detections/histsignals", "operation_id": "list_security_monitoring_histsignals", "http_method": "GET", "version": "v2", @@ -1990,43 +2027,6 @@ def __init__(self, api_client=None): api_client=api_client, ) - self._list_threat_hunting_jobs_endpoint = _Endpoint( - settings={ - "response_type": (ListThreatHuntingJobsResponse,), - "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], - "endpoint_path": "/api/v2/siem-threat-hunting/jobs", - "operation_id": "list_threat_hunting_jobs", - "http_method": "GET", - "version": "v2", - }, - params_map={ - "page_size": { - "openapi_types": (int,), - "attribute": "page[size]", - "location": "query", - }, - "page_number": { - "openapi_types": (int,), - "attribute": "page[number]", - "location": "query", - }, - "sort": { - "openapi_types": (str,), - "attribute": "sort", - "location": "query", - }, - "filter_query": { - "openapi_types": (str,), - "attribute": "filter[query]", - "location": "query", - }, - }, - headers_map={ - "accept": ["application/json"], - }, - api_client=api_client, - ) - self._list_vulnerabilities_endpoint = _Endpoint( settings={ "response_type": (ListVulnerabilitiesResponse,), @@ -2451,19 +2451,19 @@ def __init__(self, api_client=None): api_client=api_client, ) - self._run_threat_hunting_job_endpoint = _Endpoint( + self._run_historical_job_endpoint = _Endpoint( settings={ "response_type": (JobCreateResponse,), "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], - "endpoint_path": "/api/v2/siem-threat-hunting/jobs", - "operation_id": "run_threat_hunting_job", + "endpoint_path": "/api/v2/siem-historical-detections/jobs", + "operation_id": "run_historical_job", "http_method": "POST", "version": "v2", }, params_map={ "body": { "required": True, - "openapi_types": (RunThreatHuntingJobRequest,), + "openapi_types": (RunHistoricalJobRequest,), "location": "body", }, }, @@ -2495,7 +2495,7 @@ def __init__(self, api_client=None): settings={ "response_type": (SecurityMonitoringSignalsListResponse,), "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], - "endpoint_path": "/api/v2/siem-threat-hunting/histsignals/search", + "endpoint_path": "/api/v2/siem-historical-detections/histsignals/search", "operation_id": "search_security_monitoring_histsignals", "http_method": "GET", "version": "v2", @@ -2883,13 +2883,13 @@ def bulk_export_security_monitoring_rules( return self._bulk_export_security_monitoring_rules_endpoint.call_with_http_info(**kwargs) - def cancel_threat_hunting_job( + def cancel_historical_job( self, job_id: str, ) -> None: - """Cancel a threat hunting job. + """Cancel a historical job. - Cancel a threat hunting job. + Cancel a historical job. :param job_id: The ID of the job. :type job_id: str @@ -2898,7 +2898,7 @@ def cancel_threat_hunting_job( kwargs: Dict[str, Any] = {} kwargs["job_id"] = job_id - return self._cancel_threat_hunting_job_endpoint.call_with_http_info(**kwargs) + return self._cancel_historical_job_endpoint.call_with_http_info(**kwargs) def convert_existing_security_monitoring_rule( self, @@ -3168,6 +3168,23 @@ def delete_custom_framework( return self._delete_custom_framework_endpoint.call_with_http_info(**kwargs) + def delete_historical_job( + self, + job_id: str, + ) -> None: + """Delete an existing job. + + Delete an existing job. + + :param job_id: The ID of the job. + :type job_id: str + :rtype: None + """ + kwargs: Dict[str, Any] = {} + kwargs["job_id"] = job_id + + return self._delete_historical_job_endpoint.call_with_http_info(**kwargs) + def delete_security_filter( self, security_filter_id: str, @@ -3253,23 +3270,6 @@ def delete_signal_notification_rule( return self._delete_signal_notification_rule_endpoint.call_with_http_info(**kwargs) - def delete_threat_hunting_job( - self, - job_id: str, - ) -> None: - """Delete an existing job. - - Delete an existing job. - - :param job_id: The ID of the job. - :type job_id: str - :rtype: None - """ - kwargs: Dict[str, Any] = {} - kwargs["job_id"] = job_id - - return self._delete_threat_hunting_job_endpoint.call_with_http_info(**kwargs) - def delete_vulnerability_notification_rule( self, id: str, @@ -3447,6 +3447,23 @@ def get_finding( return self._get_finding_endpoint.call_with_http_info(**kwargs) + def get_historical_job( + self, + job_id: str, + ) -> HistoricalJobResponse: + """Get a job's details. + + Get a job's details. + + :param job_id: The ID of the job. + :type job_id: str + :rtype: HistoricalJobResponse + """ + kwargs: Dict[str, Any] = {} + kwargs["job_id"] = job_id + + return self._get_historical_job_endpoint.call_with_http_info(**kwargs) + def get_investigation_log_queries_matching_signal( self, signal_id: str, @@ -3617,7 +3634,7 @@ def get_security_monitoring_histsignal( Get a hist signal's details. - :param histsignal_id: The ID of the threat hunting signal. + :param histsignal_id: The ID of the historical signal. :type histsignal_id: str :rtype: SecurityMonitoringSignalResponse """ @@ -3845,23 +3862,6 @@ def get_suppression_version_history( return self._get_suppression_version_history_endpoint.call_with_http_info(**kwargs) - def get_threat_hunting_job( - self, - job_id: str, - ) -> ThreatHuntingJobResponse: - """Get a job's details. - - Get a job's details. - - :param job_id: The ID of the job. - :type job_id: str - :rtype: ThreatHuntingJobResponse - """ - kwargs: Dict[str, Any] = {} - kwargs["job_id"] = job_id - - return self._get_threat_hunting_job_endpoint.call_with_http_info(**kwargs) - def get_vulnerability_notification_rule( self, id: str, @@ -4227,6 +4227,43 @@ def list_findings_with_pagination( } return endpoint.call_with_http_info_paginated(pagination) + def list_historical_jobs( + self, + *, + page_size: Union[int, UnsetType] = unset, + page_number: Union[int, UnsetType] = unset, + sort: Union[str, UnsetType] = unset, + filter_query: Union[str, UnsetType] = unset, + ) -> ListHistoricalJobsResponse: + """List historical jobs. + + List historical jobs. + + :param page_size: Size for a given page. The maximum allowed value is 100. + :type page_size: int, optional + :param page_number: Specific page number to return. + :type page_number: int, optional + :param sort: The order of the jobs in results. + :type sort: str, optional + :param filter_query: Query used to filter items from the fetched list. + :type filter_query: str, optional + :rtype: ListHistoricalJobsResponse + """ + kwargs: Dict[str, Any] = {} + if page_size is not unset: + kwargs["page_size"] = page_size + + if page_number is not unset: + kwargs["page_number"] = page_number + + if sort is not unset: + kwargs["sort"] = sort + + if filter_query is not unset: + kwargs["filter_query"] = filter_query + + return self._list_historical_jobs_endpoint.call_with_http_info(**kwargs) + def list_multiple_rulesets( self, body: GetMultipleRulesetsRequest, @@ -4713,43 +4750,6 @@ def list_security_monitoring_suppressions( return self._list_security_monitoring_suppressions_endpoint.call_with_http_info(**kwargs) - def list_threat_hunting_jobs( - self, - *, - page_size: Union[int, UnsetType] = unset, - page_number: Union[int, UnsetType] = unset, - sort: Union[str, UnsetType] = unset, - filter_query: Union[str, UnsetType] = unset, - ) -> ListThreatHuntingJobsResponse: - """List threat hunting jobs. - - List threat hunting jobs. - - :param page_size: Size for a given page. The maximum allowed value is 100. - :type page_size: int, optional - :param page_number: Specific page number to return. - :type page_number: int, optional - :param sort: The order of the jobs in results. - :type sort: str, optional - :param filter_query: Query used to filter items from the fetched list. - :type filter_query: str, optional - :rtype: ListThreatHuntingJobsResponse - """ - kwargs: Dict[str, Any] = {} - if page_size is not unset: - kwargs["page_size"] = page_size - - if page_number is not unset: - kwargs["page_number"] = page_number - - if sort is not unset: - kwargs["sort"] = sort - - if filter_query is not unset: - kwargs["filter_query"] = filter_query - - return self._list_threat_hunting_jobs_endpoint.call_with_http_info(**kwargs) - def list_vulnerabilities( self, *, @@ -5306,21 +5306,21 @@ def patch_vulnerability_notification_rule( return self._patch_vulnerability_notification_rule_endpoint.call_with_http_info(**kwargs) - def run_threat_hunting_job( + def run_historical_job( self, - body: RunThreatHuntingJobRequest, + body: RunHistoricalJobRequest, ) -> JobCreateResponse: - """Run a threat hunting job. + """Run a historical job. - Run a threat hunting job. + Run a historical job. - :type body: RunThreatHuntingJobRequest + :type body: RunHistoricalJobRequest :rtype: JobCreateResponse """ kwargs: Dict[str, Any] = {} kwargs["body"] = body - return self._run_threat_hunting_job_endpoint.call_with_http_info(**kwargs) + return self._run_historical_job_endpoint.call_with_http_info(**kwargs) def search_security_findings( self, diff --git a/src/datadog_api_client/v2/model/convert_job_results_to_signals_attributes.py b/src/datadog_api_client/v2/model/convert_job_results_to_signals_attributes.py index c3cb45b4be..652df1f137 100644 --- a/src/datadog_api_client/v2/model/convert_job_results_to_signals_attributes.py +++ b/src/datadog_api_client/v2/model/convert_job_results_to_signals_attributes.py @@ -48,7 +48,7 @@ def __init__( **kwargs, ): """ - Attributes for converting threat hunting job results to signals. + Attributes for converting historical job results to signals. :param id: Request ID. :type id: str, optional diff --git a/src/datadog_api_client/v2/model/convert_job_results_to_signals_data.py b/src/datadog_api_client/v2/model/convert_job_results_to_signals_data.py index 6398be556d..f1884bc7b8 100644 --- a/src/datadog_api_client/v2/model/convert_job_results_to_signals_data.py +++ b/src/datadog_api_client/v2/model/convert_job_results_to_signals_data.py @@ -47,9 +47,9 @@ def __init__( **kwargs, ): """ - Data for converting threat hunting job results to signals. + Data for converting historical job results to signals. - :param attributes: Attributes for converting threat hunting job results to signals. + :param attributes: Attributes for converting historical job results to signals. :type attributes: ConvertJobResultsToSignalsAttributes, optional :param type: Type of payload. diff --git a/src/datadog_api_client/v2/model/convert_job_results_to_signals_request.py b/src/datadog_api_client/v2/model/convert_job_results_to_signals_request.py index 5735a692d5..3e56f3c27c 100644 --- a/src/datadog_api_client/v2/model/convert_job_results_to_signals_request.py +++ b/src/datadog_api_client/v2/model/convert_job_results_to_signals_request.py @@ -32,9 +32,9 @@ def openapi_types(_): def __init__(self_, data: Union[ConvertJobResultsToSignalsData, UnsetType] = unset, **kwargs): """ - Request for converting threat hunting job results to signals. + Request for converting historical job results to signals. - :param data: Data for converting threat hunting job results to signals. + :param data: Data for converting historical job results to signals. :type data: ConvertJobResultsToSignalsData, optional """ if data is not unset: diff --git a/src/datadog_api_client/v2/model/threat_hunting_job_data_type.py b/src/datadog_api_client/v2/model/historical_job_data_type.py similarity index 77% rename from src/datadog_api_client/v2/model/threat_hunting_job_data_type.py rename to src/datadog_api_client/v2/model/historical_job_data_type.py index a3f4bd3657..47255ed1f4 100644 --- a/src/datadog_api_client/v2/model/threat_hunting_job_data_type.py +++ b/src/datadog_api_client/v2/model/historical_job_data_type.py @@ -12,7 +12,7 @@ from typing import ClassVar -class ThreatHuntingJobDataType(ModelSimple): +class HistoricalJobDataType(ModelSimple): """ Type of payload. @@ -23,7 +23,7 @@ class ThreatHuntingJobDataType(ModelSimple): allowed_values = { "historicalDetectionsJob", } - HISTORICALDETECTIONSJOB: ClassVar["ThreatHuntingJobDataType"] + HISTORICALDETECTIONSJOB: ClassVar["HistoricalJobDataType"] @cached_property def openapi_types(_): @@ -32,4 +32,4 @@ def openapi_types(_): } -ThreatHuntingJobDataType.HISTORICALDETECTIONSJOB = ThreatHuntingJobDataType("historicalDetectionsJob") +HistoricalJobDataType.HISTORICALDETECTIONSJOB = HistoricalJobDataType("historicalDetectionsJob") diff --git a/src/datadog_api_client/v2/model/threat_hunting_job_list_meta.py b/src/datadog_api_client/v2/model/historical_job_list_meta.py similarity index 95% rename from src/datadog_api_client/v2/model/threat_hunting_job_list_meta.py rename to src/datadog_api_client/v2/model/historical_job_list_meta.py index a752934c91..4d6b3cb496 100644 --- a/src/datadog_api_client/v2/model/threat_hunting_job_list_meta.py +++ b/src/datadog_api_client/v2/model/historical_job_list_meta.py @@ -13,7 +13,7 @@ ) -class ThreatHuntingJobListMeta(ModelNormal): +class HistoricalJobListMeta(ModelNormal): validations = { "total_count": { "inclusive_maximum": 2147483647, diff --git a/src/datadog_api_client/v2/model/threat_hunting_job_options.py b/src/datadog_api_client/v2/model/historical_job_options.py similarity index 99% rename from src/datadog_api_client/v2/model/threat_hunting_job_options.py rename to src/datadog_api_client/v2/model/historical_job_options.py index f875edb5c6..3b691a0aa2 100644 --- a/src/datadog_api_client/v2/model/threat_hunting_job_options.py +++ b/src/datadog_api_client/v2/model/historical_job_options.py @@ -41,7 +41,7 @@ ) -class ThreatHuntingJobOptions(ModelNormal): +class HistoricalJobOptions(ModelNormal): @cached_property def openapi_types(_): from datadog_api_client.v2.model.security_monitoring_rule_anomaly_detection_options import ( diff --git a/src/datadog_api_client/v2/model/threat_hunting_job_query.py b/src/datadog_api_client/v2/model/historical_job_query.py similarity index 97% rename from src/datadog_api_client/v2/model/threat_hunting_job_query.py rename to src/datadog_api_client/v2/model/historical_job_query.py index 964b4d082a..4b1763793d 100644 --- a/src/datadog_api_client/v2/model/threat_hunting_job_query.py +++ b/src/datadog_api_client/v2/model/historical_job_query.py @@ -22,7 +22,7 @@ ) -class ThreatHuntingJobQuery(ModelNormal): +class HistoricalJobQuery(ModelNormal): @cached_property def openapi_types(_): from datadog_api_client.v2.model.security_monitoring_rule_query_aggregation import ( @@ -67,7 +67,7 @@ def __init__( **kwargs, ): """ - Query for selecting logs analyzed by the threat hunting job. + Query for selecting logs analyzed by the historical job. :param aggregation: The aggregation type. :type aggregation: SecurityMonitoringRuleQueryAggregation, optional diff --git a/src/datadog_api_client/v2/model/threat_hunting_job_response.py b/src/datadog_api_client/v2/model/historical_job_response.py similarity index 55% rename from src/datadog_api_client/v2/model/threat_hunting_job_response.py rename to src/datadog_api_client/v2/model/historical_job_response.py index c6cef6cc8b..e0fc283d76 100644 --- a/src/datadog_api_client/v2/model/threat_hunting_job_response.py +++ b/src/datadog_api_client/v2/model/historical_job_response.py @@ -14,28 +14,28 @@ if TYPE_CHECKING: - from datadog_api_client.v2.model.threat_hunting_job_response_data import ThreatHuntingJobResponseData + from datadog_api_client.v2.model.historical_job_response_data import HistoricalJobResponseData -class ThreatHuntingJobResponse(ModelNormal): +class HistoricalJobResponse(ModelNormal): @cached_property def openapi_types(_): - from datadog_api_client.v2.model.threat_hunting_job_response_data import ThreatHuntingJobResponseData + from datadog_api_client.v2.model.historical_job_response_data import HistoricalJobResponseData return { - "data": (ThreatHuntingJobResponseData,), + "data": (HistoricalJobResponseData,), } attribute_map = { "data": "data", } - def __init__(self_, data: Union[ThreatHuntingJobResponseData, UnsetType] = unset, **kwargs): + def __init__(self_, data: Union[HistoricalJobResponseData, UnsetType] = unset, **kwargs): """ - Threat hunting job response. + Historical job response. - :param data: Threat hunting job response data. - :type data: ThreatHuntingJobResponseData, optional + :param data: Historical job response data. + :type data: HistoricalJobResponseData, optional """ if data is not unset: kwargs["data"] = data diff --git a/src/datadog_api_client/v2/model/threat_hunting_job_response_attributes.py b/src/datadog_api_client/v2/model/historical_job_response_attributes.py similarity index 95% rename from src/datadog_api_client/v2/model/threat_hunting_job_response_attributes.py rename to src/datadog_api_client/v2/model/historical_job_response_attributes.py index 9881e0fa29..bebcfeb492 100644 --- a/src/datadog_api_client/v2/model/threat_hunting_job_response_attributes.py +++ b/src/datadog_api_client/v2/model/historical_job_response_attributes.py @@ -17,7 +17,7 @@ from datadog_api_client.v2.model.job_definition import JobDefinition -class ThreatHuntingJobResponseAttributes(ModelNormal): +class HistoricalJobResponseAttributes(ModelNormal): @cached_property def openapi_types(_): from datadog_api_client.v2.model.job_definition import JobDefinition @@ -60,7 +60,7 @@ def __init__( **kwargs, ): """ - Threat hunting job attributes. + Historical job attributes. :param created_at: Time when the job was created. :type created_at: str, optional @@ -74,7 +74,7 @@ def __init__( :param created_from_rule_id: ID of the rule used to create the job (if it is created from a rule). :type created_from_rule_id: str, optional - :param job_definition: Definition of a threat hunting job. + :param job_definition: Definition of a historical job. :type job_definition: JobDefinition, optional :param job_name: Job name. diff --git a/src/datadog_api_client/v2/model/threat_hunting_job_response_data.py b/src/datadog_api_client/v2/model/historical_job_response_data.py similarity index 52% rename from src/datadog_api_client/v2/model/threat_hunting_job_response_data.py rename to src/datadog_api_client/v2/model/historical_job_response_data.py index 28b59926aa..0858e99467 100644 --- a/src/datadog_api_client/v2/model/threat_hunting_job_response_data.py +++ b/src/datadog_api_client/v2/model/historical_job_response_data.py @@ -14,22 +14,20 @@ if TYPE_CHECKING: - from datadog_api_client.v2.model.threat_hunting_job_response_attributes import ThreatHuntingJobResponseAttributes - from datadog_api_client.v2.model.threat_hunting_job_data_type import ThreatHuntingJobDataType + from datadog_api_client.v2.model.historical_job_response_attributes import HistoricalJobResponseAttributes + from datadog_api_client.v2.model.historical_job_data_type import HistoricalJobDataType -class ThreatHuntingJobResponseData(ModelNormal): +class HistoricalJobResponseData(ModelNormal): @cached_property def openapi_types(_): - from datadog_api_client.v2.model.threat_hunting_job_response_attributes import ( - ThreatHuntingJobResponseAttributes, - ) - from datadog_api_client.v2.model.threat_hunting_job_data_type import ThreatHuntingJobDataType + from datadog_api_client.v2.model.historical_job_response_attributes import HistoricalJobResponseAttributes + from datadog_api_client.v2.model.historical_job_data_type import HistoricalJobDataType return { - "attributes": (ThreatHuntingJobResponseAttributes,), + "attributes": (HistoricalJobResponseAttributes,), "id": (str,), - "type": (ThreatHuntingJobDataType,), + "type": (HistoricalJobDataType,), } attribute_map = { @@ -40,22 +38,22 @@ def openapi_types(_): def __init__( self_, - attributes: Union[ThreatHuntingJobResponseAttributes, UnsetType] = unset, + attributes: Union[HistoricalJobResponseAttributes, UnsetType] = unset, id: Union[str, UnsetType] = unset, - type: Union[ThreatHuntingJobDataType, UnsetType] = unset, + type: Union[HistoricalJobDataType, UnsetType] = unset, **kwargs, ): """ - Threat hunting job response data. + Historical job response data. - :param attributes: Threat hunting job attributes. - :type attributes: ThreatHuntingJobResponseAttributes, optional + :param attributes: Historical job attributes. + :type attributes: HistoricalJobResponseAttributes, optional :param id: ID of the job. :type id: str, optional :param type: Type of payload. - :type type: ThreatHuntingJobDataType, optional + :type type: HistoricalJobDataType, optional """ if attributes is not unset: kwargs["attributes"] = attributes diff --git a/src/datadog_api_client/v2/model/job_create_response.py b/src/datadog_api_client/v2/model/job_create_response.py index 4a4e8ccb2f..f9e0749616 100644 --- a/src/datadog_api_client/v2/model/job_create_response.py +++ b/src/datadog_api_client/v2/model/job_create_response.py @@ -32,7 +32,7 @@ def openapi_types(_): def __init__(self_, data: Union[JobCreateResponseData, UnsetType] = unset, **kwargs): """ - Run a threat hunting job response. + Run a historical job response. :param data: The definition of ``JobCreateResponseData`` object. :type data: JobCreateResponseData, optional diff --git a/src/datadog_api_client/v2/model/job_create_response_data.py b/src/datadog_api_client/v2/model/job_create_response_data.py index 4da567f23e..999c81dfeb 100644 --- a/src/datadog_api_client/v2/model/job_create_response_data.py +++ b/src/datadog_api_client/v2/model/job_create_response_data.py @@ -14,17 +14,17 @@ if TYPE_CHECKING: - from datadog_api_client.v2.model.threat_hunting_job_data_type import ThreatHuntingJobDataType + from datadog_api_client.v2.model.historical_job_data_type import HistoricalJobDataType class JobCreateResponseData(ModelNormal): @cached_property def openapi_types(_): - from datadog_api_client.v2.model.threat_hunting_job_data_type import ThreatHuntingJobDataType + from datadog_api_client.v2.model.historical_job_data_type import HistoricalJobDataType return { "id": (str,), - "type": (ThreatHuntingJobDataType,), + "type": (HistoricalJobDataType,), } attribute_map = { @@ -33,7 +33,7 @@ def openapi_types(_): } def __init__( - self_, id: Union[str, UnsetType] = unset, type: Union[ThreatHuntingJobDataType, UnsetType] = unset, **kwargs + self_, id: Union[str, UnsetType] = unset, type: Union[HistoricalJobDataType, UnsetType] = unset, **kwargs ): """ The definition of ``JobCreateResponseData`` object. @@ -42,7 +42,7 @@ def __init__( :type id: str, optional :param type: Type of payload. - :type type: ThreatHuntingJobDataType, optional + :type type: HistoricalJobDataType, optional """ if id is not unset: kwargs["id"] = id diff --git a/src/datadog_api_client/v2/model/job_definition.py b/src/datadog_api_client/v2/model/job_definition.py index 0d32769c61..dfbbe9241c 100644 --- a/src/datadog_api_client/v2/model/job_definition.py +++ b/src/datadog_api_client/v2/model/job_definition.py @@ -16,8 +16,8 @@ if TYPE_CHECKING: from datadog_api_client.v2.model.calculated_field import CalculatedField from datadog_api_client.v2.model.security_monitoring_rule_case_create import SecurityMonitoringRuleCaseCreate - from datadog_api_client.v2.model.threat_hunting_job_options import ThreatHuntingJobOptions - from datadog_api_client.v2.model.threat_hunting_job_query import ThreatHuntingJobQuery + from datadog_api_client.v2.model.historical_job_options import HistoricalJobOptions + from datadog_api_client.v2.model.historical_job_query import HistoricalJobQuery from datadog_api_client.v2.model.security_monitoring_reference_table import SecurityMonitoringReferenceTable from datadog_api_client.v2.model.security_monitoring_third_party_rule_case_create import ( SecurityMonitoringThirdPartyRuleCaseCreate, @@ -29,8 +29,8 @@ class JobDefinition(ModelNormal): def openapi_types(_): from datadog_api_client.v2.model.calculated_field import CalculatedField from datadog_api_client.v2.model.security_monitoring_rule_case_create import SecurityMonitoringRuleCaseCreate - from datadog_api_client.v2.model.threat_hunting_job_options import ThreatHuntingJobOptions - from datadog_api_client.v2.model.threat_hunting_job_query import ThreatHuntingJobQuery + from datadog_api_client.v2.model.historical_job_options import HistoricalJobOptions + from datadog_api_client.v2.model.historical_job_query import HistoricalJobQuery from datadog_api_client.v2.model.security_monitoring_reference_table import SecurityMonitoringReferenceTable from datadog_api_client.v2.model.security_monitoring_third_party_rule_case_create import ( SecurityMonitoringThirdPartyRuleCaseCreate, @@ -44,8 +44,8 @@ def openapi_types(_): "index": (str,), "message": (str,), "name": (str,), - "options": (ThreatHuntingJobOptions,), - "queries": ([ThreatHuntingJobQuery],), + "options": (HistoricalJobOptions,), + "queries": ([HistoricalJobQuery],), "reference_tables": ([SecurityMonitoringReferenceTable],), "tags": ([str],), "third_party_cases": ([SecurityMonitoringThirdPartyRuleCaseCreate],), @@ -77,11 +77,11 @@ def __init__( index: str, message: str, name: str, - queries: List[ThreatHuntingJobQuery], + queries: List[HistoricalJobQuery], to: int, calculated_fields: Union[List[CalculatedField], UnsetType] = unset, group_signals_by: Union[List[str], UnsetType] = unset, - options: Union[ThreatHuntingJobOptions, UnsetType] = unset, + options: Union[HistoricalJobOptions, UnsetType] = unset, reference_tables: Union[List[SecurityMonitoringReferenceTable], UnsetType] = unset, tags: Union[List[str], UnsetType] = unset, third_party_cases: Union[List[SecurityMonitoringThirdPartyRuleCaseCreate], UnsetType] = unset, @@ -89,7 +89,7 @@ def __init__( **kwargs, ): """ - Definition of a threat hunting job. + Definition of a historical job. :param calculated_fields: Calculated fields. :type calculated_fields: [CalculatedField], optional @@ -113,10 +113,10 @@ def __init__( :type name: str :param options: Job options. - :type options: ThreatHuntingJobOptions, optional + :type options: HistoricalJobOptions, optional :param queries: Queries for selecting logs analyzed by the job. - :type queries: [ThreatHuntingJobQuery] + :type queries: [HistoricalJobQuery] :param reference_tables: Reference tables used in the queries. :type reference_tables: [SecurityMonitoringReferenceTable], optional diff --git a/src/datadog_api_client/v2/model/job_definition_from_rule.py b/src/datadog_api_client/v2/model/job_definition_from_rule.py index d2df5da040..fc6c3c033f 100644 --- a/src/datadog_api_client/v2/model/job_definition_from_rule.py +++ b/src/datadog_api_client/v2/model/job_definition_from_rule.py @@ -36,7 +36,7 @@ def __init__( self_, _from: int, id: str, index: str, to: int, notifications: Union[List[str], UnsetType] = unset, **kwargs ): """ - Definition of a threat hunting job based on a security monitoring rule. + Definition of a historical job based on a security monitoring rule. :param _from: Starting time of data analyzed by the job. :type _from: int diff --git a/src/datadog_api_client/v2/model/list_historical_jobs_response.py b/src/datadog_api_client/v2/model/list_historical_jobs_response.py new file mode 100644 index 0000000000..ef3fa4ae23 --- /dev/null +++ b/src/datadog_api_client/v2/model/list_historical_jobs_response.py @@ -0,0 +1,56 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import List, Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.historical_job_response_data import HistoricalJobResponseData + from datadog_api_client.v2.model.historical_job_list_meta import HistoricalJobListMeta + + +class ListHistoricalJobsResponse(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.historical_job_response_data import HistoricalJobResponseData + from datadog_api_client.v2.model.historical_job_list_meta import HistoricalJobListMeta + + return { + "data": ([HistoricalJobResponseData],), + "meta": (HistoricalJobListMeta,), + } + + attribute_map = { + "data": "data", + "meta": "meta", + } + + def __init__( + self_, + data: Union[List[HistoricalJobResponseData], UnsetType] = unset, + meta: Union[HistoricalJobListMeta, UnsetType] = unset, + **kwargs, + ): + """ + List of historical jobs. + + :param data: Array containing the list of historical jobs. + :type data: [HistoricalJobResponseData], optional + + :param meta: Metadata about the list of jobs. + :type meta: HistoricalJobListMeta, optional + """ + if data is not unset: + kwargs["data"] = data + if meta is not unset: + kwargs["meta"] = meta + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/list_threat_hunting_jobs_response.py b/src/datadog_api_client/v2/model/list_threat_hunting_jobs_response.py deleted file mode 100644 index 72a42ecdf4..0000000000 --- a/src/datadog_api_client/v2/model/list_threat_hunting_jobs_response.py +++ /dev/null @@ -1,56 +0,0 @@ -# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. -# This product includes software developed at Datadog (https://www.datadoghq.com/). -# Copyright 2019-Present Datadog, Inc. -from __future__ import annotations - -from typing import List, Union, TYPE_CHECKING - -from datadog_api_client.model_utils import ( - ModelNormal, - cached_property, - unset, - UnsetType, -) - - -if TYPE_CHECKING: - from datadog_api_client.v2.model.threat_hunting_job_response_data import ThreatHuntingJobResponseData - from datadog_api_client.v2.model.threat_hunting_job_list_meta import ThreatHuntingJobListMeta - - -class ListThreatHuntingJobsResponse(ModelNormal): - @cached_property - def openapi_types(_): - from datadog_api_client.v2.model.threat_hunting_job_response_data import ThreatHuntingJobResponseData - from datadog_api_client.v2.model.threat_hunting_job_list_meta import ThreatHuntingJobListMeta - - return { - "data": ([ThreatHuntingJobResponseData],), - "meta": (ThreatHuntingJobListMeta,), - } - - attribute_map = { - "data": "data", - "meta": "meta", - } - - def __init__( - self_, - data: Union[List[ThreatHuntingJobResponseData], UnsetType] = unset, - meta: Union[ThreatHuntingJobListMeta, UnsetType] = unset, - **kwargs, - ): - """ - List of threat hunting jobs. - - :param data: Array containing the list of threat hunting jobs. - :type data: [ThreatHuntingJobResponseData], optional - - :param meta: Metadata about the list of jobs. - :type meta: ThreatHuntingJobListMeta, optional - """ - if data is not unset: - kwargs["data"] = data - if meta is not unset: - kwargs["meta"] = meta - super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/run_threat_hunting_job_request.py b/src/datadog_api_client/v2/model/run_historical_job_request.py similarity index 53% rename from src/datadog_api_client/v2/model/run_threat_hunting_job_request.py rename to src/datadog_api_client/v2/model/run_historical_job_request.py index ea31a26145..f0a01475fa 100644 --- a/src/datadog_api_client/v2/model/run_threat_hunting_job_request.py +++ b/src/datadog_api_client/v2/model/run_historical_job_request.py @@ -14,28 +14,28 @@ if TYPE_CHECKING: - from datadog_api_client.v2.model.run_threat_hunting_job_request_data import RunThreatHuntingJobRequestData + from datadog_api_client.v2.model.run_historical_job_request_data import RunHistoricalJobRequestData -class RunThreatHuntingJobRequest(ModelNormal): +class RunHistoricalJobRequest(ModelNormal): @cached_property def openapi_types(_): - from datadog_api_client.v2.model.run_threat_hunting_job_request_data import RunThreatHuntingJobRequestData + from datadog_api_client.v2.model.run_historical_job_request_data import RunHistoricalJobRequestData return { - "data": (RunThreatHuntingJobRequestData,), + "data": (RunHistoricalJobRequestData,), } attribute_map = { "data": "data", } - def __init__(self_, data: Union[RunThreatHuntingJobRequestData, UnsetType] = unset, **kwargs): + def __init__(self_, data: Union[RunHistoricalJobRequestData, UnsetType] = unset, **kwargs): """ - Run a threat hunting job request. + Run a historical job request. - :param data: Data for running a threat hunting job request. - :type data: RunThreatHuntingJobRequestData, optional + :param data: Data for running a historical job request. + :type data: RunHistoricalJobRequestData, optional """ if data is not unset: kwargs["data"] = data diff --git a/src/datadog_api_client/v2/model/run_threat_hunting_job_request_attributes.py b/src/datadog_api_client/v2/model/run_historical_job_request_attributes.py similarity index 87% rename from src/datadog_api_client/v2/model/run_threat_hunting_job_request_attributes.py rename to src/datadog_api_client/v2/model/run_historical_job_request_attributes.py index c7f3c7ece8..11de4c972a 100644 --- a/src/datadog_api_client/v2/model/run_threat_hunting_job_request_attributes.py +++ b/src/datadog_api_client/v2/model/run_historical_job_request_attributes.py @@ -18,7 +18,7 @@ from datadog_api_client.v2.model.job_definition import JobDefinition -class RunThreatHuntingJobRequestAttributes(ModelNormal): +class RunHistoricalJobRequestAttributes(ModelNormal): @cached_property def openapi_types(_): from datadog_api_client.v2.model.job_definition_from_rule import JobDefinitionFromRule @@ -44,15 +44,15 @@ def __init__( **kwargs, ): """ - Run a threat hunting job request. + Run a historical job request. - :param from_rule: Definition of a threat hunting job based on a security monitoring rule. + :param from_rule: Definition of a historical job based on a security monitoring rule. :type from_rule: JobDefinitionFromRule, optional :param id: Request ID. :type id: str, optional - :param job_definition: Definition of a threat hunting job. + :param job_definition: Definition of a historical job. :type job_definition: JobDefinition, optional """ if from_rule is not unset: diff --git a/src/datadog_api_client/v2/model/run_historical_job_request_data.py b/src/datadog_api_client/v2/model/run_historical_job_request_data.py new file mode 100644 index 0000000000..a3525bb5b6 --- /dev/null +++ b/src/datadog_api_client/v2/model/run_historical_job_request_data.py @@ -0,0 +1,56 @@ +# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. +# This product includes software developed at Datadog (https://www.datadoghq.com/). +# Copyright 2019-Present Datadog, Inc. +from __future__ import annotations + +from typing import Union, TYPE_CHECKING + +from datadog_api_client.model_utils import ( + ModelNormal, + cached_property, + unset, + UnsetType, +) + + +if TYPE_CHECKING: + from datadog_api_client.v2.model.run_historical_job_request_attributes import RunHistoricalJobRequestAttributes + from datadog_api_client.v2.model.run_historical_job_request_data_type import RunHistoricalJobRequestDataType + + +class RunHistoricalJobRequestData(ModelNormal): + @cached_property + def openapi_types(_): + from datadog_api_client.v2.model.run_historical_job_request_attributes import RunHistoricalJobRequestAttributes + from datadog_api_client.v2.model.run_historical_job_request_data_type import RunHistoricalJobRequestDataType + + return { + "attributes": (RunHistoricalJobRequestAttributes,), + "type": (RunHistoricalJobRequestDataType,), + } + + attribute_map = { + "attributes": "attributes", + "type": "type", + } + + def __init__( + self_, + attributes: Union[RunHistoricalJobRequestAttributes, UnsetType] = unset, + type: Union[RunHistoricalJobRequestDataType, UnsetType] = unset, + **kwargs, + ): + """ + Data for running a historical job request. + + :param attributes: Run a historical job request. + :type attributes: RunHistoricalJobRequestAttributes, optional + + :param type: Type of data. + :type type: RunHistoricalJobRequestDataType, optional + """ + if attributes is not unset: + kwargs["attributes"] = attributes + if type is not unset: + kwargs["type"] = type + super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/run_threat_hunting_job_request_data_type.py b/src/datadog_api_client/v2/model/run_historical_job_request_data_type.py similarity index 76% rename from src/datadog_api_client/v2/model/run_threat_hunting_job_request_data_type.py rename to src/datadog_api_client/v2/model/run_historical_job_request_data_type.py index 496a32764b..1ec2f5f6f5 100644 --- a/src/datadog_api_client/v2/model/run_threat_hunting_job_request_data_type.py +++ b/src/datadog_api_client/v2/model/run_historical_job_request_data_type.py @@ -12,7 +12,7 @@ from typing import ClassVar -class RunThreatHuntingJobRequestDataType(ModelSimple): +class RunHistoricalJobRequestDataType(ModelSimple): """ Type of data. @@ -23,7 +23,7 @@ class RunThreatHuntingJobRequestDataType(ModelSimple): allowed_values = { "historicalDetectionsJobCreate", } - HISTORICALDETECTIONSJOBCREATE: ClassVar["RunThreatHuntingJobRequestDataType"] + HISTORICALDETECTIONSJOBCREATE: ClassVar["RunHistoricalJobRequestDataType"] @cached_property def openapi_types(_): @@ -32,6 +32,6 @@ def openapi_types(_): } -RunThreatHuntingJobRequestDataType.HISTORICALDETECTIONSJOBCREATE = RunThreatHuntingJobRequestDataType( +RunHistoricalJobRequestDataType.HISTORICALDETECTIONSJOBCREATE = RunHistoricalJobRequestDataType( "historicalDetectionsJobCreate" ) diff --git a/src/datadog_api_client/v2/model/run_threat_hunting_job_request_data.py b/src/datadog_api_client/v2/model/run_threat_hunting_job_request_data.py deleted file mode 100644 index e39b4c6e2a..0000000000 --- a/src/datadog_api_client/v2/model/run_threat_hunting_job_request_data.py +++ /dev/null @@ -1,62 +0,0 @@ -# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. -# This product includes software developed at Datadog (https://www.datadoghq.com/). -# Copyright 2019-Present Datadog, Inc. -from __future__ import annotations - -from typing import Union, TYPE_CHECKING - -from datadog_api_client.model_utils import ( - ModelNormal, - cached_property, - unset, - UnsetType, -) - - -if TYPE_CHECKING: - from datadog_api_client.v2.model.run_threat_hunting_job_request_attributes import ( - RunThreatHuntingJobRequestAttributes, - ) - from datadog_api_client.v2.model.run_threat_hunting_job_request_data_type import RunThreatHuntingJobRequestDataType - - -class RunThreatHuntingJobRequestData(ModelNormal): - @cached_property - def openapi_types(_): - from datadog_api_client.v2.model.run_threat_hunting_job_request_attributes import ( - RunThreatHuntingJobRequestAttributes, - ) - from datadog_api_client.v2.model.run_threat_hunting_job_request_data_type import ( - RunThreatHuntingJobRequestDataType, - ) - - return { - "attributes": (RunThreatHuntingJobRequestAttributes,), - "type": (RunThreatHuntingJobRequestDataType,), - } - - attribute_map = { - "attributes": "attributes", - "type": "type", - } - - def __init__( - self_, - attributes: Union[RunThreatHuntingJobRequestAttributes, UnsetType] = unset, - type: Union[RunThreatHuntingJobRequestDataType, UnsetType] = unset, - **kwargs, - ): - """ - Data for running a threat hunting job request. - - :param attributes: Run a threat hunting job request. - :type attributes: RunThreatHuntingJobRequestAttributes, optional - - :param type: Type of data. - :type type: RunThreatHuntingJobRequestDataType, optional - """ - if attributes is not unset: - kwargs["attributes"] = attributes - if type is not unset: - kwargs["type"] = type - super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/models/__init__.py b/src/datadog_api_client/v2/models/__init__.py index a7d5061f4d..6896e964f8 100644 --- a/src/datadog_api_client/v2/models/__init__.py +++ b/src/datadog_api_client/v2/models/__init__.py @@ -2522,6 +2522,13 @@ from datadog_api_client.v2.model.hamr_org_connection_response import HamrOrgConnectionResponse from datadog_api_client.v2.model.hamr_org_connection_status import HamrOrgConnectionStatus from datadog_api_client.v2.model.hamr_org_connection_type import HamrOrgConnectionType +from datadog_api_client.v2.model.historical_job_data_type import HistoricalJobDataType +from datadog_api_client.v2.model.historical_job_list_meta import HistoricalJobListMeta +from datadog_api_client.v2.model.historical_job_options import HistoricalJobOptions +from datadog_api_client.v2.model.historical_job_query import HistoricalJobQuery +from datadog_api_client.v2.model.historical_job_response import HistoricalJobResponse +from datadog_api_client.v2.model.historical_job_response_attributes import HistoricalJobResponseAttributes +from datadog_api_client.v2.model.historical_job_response_data import HistoricalJobResponseData from datadog_api_client.v2.model.hourly_usage import HourlyUsage from datadog_api_client.v2.model.hourly_usage_attributes import HourlyUsageAttributes from datadog_api_client.v2.model.hourly_usage_measurement import HourlyUsageMeasurement @@ -3196,6 +3203,7 @@ from datadog_api_client.v2.model.list_findings_meta import ListFindingsMeta from datadog_api_client.v2.model.list_findings_page import ListFindingsPage from datadog_api_client.v2.model.list_findings_response import ListFindingsResponse +from datadog_api_client.v2.model.list_historical_jobs_response import ListHistoricalJobsResponse from datadog_api_client.v2.model.list_integrations_response import ListIntegrationsResponse from datadog_api_client.v2.model.list_interface_tags_response import ListInterfaceTagsResponse from datadog_api_client.v2.model.list_interface_tags_response_data import ListInterfaceTagsResponseData @@ -3225,7 +3233,6 @@ from datadog_api_client.v2.model.list_tags_response_data_attributes import ListTagsResponseDataAttributes from datadog_api_client.v2.model.list_teams_include import ListTeamsInclude from datadog_api_client.v2.model.list_teams_sort import ListTeamsSort -from datadog_api_client.v2.model.list_threat_hunting_jobs_response import ListThreatHuntingJobsResponse from datadog_api_client.v2.model.list_vulnerabilities_response import ListVulnerabilitiesResponse from datadog_api_client.v2.model.list_vulnerable_assets_response import ListVulnerableAssetsResponse from datadog_api_client.v2.model.log import Log @@ -5177,10 +5184,10 @@ from datadog_api_client.v2.model.rum_retention_filters_order_request import RumRetentionFiltersOrderRequest from datadog_api_client.v2.model.rum_retention_filters_order_response import RumRetentionFiltersOrderResponse from datadog_api_client.v2.model.rum_retention_filters_response import RumRetentionFiltersResponse -from datadog_api_client.v2.model.run_threat_hunting_job_request import RunThreatHuntingJobRequest -from datadog_api_client.v2.model.run_threat_hunting_job_request_attributes import RunThreatHuntingJobRequestAttributes -from datadog_api_client.v2.model.run_threat_hunting_job_request_data import RunThreatHuntingJobRequestData -from datadog_api_client.v2.model.run_threat_hunting_job_request_data_type import RunThreatHuntingJobRequestDataType +from datadog_api_client.v2.model.run_historical_job_request import RunHistoricalJobRequest +from datadog_api_client.v2.model.run_historical_job_request_attributes import RunHistoricalJobRequestAttributes +from datadog_api_client.v2.model.run_historical_job_request_data import RunHistoricalJobRequestData +from datadog_api_client.v2.model.run_historical_job_request_data_type import RunHistoricalJobRequestDataType from datadog_api_client.v2.model.saml_assertion_attribute import SAMLAssertionAttribute from datadog_api_client.v2.model.saml_assertion_attribute_attributes import SAMLAssertionAttributeAttributes from datadog_api_client.v2.model.saml_assertion_attributes_type import SAMLAssertionAttributesType @@ -6650,13 +6657,6 @@ from datadog_api_client.v2.model.test_optimization_update_service_settings_request_data_type import ( TestOptimizationUpdateServiceSettingsRequestDataType, ) -from datadog_api_client.v2.model.threat_hunting_job_data_type import ThreatHuntingJobDataType -from datadog_api_client.v2.model.threat_hunting_job_list_meta import ThreatHuntingJobListMeta -from datadog_api_client.v2.model.threat_hunting_job_options import ThreatHuntingJobOptions -from datadog_api_client.v2.model.threat_hunting_job_query import ThreatHuntingJobQuery -from datadog_api_client.v2.model.threat_hunting_job_response import ThreatHuntingJobResponse -from datadog_api_client.v2.model.threat_hunting_job_response_attributes import ThreatHuntingJobResponseAttributes -from datadog_api_client.v2.model.threat_hunting_job_response_data import ThreatHuntingJobResponseData from datadog_api_client.v2.model.time_restriction import TimeRestriction from datadog_api_client.v2.model.time_restrictions import TimeRestrictions from datadog_api_client.v2.model.timeline_cell import TimelineCell @@ -8902,6 +8902,13 @@ "HamrOrgConnectionResponse", "HamrOrgConnectionStatus", "HamrOrgConnectionType", + "HistoricalJobDataType", + "HistoricalJobListMeta", + "HistoricalJobOptions", + "HistoricalJobQuery", + "HistoricalJobResponse", + "HistoricalJobResponseAttributes", + "HistoricalJobResponseData", "HourlyUsage", "HourlyUsageAttributes", "HourlyUsageMeasurement", @@ -9422,6 +9429,7 @@ "ListFindingsMeta", "ListFindingsPage", "ListFindingsResponse", + "ListHistoricalJobsResponse", "ListIntegrationsResponse", "ListInterfaceTagsResponse", "ListInterfaceTagsResponseData", @@ -9449,7 +9457,6 @@ "ListTagsResponseDataAttributes", "ListTeamsInclude", "ListTeamsSort", - "ListThreatHuntingJobsResponse", "ListVulnerabilitiesResponse", "ListVulnerableAssetsResponse", "Log", @@ -10671,10 +10678,10 @@ "RumRetentionFiltersOrderRequest", "RumRetentionFiltersOrderResponse", "RumRetentionFiltersResponse", - "RunThreatHuntingJobRequest", - "RunThreatHuntingJobRequestAttributes", - "RunThreatHuntingJobRequestData", - "RunThreatHuntingJobRequestDataType", + "RunHistoricalJobRequest", + "RunHistoricalJobRequestAttributes", + "RunHistoricalJobRequestData", + "RunHistoricalJobRequestDataType", "SAMLAssertionAttribute", "SAMLAssertionAttributeAttributes", "SAMLAssertionAttributesType", @@ -11630,13 +11637,6 @@ "TestOptimizationUpdateServiceSettingsRequestAttributes", "TestOptimizationUpdateServiceSettingsRequestData", "TestOptimizationUpdateServiceSettingsRequestDataType", - "ThreatHuntingJobDataType", - "ThreatHuntingJobListMeta", - "ThreatHuntingJobOptions", - "ThreatHuntingJobQuery", - "ThreatHuntingJobResponse", - "ThreatHuntingJobResponseAttributes", - "ThreatHuntingJobResponseData", "TimeRestriction", "TimeRestrictions", "TimelineCell", diff --git a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_bad_request_response.frozen b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_bad_request_response.frozen index 633b88ea1a..a87300297a 100644 --- a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_bad_request_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_bad_request_response.frozen @@ -1 +1 @@ -2025-10-24T14:24:00.041Z \ No newline at end of file +2026-04-13T09:15:40.141Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_bad_request_response.yaml b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_bad_request_response.yaml index d5dd4e35d2..da62aa4acb 100644 --- a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_bad_request_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_bad_request_response.yaml @@ -5,7 +5,7 @@ interactions: accept: - '*/*' method: PATCH - uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/inva-lid/cancel + uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/inva-lid/cancel response: body: string: '{"errors":[{"status":"400","detail":"invalid jobId"}]}' diff --git a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_not_found_response.frozen b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_not_found_response.frozen index 213014e1d2..5ffbfe4c37 100644 --- a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_not_found_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_not_found_response.frozen @@ -1 +1 @@ -2025-10-24T14:24:00.856Z \ No newline at end of file +2026-04-13T09:15:41.174Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_not_found_response.yaml b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_not_found_response.yaml index ba24e0ad9d..46f80617cb 100644 --- a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_not_found_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_not_found_response.yaml @@ -5,7 +5,7 @@ interactions: accept: - '*/*' method: PATCH - uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93/cancel + uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93/cancel response: body: string: '{"errors":[{"status":"404","detail":"Not Found"}]}' diff --git a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_ok_response.frozen b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_ok_response.frozen index 9b9326abb8..be59fd60df 100644 --- a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_ok_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_ok_response.frozen @@ -1 +1 @@ -2025-10-24T14:24:00.975Z \ No newline at end of file +2026-04-13T09:15:41.286Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_ok_response.yaml b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_ok_response.yaml index 0b4be6fc32..8d2ad99dcf 100644 --- a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_ok_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_ok_response.yaml @@ -9,10 +9,10 @@ interactions: content-type: - application/json method: POST - uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs + uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs response: body: - string: '{"data":{"id":"cafe565c-106b-486e-ad21-a712656723b4","type":"historicalDetectionsJob"}}' + string: '{"data":{"id":"67278df4-84b8-4413-884b-88d9facdb68a","type":"historicalDetectionsJob"}}' headers: content-type: - application/vnd.api+json @@ -25,7 +25,7 @@ interactions: accept: - '*/*' method: PATCH - uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/cafe565c-106b-486e-ad21-a712656723b4/cancel + uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/67278df4-84b8-4413-884b-88d9facdb68a/cancel response: body: string: '' diff --git a/tests/v2/cassettes/test_scenarios/test_convert_a_job_result_to_a_signal_returns_bad_request_response.frozen b/tests/v2/cassettes/test_scenarios/test_convert_a_job_result_to_a_signal_returns_bad_request_response.frozen index ba1f583e59..b22ac5b07a 100644 --- a/tests/v2/cassettes/test_scenarios/test_convert_a_job_result_to_a_signal_returns_bad_request_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_convert_a_job_result_to_a_signal_returns_bad_request_response.frozen @@ -1 +1 @@ -2025-10-24T14:24:01.235Z \ No newline at end of file +2026-04-13T09:15:41.656Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_convert_a_job_result_to_a_signal_returns_bad_request_response.yaml b/tests/v2/cassettes/test_scenarios/test_convert_a_job_result_to_a_signal_returns_bad_request_response.yaml index e6f3aef95f..43a4136bb1 100644 --- a/tests/v2/cassettes/test_scenarios/test_convert_a_job_result_to_a_signal_returns_bad_request_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_convert_a_job_result_to_a_signal_returns_bad_request_response.yaml @@ -8,7 +8,7 @@ interactions: content-type: - application/json method: POST - uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/signal_convert + uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/signal_convert response: body: string: '{"errors":[{"status":"400","title":"Generic Error","detail":"empty diff --git a/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_bad_request_response.frozen b/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_bad_request_response.frozen index cf2f32dfa3..3b7d74bd4b 100644 --- a/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_bad_request_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_bad_request_response.frozen @@ -1 +1 @@ -2025-10-24T14:24:01.339Z \ No newline at end of file +2026-04-13T09:15:41.819Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_bad_request_response.yaml b/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_bad_request_response.yaml index 6e3c15ecdb..12382ec2f4 100644 --- a/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_bad_request_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_bad_request_response.yaml @@ -5,7 +5,7 @@ interactions: accept: - '*/*' method: DELETE - uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/inva-lid + uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/inva-lid response: body: string: '{"errors":[{"status":"400","title":"Generic Error","detail":"invalid diff --git a/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_not_found_response.frozen b/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_not_found_response.frozen index 68a6b0aca2..7528bc4877 100644 --- a/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_not_found_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_not_found_response.frozen @@ -1 +1 @@ -2025-10-24T14:24:01.428Z \ No newline at end of file +2026-04-13T09:15:42.455Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_not_found_response.yaml b/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_not_found_response.yaml index 3259a6ae5b..14754cceb2 100644 --- a/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_not_found_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_not_found_response.yaml @@ -5,7 +5,7 @@ interactions: accept: - '*/*' method: DELETE - uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93 + uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93 response: body: string: '{"errors":[{"status":"404","detail":"Not Found"}]}' diff --git a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_bad_request_response.frozen b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_bad_request_response.frozen index fa7eb2eaf3..f959b7469a 100644 --- a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_bad_request_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_bad_request_response.frozen @@ -1 +1 @@ -2025-10-24T14:24:01.540Z \ No newline at end of file +2026-04-13T09:15:42.536Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_bad_request_response.yaml b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_bad_request_response.yaml index 47fed264c6..8c1258a2d4 100644 --- a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_bad_request_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_bad_request_response.yaml @@ -5,7 +5,7 @@ interactions: accept: - application/json method: GET - uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/inva-lid + uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/inva-lid response: body: string: '{"errors":[{"status":"400","detail":"invalid jobId"}]}' diff --git a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_not_found_response.frozen b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_not_found_response.frozen index 8b7389cc8b..be224ded31 100644 --- a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_not_found_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_not_found_response.frozen @@ -1 +1 @@ -2025-10-24T14:24:01.618Z \ No newline at end of file +2026-04-13T09:15:42.599Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_not_found_response.yaml b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_not_found_response.yaml index 7ffa2328f0..e6615feaed 100644 --- a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_not_found_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_not_found_response.yaml @@ -5,7 +5,7 @@ interactions: accept: - application/json method: GET - uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93 + uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93 response: body: string: '{"errors":[{"status":"404","title":"Not Found","detail":"Job 8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93 diff --git a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_ok_response.frozen b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_ok_response.frozen index e81b70e9ab..24ebe9b192 100644 --- a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_ok_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_ok_response.frozen @@ -1 +1 @@ -2025-11-11T21:36:52.314Z \ No newline at end of file +2026-04-13T09:15:42.662Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_ok_response.yaml b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_ok_response.yaml index 14f48c0bd5..6d15e1ed37 100644 --- a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_ok_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_ok_response.yaml @@ -9,10 +9,10 @@ interactions: content-type: - application/json method: POST - uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs + uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs response: body: - string: '{"data":{"id":"66896986-212c-4e6c-9890-14e5cfd0fc19","type":"historicalDetectionsJob"}}' + string: '{"data":{"id":"876b8334-58f8-4b7d-8e62-0101cb019208","type":"historicalDetectionsJob"}}' headers: content-type: - application/vnd.api+json @@ -25,16 +25,17 @@ interactions: accept: - application/json method: GET - uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/66896986-212c-4e6c-9890-14e5cfd0fc19 + uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/876b8334-58f8-4b7d-8e62-0101cb019208 response: body: - string: '{"data":{"id":"66896986-212c-4e6c-9890-14e5cfd0fc19","type":"historicalDetectionsJob","attributes":{"createdAt":"2025-11-11 - 21:36:52.581297+00","createdByHandle":"frog@datadoghq.com","createdByName":"frog","jobDefinition":{"from":1730387522611,"to":1730387532611,"index":"main","name":"Excessive + string: '{"data":{"id":"876b8334-58f8-4b7d-8e62-0101cb019208","type":"historicalDetectionsJob","attributes":{"createdAt":"2026-04-13 + 09:15:42.715435+00","createdByHandle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca","createdByName":"CI + Account","jobDefinition":{"from":1730387522611,"to":1730387532611,"index":"main","name":"Excessive number of failed attempts.","cases":[{"name":"Condition 1","status":"info","notifications":[],"condition":"a \u003e 1"}],"queries":[{"query":"source:non_existing_src_weekend","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"","dataSource":"logs"}],"options":{"evaluationWindow":900,"detectionMethod":"threshold","maxSignalDuration":86400,"keepAlive":3600},"message":"A large number of failed login attempts.","tags":[],"type":"log_detection"},"jobName":"Excessive - number of failed attempts.","jobStatus":"pending","modifiedAt":"2025-11-11 - 21:36:52.581297+00","signalOutput":false}}}' + number of failed attempts.","jobStatus":"pending","modifiedAt":"2026-04-13 + 09:15:42.715435+00","signalOutput":false}}}' headers: content-type: - application/vnd.api+json diff --git a/tests/v2/cassettes/test_scenarios/test_list_historical_jobs_returns_ok_response.yaml b/tests/v2/cassettes/test_scenarios/test_list_historical_jobs_returns_ok_response.yaml index 46b83751d6..5a50b2e07d 100644 --- a/tests/v2/cassettes/test_scenarios/test_list_historical_jobs_returns_ok_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_list_historical_jobs_returns_ok_response.yaml @@ -9,7 +9,7 @@ interactions: content-type: - application/json method: POST - uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs + uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs response: body: string: '{"data":{"id":"c3564eed-ff70-43e1-ab6f-593de95bd21f","type":"historicalDetectionsJob"}}' @@ -25,7 +25,7 @@ interactions: accept: - application/json method: GET - uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs?filter%5Bquery%5D=id%3Ac3564eed-ff70-43e1-ab6f-593de95bd21f + uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs?filter%5Bquery%5D=id%3Ac3564eed-ff70-43e1-ab6f-593de95bd21f response: body: string: '{"data":[{"id":"c3564eed-ff70-43e1-ab6f-593de95bd21f","type":"historicalDetectionsJob","attributes":{"createdAt":"2025-11-11 diff --git a/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_bad_request_response.frozen b/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_bad_request_response.frozen new file mode 100644 index 0000000000..69151c224c --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_bad_request_response.frozen @@ -0,0 +1 @@ +2026-04-13T09:15:42.851Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_bad_request_response.yaml b/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_bad_request_response.yaml similarity index 93% rename from tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_bad_request_response.yaml rename to tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_bad_request_response.yaml index b84ecf5c83..cf9e68a816 100644 --- a/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_bad_request_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_bad_request_response.yaml @@ -9,7 +9,7 @@ interactions: content-type: - application/json method: POST - uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs + uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs response: body: string: '{"errors":["input_validation_error(Field ''index'' is invalid: Invalid diff --git a/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_not_found_response.frozen b/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_not_found_response.frozen new file mode 100644 index 0000000000..765e43e866 --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_not_found_response.frozen @@ -0,0 +1 @@ +2026-04-13T09:15:42.922Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_not_found_response.yaml b/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_not_found_response.yaml similarity index 87% rename from tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_not_found_response.yaml rename to tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_not_found_response.yaml index 9894fb9b0e..7413b27ce3 100644 --- a/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_not_found_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_not_found_response.yaml @@ -7,7 +7,7 @@ interactions: content-type: - application/json method: POST - uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs + uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs response: body: string: '{"errors":[{"status":"404","title":"Not Found"}]}' diff --git a/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_status_created_response.frozen b/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_status_created_response.frozen new file mode 100644 index 0000000000..ee9c040c77 --- /dev/null +++ b/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_status_created_response.frozen @@ -0,0 +1 @@ +2026-04-13T09:15:42.979Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_status_created_response.yaml b/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_status_created_response.yaml similarity index 82% rename from tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_status_created_response.yaml rename to tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_status_created_response.yaml index 4b75aae355..f78965771d 100644 --- a/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_status_created_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_status_created_response.yaml @@ -9,10 +9,10 @@ interactions: content-type: - application/json method: POST - uri: https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs + uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs response: body: - string: '{"data":{"id":"6ff7a8ce-a0d1-4ea3-8cc9-e9c52cda0d24","type":"historicalDetectionsJob"}}' + string: '{"data":{"id":"8ce2a4d4-db9e-445d-93bb-b60980d56d25","type":"historicalDetectionsJob"}}' headers: content-type: - application/vnd.api+json diff --git a/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_bad_request_response.frozen b/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_bad_request_response.frozen deleted file mode 100644 index 3776cfacfd..0000000000 --- a/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_bad_request_response.frozen +++ /dev/null @@ -1 +0,0 @@ -2025-10-24T14:24:02.385Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_not_found_response.frozen b/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_not_found_response.frozen deleted file mode 100644 index 9cda11fb15..0000000000 --- a/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_not_found_response.frozen +++ /dev/null @@ -1 +0,0 @@ -2025-10-24T14:24:02.486Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_status_created_response.frozen b/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_status_created_response.frozen deleted file mode 100644 index f914d8b241..0000000000 --- a/tests/v2/cassettes/test_scenarios/test_run_a_threat_hunting_job_returns_status_created_response.frozen +++ /dev/null @@ -1 +0,0 @@ -2025-10-24T14:24:02.570Z \ No newline at end of file diff --git a/tests/v2/features/given.json b/tests/v2/features/given.json index e4a5d88171..de477cdab2 100644 --- a/tests/v2/features/given.json +++ b/tests/v2/features/given.json @@ -1311,10 +1311,10 @@ "value": "{\n \"data\": {\n \"type\": \"historicalDetectionsJobCreate\",\n \"attributes\": {\n \"jobDefinition\": {\n \"type\": \"log_detection\",\n \"name\": \"Excessive number of failed attempts.\",\n \"queries\": [\n {\n \"query\": \"source:non_existing_src_weekend\",\n \"aggregation\": \"count\",\n \"groupByFields\": [],\n \"distinctFields\": []\n }\n ],\n \"cases\": [\n {\n \"name\": \"Condition 1\",\n \"status\": \"info\",\n \"notifications\": [],\n \"condition\": \"a > 1\"\n }\n ],\n \"options\": {\n \"keepAlive\": 3600,\n \"maxSignalDuration\": 86400,\n \"evaluationWindow\": 900\n },\n \"message\": \"A large number of failed login attempts.\",\n \"tags\": [],\n \"from\": 1730387522611,\n \"to\": 1730387532611,\n \"index\": \"main\"\n }\n }\n }\n}" } ], - "step": "there is a valid \"threat_hunting_job\" in the system", - "key": "threat_hunting_job", + "step": "there is a valid \"historical_job\" in the system", + "key": "historical_job", "tag": "Security Monitoring", - "operationId": "RunThreatHuntingJob" + "operationId": "RunHistoricalJob" }, { "parameters": [ diff --git a/tests/v2/features/security_monitoring.feature b/tests/v2/features/security_monitoring.feature index 1fdee4f141..6e0edfcc51 100644 --- a/tests/v2/features/security_monitoring.feature +++ b/tests/v2/features/security_monitoring.feature @@ -153,62 +153,38 @@ Feature: Security Monitoring @team:DataDog/k9-cloud-siem Scenario: Cancel a historical job returns "Bad Request" response - Given operation "CancelThreatHuntingJob" enabled - And new "CancelThreatHuntingJob" request + Given operation "CancelHistoricalJob" enabled + And new "CancelHistoricalJob" request And request contains "job_id" parameter with value "inva-lid" When the request is sent Then the response status is 400 Bad Request + @generated @skip @team:DataDog/k9-cloud-siem + Scenario: Cancel a historical job returns "Conflict" response + Given operation "CancelHistoricalJob" enabled + And new "CancelHistoricalJob" request + And request contains "job_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 409 Conflict + @team:DataDog/k9-cloud-siem Scenario: Cancel a historical job returns "Not Found" response - Given operation "CancelThreatHuntingJob" enabled - And new "CancelThreatHuntingJob" request + Given operation "CancelHistoricalJob" enabled + And new "CancelHistoricalJob" request And request contains "job_id" parameter with value "8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93" When the request is sent Then the response status is 404 Not Found @team:DataDog/k9-cloud-siem Scenario: Cancel a historical job returns "OK" response - Given operation "CancelThreatHuntingJob" enabled - And operation "RunThreatHuntingJob" enabled - And new "CancelThreatHuntingJob" request - And there is a valid "threat_hunting_job" in the system - And request contains "job_id" parameter from "threat_hunting_job.data.id" + Given operation "CancelHistoricalJob" enabled + And operation "RunHistoricalJob" enabled + And new "CancelHistoricalJob" request + And there is a valid "historical_job" in the system + And request contains "job_id" parameter from "historical_job.data.id" When the request is sent Then the response status is 204 No Content - @generated @skip @team:DataDog/k9-cloud-siem - Scenario: Cancel a threat hunting job returns "Bad Request" response - Given operation "CancelThreatHuntingJob" enabled - And new "CancelThreatHuntingJob" request - And request contains "job_id" parameter from "REPLACE.ME" - When the request is sent - Then the response status is 400 Bad Request - - @generated @skip @team:DataDog/k9-cloud-siem - Scenario: Cancel a threat hunting job returns "Conflict" response - Given operation "CancelThreatHuntingJob" enabled - And new "CancelThreatHuntingJob" request - And request contains "job_id" parameter from "REPLACE.ME" - When the request is sent - Then the response status is 409 Conflict - - @generated @skip @team:DataDog/k9-cloud-siem - Scenario: Cancel a threat hunting job returns "Not Found" response - Given operation "CancelThreatHuntingJob" enabled - And new "CancelThreatHuntingJob" request - And request contains "job_id" parameter from "REPLACE.ME" - When the request is sent - Then the response status is 404 Not Found - - @generated @skip @team:DataDog/k9-cloud-siem - Scenario: Cancel a threat hunting job returns "OK" response - Given operation "CancelThreatHuntingJob" enabled - And new "CancelThreatHuntingJob" request - And request contains "job_id" parameter from "REPLACE.ME" - When the request is sent - Then the response status is 204 OK - @generated @skip @team:DataDog/k9-cloud-siem Scenario: Change the related incidents of a security signal returns "Bad Request" response Given new "EditSecurityMonitoringSignalIncidents" request @@ -862,32 +838,32 @@ Feature: Security Monitoring @team:DataDog/k9-cloud-siem Scenario: Delete an existing job returns "Bad Request" response - Given operation "DeleteThreatHuntingJob" enabled - And new "DeleteThreatHuntingJob" request + Given operation "DeleteHistoricalJob" enabled + And new "DeleteHistoricalJob" request And request contains "job_id" parameter with value "inva-lid" When the request is sent Then the response status is 400 Bad Request @generated @skip @team:DataDog/k9-cloud-siem Scenario: Delete an existing job returns "Conflict" response - Given operation "DeleteThreatHuntingJob" enabled - And new "DeleteThreatHuntingJob" request + Given operation "DeleteHistoricalJob" enabled + And new "DeleteHistoricalJob" request And request contains "job_id" parameter from "REPLACE.ME" When the request is sent Then the response status is 409 Conflict @team:DataDog/k9-cloud-siem Scenario: Delete an existing job returns "Not Found" response - Given operation "DeleteThreatHuntingJob" enabled - And new "DeleteThreatHuntingJob" request + Given operation "DeleteHistoricalJob" enabled + And new "DeleteHistoricalJob" request And request contains "job_id" parameter with value "8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93" When the request is sent Then the response status is 404 Not Found @generated @skip @team:DataDog/k9-cloud-siem Scenario: Delete an existing job returns "OK" response - Given operation "DeleteThreatHuntingJob" enabled - And new "DeleteThreatHuntingJob" request + Given operation "DeleteHistoricalJob" enabled + And new "DeleteHistoricalJob" request And request contains "job_id" parameter from "REPLACE.ME" When the request is sent Then the response status is 204 OK @@ -1047,27 +1023,27 @@ Feature: Security Monitoring @team:DataDog/k9-cloud-siem Scenario: Get a job's details returns "Bad Request" response - Given operation "GetThreatHuntingJob" enabled - And new "GetThreatHuntingJob" request + Given operation "GetHistoricalJob" enabled + And new "GetHistoricalJob" request And request contains "job_id" parameter with value "inva-lid" When the request is sent Then the response status is 400 Bad Request @team:DataDog/k9-cloud-siem Scenario: Get a job's details returns "Not Found" response - Given operation "GetThreatHuntingJob" enabled - And new "GetThreatHuntingJob" request + Given operation "GetHistoricalJob" enabled + And new "GetHistoricalJob" request And request contains "job_id" parameter with value "8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93" When the request is sent Then the response status is 404 Not Found @team:DataDog/k9-cloud-siem Scenario: Get a job's details returns "OK" response - Given operation "GetThreatHuntingJob" enabled - And operation "RunThreatHuntingJob" enabled - And new "GetThreatHuntingJob" request - And there is a valid "threat_hunting_job" in the system - And request contains "job_id" parameter from "threat_hunting_job.data.id" + Given operation "GetHistoricalJob" enabled + And operation "RunHistoricalJob" enabled + And new "GetHistoricalJob" request + And there is a valid "historical_job" in the system + And request contains "job_id" parameter from "historical_job.data.id" When the request is sent Then the response status is 200 OK @@ -1563,13 +1539,17 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/k9-cloud-siem + Scenario: List historical jobs returns "Bad Request" response + Given operation "ListHistoricalJobs" enabled + And new "ListHistoricalJobs" request + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/k9-cloud-siem Scenario: List historical jobs returns "OK" response - Given operation "ListThreatHuntingJobs" enabled - And operation "RunThreatHuntingJob" enabled - And new "ListThreatHuntingJobs" request - And there is a valid "threat_hunting_job" in the system - And request contains "filter[query]" parameter with value "id:{{threat_hunting_job.data.id}}" + Given operation "ListHistoricalJobs" enabled + And new "ListHistoricalJobs" request When the request is sent Then the response status is 200 OK @@ -1646,20 +1626,6 @@ Feature: Security Monitoring And the response "meta.page" has field "after" And the response "links" has field "next" - @generated @skip @team:DataDog/k9-cloud-siem - Scenario: List threat hunting jobs returns "Bad Request" response - Given operation "ListThreatHuntingJobs" enabled - And new "ListThreatHuntingJobs" request - When the request is sent - Then the response status is 400 Bad Request - - @generated @skip @team:DataDog/k9-cloud-siem - Scenario: List threat hunting jobs returns "OK" response - Given operation "ListThreatHuntingJobs" enabled - And new "ListThreatHuntingJobs" request - When the request is sent - Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-vm Scenario: List vulnerabilities returns "Bad request: The server cannot process the request due to invalid syntax in the request." response Given operation "ListVulnerabilities" enabled @@ -1852,25 +1818,25 @@ Feature: Security Monitoring Then the response status is 200 OK @team:DataDog/k9-cloud-siem - Scenario: Run a threat hunting job returns "Bad Request" response - Given operation "RunThreatHuntingJob" enabled - And new "RunThreatHuntingJob" request + Scenario: Run a historical job returns "Bad Request" response + Given operation "RunHistoricalJob" enabled + And new "RunHistoricalJob" request And body with value {"data":{"type":"historicalDetectionsJobCreate","attributes":{"jobDefinition":{"type":"log_detection","name":"Excessive number of failed attempts.","queries":[{"query":"source:non_existing_src_weekend","aggregation":"count","groupByFields":[],"distinctFields":[]}],"cases":[{"name":"Condition 1","status":"info","notifications":[],"condition":"a > 1"}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"evaluationWindow":900},"message":"A large number of failed login attempts.","tags":[],"from":1730387522611,"to":1730391122611,"index":"non_existing_index"}}}} When the request is sent Then the response status is 400 Bad Request @team:DataDog/k9-cloud-siem - Scenario: Run a threat hunting job returns "Not Found" response - Given operation "RunThreatHuntingJob" enabled - And new "RunThreatHuntingJob" request + Scenario: Run a historical job returns "Not Found" response + Given operation "RunHistoricalJob" enabled + And new "RunHistoricalJob" request And body with value {"data": { "type": "historicalDetectionsJobCreate", "attributes": {"fromRule": {"from": 1730201035064, "id": "non-existng", "index": "main", "notifications": [], "to": 1730204635115}}}} When the request is sent Then the response status is 404 Not Found @team:DataDog/k9-cloud-siem - Scenario: Run a threat hunting job returns "Status created" response - Given operation "RunThreatHuntingJob" enabled - And new "RunThreatHuntingJob" request + Scenario: Run a historical job returns "Status created" response + Given operation "RunHistoricalJob" enabled + And new "RunHistoricalJob" request And body with value {"data":{"type":"historicalDetectionsJobCreate","attributes":{"jobDefinition":{"type":"log_detection","name":"Excessive number of failed attempts.","queries":[{"query":"source:non_existing_src_weekend","aggregation":"count","groupByFields":[],"distinctFields":[]}],"cases":[{"name":"Condition 1","status":"info","notifications":[],"condition":"a > 1"}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"evaluationWindow":900},"message":"A large number of failed login attempts.","tags":[],"from":1730387522611,"to":1730387532611,"index":"main"}}}} When the request is sent Then the response status is 201 Status created diff --git a/tests/v2/features/undo.json b/tests/v2/features/undo.json index 19a52adbfc..9f4364d443 100644 --- a/tests/v2/features/undo.json +++ b/tests/v2/features/undo.json @@ -5705,13 +5705,13 @@ "type": "safe" } }, - "ListThreatHuntingJobs": { + "ListHistoricalJobs": { "tag": "Security Monitoring", "undo": { "type": "safe" } }, - "RunThreatHuntingJob": { + "RunHistoricalJob": { "tag": "Security Monitoring", "undo": { "type": "idempotent" @@ -5723,19 +5723,19 @@ "type": "idempotent" } }, - "DeleteThreatHuntingJob": { + "DeleteHistoricalJob": { "tag": "Security Monitoring", "undo": { "type": "idempotent" } }, - "GetThreatHuntingJob": { + "GetHistoricalJob": { "tag": "Security Monitoring", "undo": { "type": "safe" } }, - "CancelThreatHuntingJob": { + "CancelHistoricalJob": { "tag": "Security Monitoring", "undo": { "type": "idempotent"