v2_security_monitoring_ValidateSecurityMonitoringRule/
v2_security-monitoring_ValidateSecurityMonitoringRule.rs

1// Validate a detection rule returns "OK" response
2use datadog_api_client::datadog;
3use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
4use datadog_api_client::datadogV2::model::SecurityMonitoringRuleCaseCreate;
5use datadog_api_client::datadogV2::model::SecurityMonitoringRuleDetectionMethod;
6use datadog_api_client::datadogV2::model::SecurityMonitoringRuleEvaluationWindow;
7use datadog_api_client::datadogV2::model::SecurityMonitoringRuleKeepAlive;
8use datadog_api_client::datadogV2::model::SecurityMonitoringRuleMaxSignalDuration;
9use datadog_api_client::datadogV2::model::SecurityMonitoringRuleOptions;
10use datadog_api_client::datadogV2::model::SecurityMonitoringRuleQueryAggregation;
11use datadog_api_client::datadogV2::model::SecurityMonitoringRuleSeverity;
12use datadog_api_client::datadogV2::model::SecurityMonitoringRuleTypeCreate;
13use datadog_api_client::datadogV2::model::SecurityMonitoringRuleValidatePayload;
14use datadog_api_client::datadogV2::model::SecurityMonitoringStandardRulePayload;
15use datadog_api_client::datadogV2::model::SecurityMonitoringStandardRuleQuery;
16
17#[tokio::main]
18async fn main() {
19    let body =
20        SecurityMonitoringRuleValidatePayload::SecurityMonitoringStandardRulePayload(Box::new(
21            SecurityMonitoringStandardRulePayload::new(
22                vec![
23                    SecurityMonitoringRuleCaseCreate::new(SecurityMonitoringRuleSeverity::INFO)
24                        .condition("a > 0".to_string())
25                        .name("".to_string())
26                        .notifications(vec![]),
27                ],
28                true,
29                "My security monitoring rule".to_string(),
30                "My security monitoring rule".to_string(),
31                SecurityMonitoringRuleOptions::new()
32                    .detection_method(SecurityMonitoringRuleDetectionMethod::THRESHOLD)
33                    .evaluation_window(SecurityMonitoringRuleEvaluationWindow::THIRTY_MINUTES)
34                    .keep_alive(SecurityMonitoringRuleKeepAlive::THIRTY_MINUTES)
35                    .max_signal_duration(SecurityMonitoringRuleMaxSignalDuration::THIRTY_MINUTES),
36                vec![SecurityMonitoringStandardRuleQuery::new()
37                    .aggregation(SecurityMonitoringRuleQueryAggregation::COUNT)
38                    .distinct_fields(vec![])
39                    .group_by_fields(vec!["@userIdentity.assumed_role".to_string()])
40                    .name("".to_string())
41                    .query("source:source_here".to_string())],
42            )
43            .has_extended_title(true)
44            .tags(vec!["env:prod".to_string(), "team:security".to_string()])
45            .type_(SecurityMonitoringRuleTypeCreate::LOG_DETECTION),
46        ));
47    let configuration = datadog::Configuration::new();
48    let api = SecurityMonitoringAPI::with_config(configuration);
49    let resp = api.validate_security_monitoring_rule(body).await;
50    if let Ok(value) = resp {
51        println!("{:#?}", value);
52    } else {
53        println!("{:#?}", resp.unwrap_err());
54    }
55}
v2_security_monitoring_ValidateSecurityMonitoringRule/v2_security-monitoring_ValidateSecurityMonitoringRule.rs

v2_security_monitoring_ValidateSecurityMonitoringRule/
v2_security-monitoring_ValidateSecurityMonitoringRule.rs
