pub struct SecurityMonitoringAPI { /* private fields */ }
Expand description
Create and manage your security rules, signals, filters, and more. See the Datadog Security page for more information.
Implementations§
Source§impl SecurityMonitoringAPI
impl SecurityMonitoringAPI
pub fn new() -> Self
Sourcepub fn with_config(config: Configuration) -> Self
pub fn with_config(config: Configuration) -> Self
Examples found in repository?
More examples
6async fn main() {
7 let configuration = datadog::Configuration::new();
8 let api = SecurityMonitoringAPI::with_config(configuration);
9 let resp = api
10 .delete_security_filter("security_filter_id".to_string())
11 .await;
12 if let Ok(value) = resp {
13 println!("{:#?}", value);
14 } else {
15 println!("{:#?}", resp.unwrap_err());
16 }
17}
6async fn main() {
7 let configuration = datadog::Configuration::new();
8 let api = SecurityMonitoringAPI::with_config(configuration);
9 let resp = api
10 .get_custom_framework("create-framework-new".to_string(), "10".to_string())
11 .await;
12 if let Ok(value) = resp {
13 println!("{:#?}", value);
14 } else {
15 println!("{:#?}", resp.unwrap_err());
16 }
17}
- examples/v2_security-monitoring_DeleteCustomFramework.rs
- examples/v2_security-monitoring_ListSecurityMonitoringRules.rs
- examples/v2_security-monitoring_ListSecurityMonitoringSignals.rs
- examples/v2_security-monitoring_DeleteHistoricalJob.rs
- examples/v2_security-monitoring_GetSecurityMonitoringSignal.rs
- examples/v2_security-monitoring_ListFindings.rs
- examples/v2_security-monitoring_ListFindings_2932019633.rs
- examples/v2_security-monitoring_GetSecurityMonitoringRule.rs
- examples/v2_security-monitoring_DeleteSecurityMonitoringRule.rs
- examples/v2_security-monitoring_ConvertExistingSecurityMonitoringRule.rs
- examples/v2_security-monitoring_GetSecurityFilter.rs
- examples/v2_security-monitoring_GetSecurityMonitoringSuppression.rs
- examples/v2_security-monitoring_DeleteSecurityFilter_555029489.rs
- examples/v2_security-monitoring_DeleteSecurityMonitoringSuppression.rs
- examples/v2_security-monitoring_GetResourceEvaluationFilters.rs
- examples/v2_security-monitoring_ListSecurityMonitoringSignals_3960412991.rs
- examples/v2_security-monitoring_GetRuleVersionHistory.rs
- examples/v2_security-monitoring_GetSecurityMonitoringRule_3370522281.rs
- examples/v2_security-monitoring_ListFindings_3865842421.rs
- examples/v2_security-monitoring_GetSBOM.rs
- examples/v2_security-monitoring_GetSignalNotificationRule.rs
- examples/v2_security-monitoring_DeleteSignalNotificationRule.rs
- examples/v2_security-monitoring_GetVulnerabilityNotificationRule.rs
- examples/v2_security-monitoring_ListFindings_1668290866.rs
- examples/v2_security-monitoring_GetFinding.rs
- examples/v2_security-monitoring_DeleteVulnerabilityNotificationRule.rs
- examples/v2_security-monitoring_GetHistoricalJob.rs
- examples/v2_security-monitoring_ListHistoricalJobs.rs
- examples/v2_security-monitoring_GetRuleVersionHistory_2467565841.rs
- examples/v2_security-monitoring_ListVulnerableAssets.rs
- examples/v2_security-monitoring_CancelHistoricalJob.rs
- examples/v2_security-monitoring_ListVulnerabilities.rs
- examples/v2_security-monitoring_EditSecurityMonitoringSignalIncidents.rs
- examples/v2_security-monitoring_EditSecurityMonitoringSignalAssignee.rs
- examples/v2_security-monitoring_EditSecurityMonitoringSignalState.rs
- examples/v2_security-monitoring_UpdateResourceEvaluationFilters.rs
- examples/v2_security-monitoring_UpdateSecurityMonitoringSuppression.rs
- examples/v2_security-monitoring_CreateSecurityFilter.rs
- examples/v2_security-monitoring_CreateCustomFramework.rs
- examples/v2_security-monitoring_ConvertJobResultToSignal.rs
- examples/v2_security-monitoring_MuteFindings.rs
- examples/v2_security-monitoring_UpdateSecurityFilter.rs
- examples/v2_security-monitoring_UpdateCustomFramework.rs
- examples/v2_security-monitoring_CreateSecurityMonitoringSuppression_3192265332.rs
- examples/v2_security-monitoring_CreateSecurityMonitoringSuppression.rs
- examples/v2_security-monitoring_TestExistingSecurityMonitoringRule.rs
- examples/v2_security-monitoring_CreateSignalNotificationRule.rs
- examples/v2_security-monitoring_CreateVulnerabilityNotificationRule.rs
- examples/v2_security-monitoring_SearchSecurityMonitoringSignals_1309350146.rs
- examples/v2_security-monitoring_SearchSecurityMonitoringSignals.rs
- examples/v2_security-monitoring_PatchSignalNotificationRule.rs
- examples/v2_security-monitoring_PatchVulnerabilityNotificationRule.rs
- examples/v2_security-monitoring_CreateSecurityMonitoringRule_498211763.rs
- examples/v2_security-monitoring_ConvertSecurityMonitoringRuleFromJSONToTerraform.rs
- examples/v2_security-monitoring_UpdateSecurityMonitoringRule.rs
- examples/v2_security-monitoring_ValidateSecurityMonitoringRule.rs
- examples/v2_security-monitoring_CreateSecurityMonitoringRule_461183901.rs
- examples/v2_security-monitoring_CreateSecurityMonitoringRule.rs
- examples/v2_security-monitoring_RunHistoricalJob.rs
- examples/v2_security-monitoring_CreateSecurityMonitoringRule_914562040.rs
- examples/v2_security-monitoring_CreateSecurityMonitoringRule_3367706049.rs
- examples/v2_security-monitoring_UpdateSecurityMonitoringRule_428087276.rs
- examples/v2_security-monitoring_CreateSecurityMonitoringRule_1965169892.rs
- examples/v2_security-monitoring_TestSecurityMonitoringRule.rs
- examples/v2_security-monitoring_CreateSecurityMonitoringRule_1092490364.rs
pub fn with_client_and_config( config: Configuration, client: ClientWithMiddleware, ) -> Self
Sourcepub async fn cancel_historical_job(
&self,
job_id: String,
) -> Result<(), Error<CancelHistoricalJobError>>
pub async fn cancel_historical_job( &self, job_id: String, ) -> Result<(), Error<CancelHistoricalJobError>>
Cancel a historical job.
Examples found in repository?
6async fn main() {
7 // there is a valid "historical_job" in the system
8 let historical_job_data_id = std::env::var("HISTORICAL_JOB_DATA_ID").unwrap();
9 let mut configuration = datadog::Configuration::new();
10 configuration.set_unstable_operation_enabled("v2.CancelHistoricalJob", true);
11 configuration.set_unstable_operation_enabled("v2.RunHistoricalJob", true);
12 let api = SecurityMonitoringAPI::with_config(configuration);
13 let resp = api
14 .cancel_historical_job(historical_job_data_id.clone())
15 .await;
16 if let Ok(value) = resp {
17 println!("{:#?}", value);
18 } else {
19 println!("{:#?}", resp.unwrap_err());
20 }
21}
Sourcepub async fn cancel_historical_job_with_http_info(
&self,
job_id: String,
) -> Result<ResponseContent<()>, Error<CancelHistoricalJobError>>
pub async fn cancel_historical_job_with_http_info( &self, job_id: String, ) -> Result<ResponseContent<()>, Error<CancelHistoricalJobError>>
Cancel a historical job.
Sourcepub async fn convert_existing_security_monitoring_rule(
&self,
rule_id: String,
) -> Result<SecurityMonitoringRuleConvertResponse, Error<ConvertExistingSecurityMonitoringRuleError>>
pub async fn convert_existing_security_monitoring_rule( &self, rule_id: String, ) -> Result<SecurityMonitoringRuleConvertResponse, Error<ConvertExistingSecurityMonitoringRuleError>>
Convert an existing rule from JSON to Terraform for datadog provider resource datadog_security_monitoring_rule.
Examples found in repository?
6async fn main() {
7 // there is a valid "security_rule" in the system
8 let security_rule_id = std::env::var("SECURITY_RULE_ID").unwrap();
9 let configuration = datadog::Configuration::new();
10 let api = SecurityMonitoringAPI::with_config(configuration);
11 let resp = api
12 .convert_existing_security_monitoring_rule(security_rule_id.clone())
13 .await;
14 if let Ok(value) = resp {
15 println!("{:#?}", value);
16 } else {
17 println!("{:#?}", resp.unwrap_err());
18 }
19}
Sourcepub async fn convert_existing_security_monitoring_rule_with_http_info(
&self,
rule_id: String,
) -> Result<ResponseContent<SecurityMonitoringRuleConvertResponse>, Error<ConvertExistingSecurityMonitoringRuleError>>
pub async fn convert_existing_security_monitoring_rule_with_http_info( &self, rule_id: String, ) -> Result<ResponseContent<SecurityMonitoringRuleConvertResponse>, Error<ConvertExistingSecurityMonitoringRuleError>>
Convert an existing rule from JSON to Terraform for datadog provider resource datadog_security_monitoring_rule.
Sourcepub async fn convert_job_result_to_signal(
&self,
body: ConvertJobResultsToSignalsRequest,
) -> Result<(), Error<ConvertJobResultToSignalError>>
pub async fn convert_job_result_to_signal( &self, body: ConvertJobResultsToSignalsRequest, ) -> Result<(), Error<ConvertJobResultToSignalError>>
Convert a job result to a signal.
Examples found in repository?
11async fn main() {
12 let body = ConvertJobResultsToSignalsRequest::new().data(
13 ConvertJobResultsToSignalsData::new()
14 .attributes(ConvertJobResultsToSignalsAttributes::new(
15 vec!["".to_string()],
16 vec!["".to_string()],
17 "A large number of failed login attempts.".to_string(),
18 SecurityMonitoringRuleSeverity::CRITICAL,
19 ))
20 .type_(
21 ConvertJobResultsToSignalsDataType::HISTORICALDETECTIONSJOBRESULTSIGNALCONVERSION,
22 ),
23 );
24 let mut configuration = datadog::Configuration::new();
25 configuration.set_unstable_operation_enabled("v2.ConvertJobResultToSignal", true);
26 let api = SecurityMonitoringAPI::with_config(configuration);
27 let resp = api.convert_job_result_to_signal(body).await;
28 if let Ok(value) = resp {
29 println!("{:#?}", value);
30 } else {
31 println!("{:#?}", resp.unwrap_err());
32 }
33}
Sourcepub async fn convert_job_result_to_signal_with_http_info(
&self,
body: ConvertJobResultsToSignalsRequest,
) -> Result<ResponseContent<()>, Error<ConvertJobResultToSignalError>>
pub async fn convert_job_result_to_signal_with_http_info( &self, body: ConvertJobResultsToSignalsRequest, ) -> Result<ResponseContent<()>, Error<ConvertJobResultToSignalError>>
Convert a job result to a signal.
Sourcepub async fn convert_security_monitoring_rule_from_json_to_terraform(
&self,
body: SecurityMonitoringRuleConvertPayload,
) -> Result<SecurityMonitoringRuleConvertResponse, Error<ConvertSecurityMonitoringRuleFromJSONToTerraformError>>
pub async fn convert_security_monitoring_rule_from_json_to_terraform( &self, body: SecurityMonitoringRuleConvertPayload, ) -> Result<SecurityMonitoringRuleConvertResponse, Error<ConvertSecurityMonitoringRuleFromJSONToTerraformError>>
Convert a rule that doesn’t (yet) exist from JSON to Terraform for datadog provider resource datadog_security_monitoring_rule.
Examples found in repository?
17async fn main() {
18 let body =
19 SecurityMonitoringRuleConvertPayload::SecurityMonitoringStandardRulePayload(Box::new(
20 SecurityMonitoringStandardRulePayload::new(
21 vec![
22 SecurityMonitoringRuleCaseCreate::new(SecurityMonitoringRuleSeverity::INFO)
23 .condition("a > 0".to_string())
24 .name("".to_string())
25 .notifications(vec![]),
26 ],
27 true,
28 "Test rule".to_string(),
29 "Example-Security-Monitoring".to_string(),
30 SecurityMonitoringRuleOptions::new()
31 .evaluation_window(SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES)
32 .keep_alive(SecurityMonitoringRuleKeepAlive::ONE_HOUR)
33 .max_signal_duration(SecurityMonitoringRuleMaxSignalDuration::ONE_DAY),
34 vec![SecurityMonitoringStandardRuleQuery::new()
35 .aggregation(SecurityMonitoringRuleQueryAggregation::COUNT)
36 .distinct_fields(vec![])
37 .group_by_fields(vec![])
38 .metric("".to_string())
39 .query("@test:true".to_string())],
40 )
41 .filters(vec![])
42 .tags(vec![])
43 .type_(SecurityMonitoringRuleTypeCreate::LOG_DETECTION),
44 ));
45 let configuration = datadog::Configuration::new();
46 let api = SecurityMonitoringAPI::with_config(configuration);
47 let resp = api
48 .convert_security_monitoring_rule_from_json_to_terraform(body)
49 .await;
50 if let Ok(value) = resp {
51 println!("{:#?}", value);
52 } else {
53 println!("{:#?}", resp.unwrap_err());
54 }
55}
Sourcepub async fn convert_security_monitoring_rule_from_json_to_terraform_with_http_info(
&self,
body: SecurityMonitoringRuleConvertPayload,
) -> Result<ResponseContent<SecurityMonitoringRuleConvertResponse>, Error<ConvertSecurityMonitoringRuleFromJSONToTerraformError>>
pub async fn convert_security_monitoring_rule_from_json_to_terraform_with_http_info( &self, body: SecurityMonitoringRuleConvertPayload, ) -> Result<ResponseContent<SecurityMonitoringRuleConvertResponse>, Error<ConvertSecurityMonitoringRuleFromJSONToTerraformError>>
Convert a rule that doesn’t (yet) exist from JSON to Terraform for datadog provider resource datadog_security_monitoring_rule.
Sourcepub async fn create_custom_framework(
&self,
body: CreateCustomFrameworkRequest,
) -> Result<CreateCustomFrameworkResponse, Error<CreateCustomFrameworkError>>
pub async fn create_custom_framework( &self, body: CreateCustomFrameworkRequest, ) -> Result<CreateCustomFrameworkResponse, Error<CreateCustomFrameworkError>>
Create a custom framework.
Examples found in repository?
12async fn main() {
13 let body = CreateCustomFrameworkRequest::new(CustomFrameworkData::new(
14 CustomFrameworkDataAttributes::new(
15 "create-framework-new".to_string(),
16 "name".to_string(),
17 vec![CustomFrameworkRequirement::new(
18 vec![CustomFrameworkControl::new(
19 "control".to_string(),
20 vec!["def-000-be9".to_string()],
21 )],
22 "requirement".to_string(),
23 )],
24 "10".to_string(),
25 )
26 .icon_url("test-url".to_string()),
27 CustomFrameworkType::CUSTOM_FRAMEWORK,
28 ));
29 let configuration = datadog::Configuration::new();
30 let api = SecurityMonitoringAPI::with_config(configuration);
31 let resp = api.create_custom_framework(body).await;
32 if let Ok(value) = resp {
33 println!("{:#?}", value);
34 } else {
35 println!("{:#?}", resp.unwrap_err());
36 }
37}
Sourcepub async fn create_custom_framework_with_http_info(
&self,
body: CreateCustomFrameworkRequest,
) -> Result<ResponseContent<CreateCustomFrameworkResponse>, Error<CreateCustomFrameworkError>>
pub async fn create_custom_framework_with_http_info( &self, body: CreateCustomFrameworkRequest, ) -> Result<ResponseContent<CreateCustomFrameworkResponse>, Error<CreateCustomFrameworkError>>
Create a custom framework.
Sourcepub async fn create_security_filter(
&self,
body: SecurityFilterCreateRequest,
) -> Result<SecurityFilterResponse, Error<CreateSecurityFilterError>>
pub async fn create_security_filter( &self, body: SecurityFilterCreateRequest, ) -> Result<SecurityFilterResponse, Error<CreateSecurityFilterError>>
Create a security filter.
See the security filter guide for more examples.
Examples found in repository?
12async fn main() {
13 let body = SecurityFilterCreateRequest::new(SecurityFilterCreateData::new(
14 SecurityFilterCreateAttributes::new(
15 vec![SecurityFilterExclusionFilter::new(
16 "Exclude staging".to_string(),
17 "source:staging".to_string(),
18 )],
19 SecurityFilterFilteredDataType::LOGS,
20 true,
21 "Example-Security-Monitoring".to_string(),
22 "service:ExampleSecurityMonitoring".to_string(),
23 ),
24 SecurityFilterType::SECURITY_FILTERS,
25 ));
26 let configuration = datadog::Configuration::new();
27 let api = SecurityMonitoringAPI::with_config(configuration);
28 let resp = api.create_security_filter(body).await;
29 if let Ok(value) = resp {
30 println!("{:#?}", value);
31 } else {
32 println!("{:#?}", resp.unwrap_err());
33 }
34}
Sourcepub async fn create_security_filter_with_http_info(
&self,
body: SecurityFilterCreateRequest,
) -> Result<ResponseContent<SecurityFilterResponse>, Error<CreateSecurityFilterError>>
pub async fn create_security_filter_with_http_info( &self, body: SecurityFilterCreateRequest, ) -> Result<ResponseContent<SecurityFilterResponse>, Error<CreateSecurityFilterError>>
Create a security filter.
See the security filter guide for more examples.
Sourcepub async fn create_security_monitoring_rule(
&self,
body: SecurityMonitoringRuleCreatePayload,
) -> Result<SecurityMonitoringRuleResponse, Error<CreateSecurityMonitoringRuleError>>
pub async fn create_security_monitoring_rule( &self, body: SecurityMonitoringRuleCreatePayload, ) -> Result<SecurityMonitoringRuleResponse, Error<CreateSecurityMonitoringRuleError>>
Create a detection rule.
Examples found in repository?
17async fn main() {
18 let body =
19 SecurityMonitoringRuleCreatePayload::SecurityMonitoringStandardRuleCreatePayload(Box::new(
20 SecurityMonitoringStandardRuleCreatePayload::new(
21 vec![
22 SecurityMonitoringRuleCaseCreate::new(SecurityMonitoringRuleSeverity::INFO)
23 .condition("a > 0".to_string())
24 .name("".to_string())
25 .notifications(vec![]),
26 ],
27 true,
28 "Test rule".to_string(),
29 "Example-Security-Monitoring".to_string(),
30 SecurityMonitoringRuleOptions::new()
31 .evaluation_window(SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES)
32 .keep_alive(SecurityMonitoringRuleKeepAlive::ONE_HOUR)
33 .max_signal_duration(SecurityMonitoringRuleMaxSignalDuration::ONE_DAY),
34 vec![SecurityMonitoringStandardRuleQuery::new()
35 .aggregation(SecurityMonitoringRuleQueryAggregation::COUNT)
36 .distinct_fields(vec![])
37 .group_by_fields(vec![])
38 .metric("".to_string())
39 .query("@test:true".to_string())],
40 )
41 .filters(vec![])
42 .tags(vec![])
43 .type_(SecurityMonitoringRuleTypeCreate::WORKLOAD_SECURITY),
44 ));
45 let configuration = datadog::Configuration::new();
46 let api = SecurityMonitoringAPI::with_config(configuration);
47 let resp = api.create_security_monitoring_rule(body).await;
48 if let Ok(value) = resp {
49 println!("{:#?}", value);
50 } else {
51 println!("{:#?}", resp.unwrap_err());
52 }
53}
More examples
19async fn main() {
20 let body =
21 SecurityMonitoringRuleCreatePayload::SecurityMonitoringStandardRuleCreatePayload(Box::new(
22 SecurityMonitoringStandardRuleCreatePayload::new(
23 vec![
24 SecurityMonitoringRuleCaseCreate::new(SecurityMonitoringRuleSeverity::INFO)
25 .name("".to_string())
26 .notifications(vec![]),
27 ],
28 true,
29 "test".to_string(),
30 "Example-Security-Monitoring".to_string(),
31 SecurityMonitoringRuleOptions::new()
32 .detection_method(SecurityMonitoringRuleDetectionMethod::IMPOSSIBLE_TRAVEL)
33 .evaluation_window(SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES)
34 .impossible_travel_options(
35 SecurityMonitoringRuleImpossibleTravelOptions::new()
36 .baseline_user_locations(false),
37 )
38 .keep_alive(SecurityMonitoringRuleKeepAlive::ONE_HOUR)
39 .max_signal_duration(SecurityMonitoringRuleMaxSignalDuration::ONE_DAY),
40 vec![SecurityMonitoringStandardRuleQuery::new()
41 .aggregation(SecurityMonitoringRuleQueryAggregation::GEO_DATA)
42 .distinct_fields(vec![])
43 .group_by_fields(vec!["@usr.id".to_string()])
44 .metric("@network.client.geoip".to_string())
45 .query("*".to_string())],
46 )
47 .filters(vec![])
48 .has_extended_title(true)
49 .tags(vec![])
50 .type_(SecurityMonitoringRuleTypeCreate::LOG_DETECTION),
51 ));
52 let configuration = datadog::Configuration::new();
53 let api = SecurityMonitoringAPI::with_config(configuration);
54 let resp = api.create_security_monitoring_rule(body).await;
55 if let Ok(value) = resp {
56 println!("{:#?}", value);
57 } else {
58 println!("{:#?}", resp.unwrap_err());
59 }
60}
18async fn main() {
19 let body =
20 SecurityMonitoringRuleCreatePayload::SecurityMonitoringStandardRuleCreatePayload(Box::new(
21 SecurityMonitoringStandardRuleCreatePayload::new(
22 vec![
23 SecurityMonitoringRuleCaseCreate::new(SecurityMonitoringRuleSeverity::INFO)
24 .condition("a > 0".to_string())
25 .name("".to_string())
26 .notifications(vec![]),
27 ],
28 true,
29 "Test rule".to_string(),
30 "Example-Security-Monitoring".to_string(),
31 SecurityMonitoringRuleOptions::new()
32 .evaluation_window(SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES)
33 .keep_alive(SecurityMonitoringRuleKeepAlive::ONE_HOUR)
34 .max_signal_duration(SecurityMonitoringRuleMaxSignalDuration::ONE_DAY),
35 vec![SecurityMonitoringStandardRuleQuery::new()
36 .aggregation(SecurityMonitoringRuleQueryAggregation::COUNT)
37 .distinct_fields(vec![])
38 .group_by_fields(vec![])
39 .metric("".to_string())
40 .query("@test:true".to_string())],
41 )
42 .filters(vec![])
43 .reference_tables(vec![SecurityMonitoringReferenceTable::new()
44 .check_presence(true)
45 .column_name("value".to_string())
46 .log_field_path("testtag".to_string())
47 .rule_query_name("a".to_string())
48 .table_name("synthetics_test_reference_table_dont_delete".to_string())])
49 .tags(vec![])
50 .type_(SecurityMonitoringRuleTypeCreate::LOG_DETECTION),
51 ));
52 let configuration = datadog::Configuration::new();
53 let api = SecurityMonitoringAPI::with_config(configuration);
54 let resp = api.create_security_monitoring_rule(body).await;
55 if let Ok(value) = resp {
56 println!("{:#?}", value);
57 } else {
58 println!("{:#?}", resp.unwrap_err());
59 }
60}
17async fn main() {
18 // there is a valid "security_rule" in the system
19 let security_rule_id = std::env::var("SECURITY_RULE_ID").unwrap();
20
21 // there is a valid "security_rule_bis" in the system
22 let security_rule_bis_id = std::env::var("SECURITY_RULE_BIS_ID").unwrap();
23 let body =
24 SecurityMonitoringRuleCreatePayload::SecurityMonitoringSignalRuleCreatePayload(Box::new(
25 SecurityMonitoringSignalRuleCreatePayload::new(
26 vec![
27 SecurityMonitoringRuleCaseCreate::new(SecurityMonitoringRuleSeverity::INFO)
28 .condition("a > 0 && b > 0".to_string())
29 .name("".to_string())
30 .notifications(vec![]),
31 ],
32 true,
33 "Test signal correlation rule".to_string(),
34 "Example-Security-Monitoring_signal_rule".to_string(),
35 SecurityMonitoringRuleOptions::new()
36 .evaluation_window(SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES)
37 .keep_alive(SecurityMonitoringRuleKeepAlive::ONE_HOUR)
38 .max_signal_duration(SecurityMonitoringRuleMaxSignalDuration::ONE_DAY),
39 vec![
40 SecurityMonitoringSignalRuleQuery::new(security_rule_id.clone())
41 .aggregation(SecurityMonitoringRuleQueryAggregation::EVENT_COUNT)
42 .correlated_by_fields(vec!["host".to_string()])
43 .correlated_query_index(1),
44 SecurityMonitoringSignalRuleQuery::new(security_rule_bis_id.clone())
45 .aggregation(SecurityMonitoringRuleQueryAggregation::EVENT_COUNT)
46 .correlated_by_fields(vec!["host".to_string()]),
47 ],
48 )
49 .filters(vec![])
50 .tags(vec![])
51 .type_(SecurityMonitoringSignalRuleType::SIGNAL_CORRELATION),
52 ));
53 let configuration = datadog::Configuration::new();
54 let api = SecurityMonitoringAPI::with_config(configuration);
55 let resp = api.create_security_monitoring_rule(body).await;
56 if let Ok(value) = resp {
57 println!("{:#?}", value);
58 } else {
59 println!("{:#?}", resp.unwrap_err());
60 }
61}
18async fn main() {
19 let body =
20 SecurityMonitoringRuleCreatePayload::SecurityMonitoringStandardRuleCreatePayload(Box::new(
21 SecurityMonitoringStandardRuleCreatePayload::new(
22 vec![],
23 true,
24 "This is a third party rule".to_string(),
25 "Example-Security-Monitoring".to_string(),
26 SecurityMonitoringRuleOptions::new()
27 .detection_method(SecurityMonitoringRuleDetectionMethod::THIRD_PARTY)
28 .keep_alive(SecurityMonitoringRuleKeepAlive::ZERO_MINUTES)
29 .max_signal_duration(SecurityMonitoringRuleMaxSignalDuration::TEN_MINUTES)
30 .third_party_rule_options(
31 SecurityMonitoringRuleThirdPartyOptions::new()
32 .default_status(SecurityMonitoringRuleSeverity::INFO)
33 .root_queries(vec![
34 SecurityMonitoringThirdPartyRootQuery::new()
35 .group_by_fields(vec!["instance-id".to_string()])
36 .query("source:guardduty @details.alertType:*EC2*".to_string()),
37 SecurityMonitoringThirdPartyRootQuery::new()
38 .group_by_fields(vec![])
39 .query("source:guardduty".to_string()),
40 ]),
41 ),
42 vec![],
43 )
44 .third_party_cases(vec![
45 SecurityMonitoringThirdPartyRuleCaseCreate::new(
46 SecurityMonitoringRuleSeverity::HIGH,
47 )
48 .name("high".to_string())
49 .query("status:error".to_string()),
50 SecurityMonitoringThirdPartyRuleCaseCreate::new(
51 SecurityMonitoringRuleSeverity::LOW,
52 )
53 .name("low".to_string())
54 .query("status:info".to_string()),
55 ])
56 .type_(SecurityMonitoringRuleTypeCreate::LOG_DETECTION),
57 ));
58 let configuration = datadog::Configuration::new();
59 let api = SecurityMonitoringAPI::with_config(configuration);
60 let resp = api.create_security_monitoring_rule(body).await;
61 if let Ok(value) = resp {
62 println!("{:#?}", value);
63 } else {
64 println!("{:#?}", resp.unwrap_err());
65 }
66}
21async fn main() {
22 let body =
23 SecurityMonitoringRuleCreatePayload::SecurityMonitoringStandardRuleCreatePayload(Box::new(
24 SecurityMonitoringStandardRuleCreatePayload::new(
25 vec![
26 SecurityMonitoringRuleCaseCreate::new(SecurityMonitoringRuleSeverity::INFO)
27 .actions(vec![
28 SecurityMonitoringRuleCaseAction::new()
29 .options(
30 SecurityMonitoringRuleCaseActionOptions::new().duration(900),
31 )
32 .type_(SecurityMonitoringRuleCaseActionType::BLOCK_IP),
33 SecurityMonitoringRuleCaseAction::new()
34 .options(
35 SecurityMonitoringRuleCaseActionOptions::new()
36 .user_behavior_name("behavior".to_string()),
37 )
38 .type_(SecurityMonitoringRuleCaseActionType::USER_BEHAVIOR),
39 ])
40 .condition("a > 100000".to_string())
41 .name("".to_string())
42 .notifications(vec![]),
43 ],
44 true,
45 "Test rule".to_string(),
46 "Example-Security-Monitoring_appsec_rule".to_string(),
47 SecurityMonitoringRuleOptions::new()
48 .detection_method(SecurityMonitoringRuleDetectionMethod::THRESHOLD)
49 .evaluation_window(SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES)
50 .keep_alive(SecurityMonitoringRuleKeepAlive::ONE_HOUR)
51 .max_signal_duration(SecurityMonitoringRuleMaxSignalDuration::ONE_DAY),
52 vec![SecurityMonitoringStandardRuleQuery::new()
53 .aggregation(SecurityMonitoringRuleQueryAggregation::COUNT)
54 .distinct_fields(vec![])
55 .group_by_fields(vec!["service".to_string(), "@http.client_ip".to_string()])
56 .query(
57 "@appsec.security_activity:business_logic.users.login.failure".to_string(),
58 )],
59 )
60 .filters(vec![])
61 .group_signals_by(vec!["service".to_string()])
62 .tags(vec![])
63 .type_(SecurityMonitoringRuleTypeCreate::APPLICATION_SECURITY),
64 ));
65 let configuration = datadog::Configuration::new();
66 let api = SecurityMonitoringAPI::with_config(configuration);
67 let resp = api.create_security_monitoring_rule(body).await;
68 if let Ok(value) = resp {
69 println!("{:#?}", value);
70 } else {
71 println!("{:#?}", resp.unwrap_err());
72 }
73}
Sourcepub async fn create_security_monitoring_rule_with_http_info(
&self,
body: SecurityMonitoringRuleCreatePayload,
) -> Result<ResponseContent<SecurityMonitoringRuleResponse>, Error<CreateSecurityMonitoringRuleError>>
pub async fn create_security_monitoring_rule_with_http_info( &self, body: SecurityMonitoringRuleCreatePayload, ) -> Result<ResponseContent<SecurityMonitoringRuleResponse>, Error<CreateSecurityMonitoringRuleError>>
Create a detection rule.
Sourcepub async fn create_security_monitoring_suppression(
&self,
body: SecurityMonitoringSuppressionCreateRequest,
) -> Result<SecurityMonitoringSuppressionResponse, Error<CreateSecurityMonitoringSuppressionError>>
pub async fn create_security_monitoring_suppression( &self, body: SecurityMonitoringSuppressionCreateRequest, ) -> Result<SecurityMonitoringSuppressionResponse, Error<CreateSecurityMonitoringSuppressionError>>
Create a new suppression rule.
Examples found in repository?
10async fn main() {
11 let body = SecurityMonitoringSuppressionCreateRequest::new(
12 SecurityMonitoringSuppressionCreateData::new(
13 SecurityMonitoringSuppressionCreateAttributes::new(
14 true,
15 "Example-Security-Monitoring".to_string(),
16 "type:log_detection source:cloudtrail".to_string(),
17 )
18 .data_exclusion_query("account_id:12345".to_string())
19 .description(
20 "This rule suppresses low-severity signals in staging environments.".to_string(),
21 )
22 .expiration_date(1638443471000)
23 .start_date(1637493071000),
24 SecurityMonitoringSuppressionType::SUPPRESSIONS,
25 ),
26 );
27 let configuration = datadog::Configuration::new();
28 let api = SecurityMonitoringAPI::with_config(configuration);
29 let resp = api.create_security_monitoring_suppression(body).await;
30 if let Ok(value) = resp {
31 println!("{:#?}", value);
32 } else {
33 println!("{:#?}", resp.unwrap_err());
34 }
35}
More examples
10async fn main() {
11 let body = SecurityMonitoringSuppressionCreateRequest::new(
12 SecurityMonitoringSuppressionCreateData::new(
13 SecurityMonitoringSuppressionCreateAttributes::new(
14 true,
15 "Example-Security-Monitoring".to_string(),
16 "type:log_detection source:cloudtrail".to_string(),
17 )
18 .description(
19 "This rule suppresses low-severity signals in staging environments.".to_string(),
20 )
21 .expiration_date(1638443471000)
22 .start_date(1637493071000)
23 .suppression_query("env:staging status:low".to_string()),
24 SecurityMonitoringSuppressionType::SUPPRESSIONS,
25 ),
26 );
27 let configuration = datadog::Configuration::new();
28 let api = SecurityMonitoringAPI::with_config(configuration);
29 let resp = api.create_security_monitoring_suppression(body).await;
30 if let Ok(value) = resp {
31 println!("{:#?}", value);
32 } else {
33 println!("{:#?}", resp.unwrap_err());
34 }
35}
Sourcepub async fn create_security_monitoring_suppression_with_http_info(
&self,
body: SecurityMonitoringSuppressionCreateRequest,
) -> Result<ResponseContent<SecurityMonitoringSuppressionResponse>, Error<CreateSecurityMonitoringSuppressionError>>
pub async fn create_security_monitoring_suppression_with_http_info( &self, body: SecurityMonitoringSuppressionCreateRequest, ) -> Result<ResponseContent<SecurityMonitoringSuppressionResponse>, Error<CreateSecurityMonitoringSuppressionError>>
Create a new suppression rule.
Sourcepub async fn create_signal_notification_rule(
&self,
body: CreateNotificationRuleParameters,
) -> Result<NotificationRuleResponse, Error<CreateSignalNotificationRuleError>>
pub async fn create_signal_notification_rule( &self, body: CreateNotificationRuleParameters, ) -> Result<NotificationRuleResponse, Error<CreateSignalNotificationRuleError>>
Create a new notification rule for security signals and return the created rule.
Examples found in repository?
15async fn main() {
16 let body =
17 CreateNotificationRuleParameters::new().data(CreateNotificationRuleParametersData::new(
18 CreateNotificationRuleParametersDataAttributes::new(
19 "Rule 1".to_string(),
20 Selectors::new(TriggerSource::SECURITY_FINDINGS)
21 .query("(source:production_service OR env:prod)".to_string())
22 .rule_types(vec![
23 RuleTypesItems::MISCONFIGURATION,
24 RuleTypesItems::ATTACK_PATH,
25 ])
26 .severities(vec![RuleSeverity::CRITICAL]),
27 vec!["@john.doe@email.com".to_string()],
28 )
29 .enabled(true)
30 .time_aggregation(86400),
31 NotificationRulesType::NOTIFICATION_RULES,
32 ));
33 let configuration = datadog::Configuration::new();
34 let api = SecurityMonitoringAPI::with_config(configuration);
35 let resp = api.create_signal_notification_rule(body).await;
36 if let Ok(value) = resp {
37 println!("{:#?}", value);
38 } else {
39 println!("{:#?}", resp.unwrap_err());
40 }
41}
Sourcepub async fn create_signal_notification_rule_with_http_info(
&self,
body: CreateNotificationRuleParameters,
) -> Result<ResponseContent<NotificationRuleResponse>, Error<CreateSignalNotificationRuleError>>
pub async fn create_signal_notification_rule_with_http_info( &self, body: CreateNotificationRuleParameters, ) -> Result<ResponseContent<NotificationRuleResponse>, Error<CreateSignalNotificationRuleError>>
Create a new notification rule for security signals and return the created rule.
Sourcepub async fn create_vulnerability_notification_rule(
&self,
body: CreateNotificationRuleParameters,
) -> Result<NotificationRuleResponse, Error<CreateVulnerabilityNotificationRuleError>>
pub async fn create_vulnerability_notification_rule( &self, body: CreateNotificationRuleParameters, ) -> Result<NotificationRuleResponse, Error<CreateVulnerabilityNotificationRuleError>>
Create a new notification rule for security vulnerabilities and return the created rule.
Examples found in repository?
15async fn main() {
16 let body =
17 CreateNotificationRuleParameters::new().data(CreateNotificationRuleParametersData::new(
18 CreateNotificationRuleParametersDataAttributes::new(
19 "Rule 1".to_string(),
20 Selectors::new(TriggerSource::SECURITY_FINDINGS)
21 .query("(source:production_service OR env:prod)".to_string())
22 .rule_types(vec![
23 RuleTypesItems::MISCONFIGURATION,
24 RuleTypesItems::ATTACK_PATH,
25 ])
26 .severities(vec![RuleSeverity::CRITICAL]),
27 vec!["@john.doe@email.com".to_string()],
28 )
29 .enabled(true)
30 .time_aggregation(86400),
31 NotificationRulesType::NOTIFICATION_RULES,
32 ));
33 let configuration = datadog::Configuration::new();
34 let api = SecurityMonitoringAPI::with_config(configuration);
35 let resp = api.create_vulnerability_notification_rule(body).await;
36 if let Ok(value) = resp {
37 println!("{:#?}", value);
38 } else {
39 println!("{:#?}", resp.unwrap_err());
40 }
41}
Sourcepub async fn create_vulnerability_notification_rule_with_http_info(
&self,
body: CreateNotificationRuleParameters,
) -> Result<ResponseContent<NotificationRuleResponse>, Error<CreateVulnerabilityNotificationRuleError>>
pub async fn create_vulnerability_notification_rule_with_http_info( &self, body: CreateNotificationRuleParameters, ) -> Result<ResponseContent<NotificationRuleResponse>, Error<CreateVulnerabilityNotificationRuleError>>
Create a new notification rule for security vulnerabilities and return the created rule.
Sourcepub async fn delete_custom_framework(
&self,
handle: String,
version: String,
) -> Result<DeleteCustomFrameworkResponse, Error<DeleteCustomFrameworkError>>
pub async fn delete_custom_framework( &self, handle: String, version: String, ) -> Result<DeleteCustomFrameworkResponse, Error<DeleteCustomFrameworkError>>
Delete a custom framework.
Examples found in repository?
6async fn main() {
7 let configuration = datadog::Configuration::new();
8 let api = SecurityMonitoringAPI::with_config(configuration);
9 let resp = api
10 .delete_custom_framework("create-framework-new".to_string(), "10".to_string())
11 .await;
12 if let Ok(value) = resp {
13 println!("{:#?}", value);
14 } else {
15 println!("{:#?}", resp.unwrap_err());
16 }
17}
Sourcepub async fn delete_custom_framework_with_http_info(
&self,
handle: String,
version: String,
) -> Result<ResponseContent<DeleteCustomFrameworkResponse>, Error<DeleteCustomFrameworkError>>
pub async fn delete_custom_framework_with_http_info( &self, handle: String, version: String, ) -> Result<ResponseContent<DeleteCustomFrameworkResponse>, Error<DeleteCustomFrameworkError>>
Delete a custom framework.
Sourcepub async fn delete_historical_job(
&self,
job_id: String,
) -> Result<(), Error<DeleteHistoricalJobError>>
pub async fn delete_historical_job( &self, job_id: String, ) -> Result<(), Error<DeleteHistoricalJobError>>
Delete an existing job.
Sourcepub async fn delete_historical_job_with_http_info(
&self,
job_id: String,
) -> Result<ResponseContent<()>, Error<DeleteHistoricalJobError>>
pub async fn delete_historical_job_with_http_info( &self, job_id: String, ) -> Result<ResponseContent<()>, Error<DeleteHistoricalJobError>>
Delete an existing job.
Sourcepub async fn delete_security_filter(
&self,
security_filter_id: String,
) -> Result<(), Error<DeleteSecurityFilterError>>
pub async fn delete_security_filter( &self, security_filter_id: String, ) -> Result<(), Error<DeleteSecurityFilterError>>
Delete a specific security filter.
Examples found in repository?
6async fn main() {
7 let configuration = datadog::Configuration::new();
8 let api = SecurityMonitoringAPI::with_config(configuration);
9 let resp = api
10 .delete_security_filter("security_filter_id".to_string())
11 .await;
12 if let Ok(value) = resp {
13 println!("{:#?}", value);
14 } else {
15 println!("{:#?}", resp.unwrap_err());
16 }
17}
More examples
6async fn main() {
7 // there is a valid "security_filter" in the system
8 let security_filter_data_id = std::env::var("SECURITY_FILTER_DATA_ID").unwrap();
9 let configuration = datadog::Configuration::new();
10 let api = SecurityMonitoringAPI::with_config(configuration);
11 let resp = api
12 .delete_security_filter(security_filter_data_id.clone())
13 .await;
14 if let Ok(value) = resp {
15 println!("{:#?}", value);
16 } else {
17 println!("{:#?}", resp.unwrap_err());
18 }
19}
Sourcepub async fn delete_security_filter_with_http_info(
&self,
security_filter_id: String,
) -> Result<ResponseContent<()>, Error<DeleteSecurityFilterError>>
pub async fn delete_security_filter_with_http_info( &self, security_filter_id: String, ) -> Result<ResponseContent<()>, Error<DeleteSecurityFilterError>>
Delete a specific security filter.
Sourcepub async fn delete_security_monitoring_rule(
&self,
rule_id: String,
) -> Result<(), Error<DeleteSecurityMonitoringRuleError>>
pub async fn delete_security_monitoring_rule( &self, rule_id: String, ) -> Result<(), Error<DeleteSecurityMonitoringRuleError>>
Delete an existing rule. Default rules cannot be deleted.
Examples found in repository?
6async fn main() {
7 // there is a valid "security_rule" in the system
8 let security_rule_id = std::env::var("SECURITY_RULE_ID").unwrap();
9 let configuration = datadog::Configuration::new();
10 let api = SecurityMonitoringAPI::with_config(configuration);
11 let resp = api
12 .delete_security_monitoring_rule(security_rule_id.clone())
13 .await;
14 if let Ok(value) = resp {
15 println!("{:#?}", value);
16 } else {
17 println!("{:#?}", resp.unwrap_err());
18 }
19}
Sourcepub async fn delete_security_monitoring_rule_with_http_info(
&self,
rule_id: String,
) -> Result<ResponseContent<()>, Error<DeleteSecurityMonitoringRuleError>>
pub async fn delete_security_monitoring_rule_with_http_info( &self, rule_id: String, ) -> Result<ResponseContent<()>, Error<DeleteSecurityMonitoringRuleError>>
Delete an existing rule. Default rules cannot be deleted.
Sourcepub async fn delete_security_monitoring_suppression(
&self,
suppression_id: String,
) -> Result<(), Error<DeleteSecurityMonitoringSuppressionError>>
pub async fn delete_security_monitoring_suppression( &self, suppression_id: String, ) -> Result<(), Error<DeleteSecurityMonitoringSuppressionError>>
Delete a specific suppression rule.
Examples found in repository?
6async fn main() {
7 // there is a valid "suppression" in the system
8 let suppression_data_id = std::env::var("SUPPRESSION_DATA_ID").unwrap();
9 let configuration = datadog::Configuration::new();
10 let api = SecurityMonitoringAPI::with_config(configuration);
11 let resp = api
12 .delete_security_monitoring_suppression(suppression_data_id.clone())
13 .await;
14 if let Ok(value) = resp {
15 println!("{:#?}", value);
16 } else {
17 println!("{:#?}", resp.unwrap_err());
18 }
19}
Sourcepub async fn delete_security_monitoring_suppression_with_http_info(
&self,
suppression_id: String,
) -> Result<ResponseContent<()>, Error<DeleteSecurityMonitoringSuppressionError>>
pub async fn delete_security_monitoring_suppression_with_http_info( &self, suppression_id: String, ) -> Result<ResponseContent<()>, Error<DeleteSecurityMonitoringSuppressionError>>
Delete a specific suppression rule.
Sourcepub async fn delete_signal_notification_rule(
&self,
id: String,
) -> Result<(), Error<DeleteSignalNotificationRuleError>>
pub async fn delete_signal_notification_rule( &self, id: String, ) -> Result<(), Error<DeleteSignalNotificationRuleError>>
Delete a notification rule for security signals.
Examples found in repository?
7async fn main() {
8 // there is a valid "valid_signal_notification_rule" in the system
9 let valid_signal_notification_rule_data_id =
10 std::env::var("VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID").unwrap();
11 let configuration = datadog::Configuration::new();
12 let api = SecurityMonitoringAPI::with_config(configuration);
13 let resp = api
14 .delete_signal_notification_rule(valid_signal_notification_rule_data_id.clone())
15 .await;
16 if let Ok(value) = resp {
17 println!("{:#?}", value);
18 } else {
19 println!("{:#?}", resp.unwrap_err());
20 }
21}
Sourcepub async fn delete_signal_notification_rule_with_http_info(
&self,
id: String,
) -> Result<ResponseContent<()>, Error<DeleteSignalNotificationRuleError>>
pub async fn delete_signal_notification_rule_with_http_info( &self, id: String, ) -> Result<ResponseContent<()>, Error<DeleteSignalNotificationRuleError>>
Delete a notification rule for security signals.
Sourcepub async fn delete_vulnerability_notification_rule(
&self,
id: String,
) -> Result<(), Error<DeleteVulnerabilityNotificationRuleError>>
pub async fn delete_vulnerability_notification_rule( &self, id: String, ) -> Result<(), Error<DeleteVulnerabilityNotificationRuleError>>
Delete a notification rule for security vulnerabilities.
Examples found in repository?
7async fn main() {
8 // there is a valid "valid_vulnerability_notification_rule" in the system
9 let valid_vulnerability_notification_rule_data_id =
10 std::env::var("VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID").unwrap();
11 let configuration = datadog::Configuration::new();
12 let api = SecurityMonitoringAPI::with_config(configuration);
13 let resp = api
14 .delete_vulnerability_notification_rule(
15 valid_vulnerability_notification_rule_data_id.clone(),
16 )
17 .await;
18 if let Ok(value) = resp {
19 println!("{:#?}", value);
20 } else {
21 println!("{:#?}", resp.unwrap_err());
22 }
23}
Sourcepub async fn delete_vulnerability_notification_rule_with_http_info(
&self,
id: String,
) -> Result<ResponseContent<()>, Error<DeleteVulnerabilityNotificationRuleError>>
pub async fn delete_vulnerability_notification_rule_with_http_info( &self, id: String, ) -> Result<ResponseContent<()>, Error<DeleteVulnerabilityNotificationRuleError>>
Delete a notification rule for security vulnerabilities.
Sourcepub async fn edit_security_monitoring_signal_assignee(
&self,
signal_id: String,
body: SecurityMonitoringSignalAssigneeUpdateRequest,
) -> Result<SecurityMonitoringSignalTriageUpdateResponse, Error<EditSecurityMonitoringSignalAssigneeError>>
pub async fn edit_security_monitoring_signal_assignee( &self, signal_id: String, body: SecurityMonitoringSignalAssigneeUpdateRequest, ) -> Result<SecurityMonitoringSignalTriageUpdateResponse, Error<EditSecurityMonitoringSignalAssigneeError>>
Modify the triage assignee of a security signal.
Examples found in repository?
10async fn main() {
11 let body = SecurityMonitoringSignalAssigneeUpdateRequest::new(
12 SecurityMonitoringSignalAssigneeUpdateData::new(
13 SecurityMonitoringSignalAssigneeUpdateAttributes::new(
14 SecurityMonitoringTriageUser::new("".to_string()),
15 ),
16 ),
17 );
18 let configuration = datadog::Configuration::new();
19 let api = SecurityMonitoringAPI::with_config(configuration);
20 let resp = api
21 .edit_security_monitoring_signal_assignee(
22 "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE".to_string(),
23 body,
24 )
25 .await;
26 if let Ok(value) = resp {
27 println!("{:#?}", value);
28 } else {
29 println!("{:#?}", resp.unwrap_err());
30 }
31}
Sourcepub async fn edit_security_monitoring_signal_assignee_with_http_info(
&self,
signal_id: String,
body: SecurityMonitoringSignalAssigneeUpdateRequest,
) -> Result<ResponseContent<SecurityMonitoringSignalTriageUpdateResponse>, Error<EditSecurityMonitoringSignalAssigneeError>>
pub async fn edit_security_monitoring_signal_assignee_with_http_info( &self, signal_id: String, body: SecurityMonitoringSignalAssigneeUpdateRequest, ) -> Result<ResponseContent<SecurityMonitoringSignalTriageUpdateResponse>, Error<EditSecurityMonitoringSignalAssigneeError>>
Modify the triage assignee of a security signal.
Sourcepub async fn edit_security_monitoring_signal_incidents(
&self,
signal_id: String,
body: SecurityMonitoringSignalIncidentsUpdateRequest,
) -> Result<SecurityMonitoringSignalTriageUpdateResponse, Error<EditSecurityMonitoringSignalIncidentsError>>
pub async fn edit_security_monitoring_signal_incidents( &self, signal_id: String, body: SecurityMonitoringSignalIncidentsUpdateRequest, ) -> Result<SecurityMonitoringSignalTriageUpdateResponse, Error<EditSecurityMonitoringSignalIncidentsError>>
Change the related incidents for a security signal.
Examples found in repository?
9async fn main() {
10 let body = SecurityMonitoringSignalIncidentsUpdateRequest::new(
11 SecurityMonitoringSignalIncidentsUpdateData::new(
12 SecurityMonitoringSignalIncidentsUpdateAttributes::new(vec![2066]),
13 ),
14 );
15 let configuration = datadog::Configuration::new();
16 let api = SecurityMonitoringAPI::with_config(configuration);
17 let resp = api
18 .edit_security_monitoring_signal_incidents(
19 "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE".to_string(),
20 body,
21 )
22 .await;
23 if let Ok(value) = resp {
24 println!("{:#?}", value);
25 } else {
26 println!("{:#?}", resp.unwrap_err());
27 }
28}
Sourcepub async fn edit_security_monitoring_signal_incidents_with_http_info(
&self,
signal_id: String,
body: SecurityMonitoringSignalIncidentsUpdateRequest,
) -> Result<ResponseContent<SecurityMonitoringSignalTriageUpdateResponse>, Error<EditSecurityMonitoringSignalIncidentsError>>
pub async fn edit_security_monitoring_signal_incidents_with_http_info( &self, signal_id: String, body: SecurityMonitoringSignalIncidentsUpdateRequest, ) -> Result<ResponseContent<SecurityMonitoringSignalTriageUpdateResponse>, Error<EditSecurityMonitoringSignalIncidentsError>>
Change the related incidents for a security signal.
Sourcepub async fn edit_security_monitoring_signal_state(
&self,
signal_id: String,
body: SecurityMonitoringSignalStateUpdateRequest,
) -> Result<SecurityMonitoringSignalTriageUpdateResponse, Error<EditSecurityMonitoringSignalStateError>>
pub async fn edit_security_monitoring_signal_state( &self, signal_id: String, body: SecurityMonitoringSignalStateUpdateRequest, ) -> Result<SecurityMonitoringSignalTriageUpdateResponse, Error<EditSecurityMonitoringSignalStateError>>
Change the triage state of a security signal.
Examples found in repository?
11async fn main() {
12 let body = SecurityMonitoringSignalStateUpdateRequest::new(
13 SecurityMonitoringSignalStateUpdateData::new(
14 SecurityMonitoringSignalStateUpdateAttributes::new(SecurityMonitoringSignalState::OPEN)
15 .archive_reason(SecurityMonitoringSignalArchiveReason::NONE),
16 ),
17 );
18 let configuration = datadog::Configuration::new();
19 let api = SecurityMonitoringAPI::with_config(configuration);
20 let resp = api
21 .edit_security_monitoring_signal_state(
22 "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE".to_string(),
23 body,
24 )
25 .await;
26 if let Ok(value) = resp {
27 println!("{:#?}", value);
28 } else {
29 println!("{:#?}", resp.unwrap_err());
30 }
31}
Sourcepub async fn edit_security_monitoring_signal_state_with_http_info(
&self,
signal_id: String,
body: SecurityMonitoringSignalStateUpdateRequest,
) -> Result<ResponseContent<SecurityMonitoringSignalTriageUpdateResponse>, Error<EditSecurityMonitoringSignalStateError>>
pub async fn edit_security_monitoring_signal_state_with_http_info( &self, signal_id: String, body: SecurityMonitoringSignalStateUpdateRequest, ) -> Result<ResponseContent<SecurityMonitoringSignalTriageUpdateResponse>, Error<EditSecurityMonitoringSignalStateError>>
Change the triage state of a security signal.
Sourcepub async fn get_custom_framework(
&self,
handle: String,
version: String,
) -> Result<GetCustomFrameworkResponse, Error<GetCustomFrameworkError>>
pub async fn get_custom_framework( &self, handle: String, version: String, ) -> Result<GetCustomFrameworkResponse, Error<GetCustomFrameworkError>>
Get a custom framework.
Examples found in repository?
6async fn main() {
7 let configuration = datadog::Configuration::new();
8 let api = SecurityMonitoringAPI::with_config(configuration);
9 let resp = api
10 .get_custom_framework("create-framework-new".to_string(), "10".to_string())
11 .await;
12 if let Ok(value) = resp {
13 println!("{:#?}", value);
14 } else {
15 println!("{:#?}", resp.unwrap_err());
16 }
17}
Sourcepub async fn get_custom_framework_with_http_info(
&self,
handle: String,
version: String,
) -> Result<ResponseContent<GetCustomFrameworkResponse>, Error<GetCustomFrameworkError>>
pub async fn get_custom_framework_with_http_info( &self, handle: String, version: String, ) -> Result<ResponseContent<GetCustomFrameworkResponse>, Error<GetCustomFrameworkError>>
Get a custom framework.
Sourcepub async fn get_finding(
&self,
finding_id: String,
params: GetFindingOptionalParams,
) -> Result<GetFindingResponse, Error<GetFindingError>>
pub async fn get_finding( &self, finding_id: String, params: GetFindingOptionalParams, ) -> Result<GetFindingResponse, Error<GetFindingError>>
Returns a single finding with message and resource configuration.
Examples found in repository?
7async fn main() {
8 let mut configuration = datadog::Configuration::new();
9 configuration.set_unstable_operation_enabled("v2.GetFinding", true);
10 let api = SecurityMonitoringAPI::with_config(configuration);
11 let resp =
12 api
13 .get_finding(
14 "AgAAAYd59gjghzF52gAAAAAAAAAYAAAAAEFZZDU5Z2pnQUFCRTRvV1lFeEo4SlFBQQAAACQAAAAAMDE4NzdhMDEtMDRiYS00NTZlLWFmMzMtNTIxNmNkNjVlNDMz".to_string(),
15 GetFindingOptionalParams::default(),
16 )
17 .await;
18 if let Ok(value) = resp {
19 println!("{:#?}", value);
20 } else {
21 println!("{:#?}", resp.unwrap_err());
22 }
23}
Sourcepub async fn get_finding_with_http_info(
&self,
finding_id: String,
params: GetFindingOptionalParams,
) -> Result<ResponseContent<GetFindingResponse>, Error<GetFindingError>>
pub async fn get_finding_with_http_info( &self, finding_id: String, params: GetFindingOptionalParams, ) -> Result<ResponseContent<GetFindingResponse>, Error<GetFindingError>>
Returns a single finding with message and resource configuration.
Sourcepub async fn get_historical_job(
&self,
job_id: String,
) -> Result<HistoricalJobResponse, Error<GetHistoricalJobError>>
pub async fn get_historical_job( &self, job_id: String, ) -> Result<HistoricalJobResponse, Error<GetHistoricalJobError>>
Get a job’s details.
Examples found in repository?
6async fn main() {
7 // there is a valid "historical_job" in the system
8 let historical_job_data_id = std::env::var("HISTORICAL_JOB_DATA_ID").unwrap();
9 let mut configuration = datadog::Configuration::new();
10 configuration.set_unstable_operation_enabled("v2.GetHistoricalJob", true);
11 configuration.set_unstable_operation_enabled("v2.RunHistoricalJob", true);
12 let api = SecurityMonitoringAPI::with_config(configuration);
13 let resp = api.get_historical_job(historical_job_data_id.clone()).await;
14 if let Ok(value) = resp {
15 println!("{:#?}", value);
16 } else {
17 println!("{:#?}", resp.unwrap_err());
18 }
19}
Sourcepub async fn get_historical_job_with_http_info(
&self,
job_id: String,
) -> Result<ResponseContent<HistoricalJobResponse>, Error<GetHistoricalJobError>>
pub async fn get_historical_job_with_http_info( &self, job_id: String, ) -> Result<ResponseContent<HistoricalJobResponse>, Error<GetHistoricalJobError>>
Get a job’s details.
Sourcepub async fn get_resource_evaluation_filters(
&self,
params: GetResourceEvaluationFiltersOptionalParams,
) -> Result<GetResourceEvaluationFiltersResponse, Error<GetResourceEvaluationFiltersError>>
pub async fn get_resource_evaluation_filters( &self, params: GetResourceEvaluationFiltersOptionalParams, ) -> Result<GetResourceEvaluationFiltersResponse, Error<GetResourceEvaluationFiltersError>>
List resource filters.
Examples found in repository?
7async fn main() {
8 let configuration = datadog::Configuration::new();
9 let api = SecurityMonitoringAPI::with_config(configuration);
10 let resp = api
11 .get_resource_evaluation_filters(
12 GetResourceEvaluationFiltersOptionalParams::default()
13 .cloud_provider("aws".to_string())
14 .account_id("123456789".to_string()),
15 )
16 .await;
17 if let Ok(value) = resp {
18 println!("{:#?}", value);
19 } else {
20 println!("{:#?}", resp.unwrap_err());
21 }
22}
Sourcepub async fn get_resource_evaluation_filters_with_http_info(
&self,
params: GetResourceEvaluationFiltersOptionalParams,
) -> Result<ResponseContent<GetResourceEvaluationFiltersResponse>, Error<GetResourceEvaluationFiltersError>>
pub async fn get_resource_evaluation_filters_with_http_info( &self, params: GetResourceEvaluationFiltersOptionalParams, ) -> Result<ResponseContent<GetResourceEvaluationFiltersResponse>, Error<GetResourceEvaluationFiltersError>>
List resource filters.
Sourcepub async fn get_rule_version_history(
&self,
rule_id: String,
params: GetRuleVersionHistoryOptionalParams,
) -> Result<GetRuleVersionHistoryResponse, Error<GetRuleVersionHistoryError>>
pub async fn get_rule_version_history( &self, rule_id: String, params: GetRuleVersionHistoryOptionalParams, ) -> Result<GetRuleVersionHistoryResponse, Error<GetRuleVersionHistoryError>>
Get a rule’s version history.
Examples found in repository?
7async fn main() {
8 let mut configuration = datadog::Configuration::new();
9 configuration.set_unstable_operation_enabled("v2.GetRuleVersionHistory", true);
10 let api = SecurityMonitoringAPI::with_config(configuration);
11 let resp = api
12 .get_rule_version_history(
13 "rule_id".to_string(),
14 GetRuleVersionHistoryOptionalParams::default(),
15 )
16 .await;
17 if let Ok(value) = resp {
18 println!("{:#?}", value);
19 } else {
20 println!("{:#?}", resp.unwrap_err());
21 }
22}
More examples
7async fn main() {
8 // there is a valid "security_rule" in the system
9 let security_rule_id = std::env::var("SECURITY_RULE_ID").unwrap();
10 let mut configuration = datadog::Configuration::new();
11 configuration.set_unstable_operation_enabled("v2.GetRuleVersionHistory", true);
12 let api = SecurityMonitoringAPI::with_config(configuration);
13 let resp = api
14 .get_rule_version_history(
15 security_rule_id.clone(),
16 GetRuleVersionHistoryOptionalParams::default(),
17 )
18 .await;
19 if let Ok(value) = resp {
20 println!("{:#?}", value);
21 } else {
22 println!("{:#?}", resp.unwrap_err());
23 }
24}
Sourcepub async fn get_rule_version_history_with_http_info(
&self,
rule_id: String,
params: GetRuleVersionHistoryOptionalParams,
) -> Result<ResponseContent<GetRuleVersionHistoryResponse>, Error<GetRuleVersionHistoryError>>
pub async fn get_rule_version_history_with_http_info( &self, rule_id: String, params: GetRuleVersionHistoryOptionalParams, ) -> Result<ResponseContent<GetRuleVersionHistoryResponse>, Error<GetRuleVersionHistoryError>>
Get a rule’s version history.
Sourcepub async fn get_sbom(
&self,
asset_type: AssetType,
filter_asset_name: String,
params: GetSBOMOptionalParams,
) -> Result<GetSBOMResponse, Error<GetSBOMError>>
pub async fn get_sbom( &self, asset_type: AssetType, filter_asset_name: String, params: GetSBOMOptionalParams, ) -> Result<GetSBOMResponse, Error<GetSBOMError>>
Get a single SBOM related to an asset by its type and name.
Examples found in repository?
8async fn main() {
9 let mut configuration = datadog::Configuration::new();
10 configuration.set_unstable_operation_enabled("v2.GetSBOM", true);
11 let api = SecurityMonitoringAPI::with_config(configuration);
12 let resp = api
13 .get_sbom(
14 AssetType::REPOSITORY,
15 "github.com/datadog/datadog-agent".to_string(),
16 GetSBOMOptionalParams::default(),
17 )
18 .await;
19 if let Ok(value) = resp {
20 println!("{:#?}", value);
21 } else {
22 println!("{:#?}", resp.unwrap_err());
23 }
24}
Sourcepub async fn get_sbom_with_http_info(
&self,
asset_type: AssetType,
filter_asset_name: String,
params: GetSBOMOptionalParams,
) -> Result<ResponseContent<GetSBOMResponse>, Error<GetSBOMError>>
pub async fn get_sbom_with_http_info( &self, asset_type: AssetType, filter_asset_name: String, params: GetSBOMOptionalParams, ) -> Result<ResponseContent<GetSBOMResponse>, Error<GetSBOMError>>
Get a single SBOM related to an asset by its type and name.
Sourcepub async fn get_security_filter(
&self,
security_filter_id: String,
) -> Result<SecurityFilterResponse, Error<GetSecurityFilterError>>
pub async fn get_security_filter( &self, security_filter_id: String, ) -> Result<SecurityFilterResponse, Error<GetSecurityFilterError>>
Get the details of a specific security filter.
See the security filter guide for more examples.
Examples found in repository?
6async fn main() {
7 // there is a valid "security_filter" in the system
8 let security_filter_data_id = std::env::var("SECURITY_FILTER_DATA_ID").unwrap();
9 let configuration = datadog::Configuration::new();
10 let api = SecurityMonitoringAPI::with_config(configuration);
11 let resp = api
12 .get_security_filter(security_filter_data_id.clone())
13 .await;
14 if let Ok(value) = resp {
15 println!("{:#?}", value);
16 } else {
17 println!("{:#?}", resp.unwrap_err());
18 }
19}
Sourcepub async fn get_security_filter_with_http_info(
&self,
security_filter_id: String,
) -> Result<ResponseContent<SecurityFilterResponse>, Error<GetSecurityFilterError>>
pub async fn get_security_filter_with_http_info( &self, security_filter_id: String, ) -> Result<ResponseContent<SecurityFilterResponse>, Error<GetSecurityFilterError>>
Get the details of a specific security filter.
See the security filter guide for more examples.
Sourcepub async fn get_security_monitoring_rule(
&self,
rule_id: String,
) -> Result<SecurityMonitoringRuleResponse, Error<GetSecurityMonitoringRuleError>>
pub async fn get_security_monitoring_rule( &self, rule_id: String, ) -> Result<SecurityMonitoringRuleResponse, Error<GetSecurityMonitoringRuleError>>
Get a rule’s details.
Examples found in repository?
6async fn main() {
7 // there is a valid "security_rule" in the system
8 let security_rule_id = std::env::var("SECURITY_RULE_ID").unwrap();
9 let configuration = datadog::Configuration::new();
10 let api = SecurityMonitoringAPI::with_config(configuration);
11 let resp = api
12 .get_security_monitoring_rule(security_rule_id.clone())
13 .await;
14 if let Ok(value) = resp {
15 println!("{:#?}", value);
16 } else {
17 println!("{:#?}", resp.unwrap_err());
18 }
19}
More examples
6async fn main() {
7 // there is a valid "cloud_configuration_rule" in the system
8 let cloud_configuration_rule_id = std::env::var("CLOUD_CONFIGURATION_RULE_ID").unwrap();
9 let configuration = datadog::Configuration::new();
10 let api = SecurityMonitoringAPI::with_config(configuration);
11 let resp = api
12 .get_security_monitoring_rule(cloud_configuration_rule_id.clone())
13 .await;
14 if let Ok(value) = resp {
15 println!("{:#?}", value);
16 } else {
17 println!("{:#?}", resp.unwrap_err());
18 }
19}
Sourcepub async fn get_security_monitoring_rule_with_http_info(
&self,
rule_id: String,
) -> Result<ResponseContent<SecurityMonitoringRuleResponse>, Error<GetSecurityMonitoringRuleError>>
pub async fn get_security_monitoring_rule_with_http_info( &self, rule_id: String, ) -> Result<ResponseContent<SecurityMonitoringRuleResponse>, Error<GetSecurityMonitoringRuleError>>
Get a rule’s details.
Sourcepub async fn get_security_monitoring_signal(
&self,
signal_id: String,
) -> Result<SecurityMonitoringSignalResponse, Error<GetSecurityMonitoringSignalError>>
pub async fn get_security_monitoring_signal( &self, signal_id: String, ) -> Result<SecurityMonitoringSignalResponse, Error<GetSecurityMonitoringSignalError>>
Get a signal’s details.
Examples found in repository?
6async fn main() {
7 let configuration = datadog::Configuration::new();
8 let api = SecurityMonitoringAPI::with_config(configuration);
9 let resp = api
10 .get_security_monitoring_signal(
11 "AQAAAYNqUBVU4-rffwAAAABBWU5xVUJWVUFBQjJBd3ptMDdQUnF3QUE".to_string(),
12 )
13 .await;
14 if let Ok(value) = resp {
15 println!("{:#?}", value);
16 } else {
17 println!("{:#?}", resp.unwrap_err());
18 }
19}
Sourcepub async fn get_security_monitoring_signal_with_http_info(
&self,
signal_id: String,
) -> Result<ResponseContent<SecurityMonitoringSignalResponse>, Error<GetSecurityMonitoringSignalError>>
pub async fn get_security_monitoring_signal_with_http_info( &self, signal_id: String, ) -> Result<ResponseContent<SecurityMonitoringSignalResponse>, Error<GetSecurityMonitoringSignalError>>
Get a signal’s details.
Sourcepub async fn get_security_monitoring_suppression(
&self,
suppression_id: String,
) -> Result<SecurityMonitoringSuppressionResponse, Error<GetSecurityMonitoringSuppressionError>>
pub async fn get_security_monitoring_suppression( &self, suppression_id: String, ) -> Result<SecurityMonitoringSuppressionResponse, Error<GetSecurityMonitoringSuppressionError>>
Get the details of a specific suppression rule.
Examples found in repository?
6async fn main() {
7 // there is a valid "suppression" in the system
8 let suppression_data_id = std::env::var("SUPPRESSION_DATA_ID").unwrap();
9 let configuration = datadog::Configuration::new();
10 let api = SecurityMonitoringAPI::with_config(configuration);
11 let resp = api
12 .get_security_monitoring_suppression(suppression_data_id.clone())
13 .await;
14 if let Ok(value) = resp {
15 println!("{:#?}", value);
16 } else {
17 println!("{:#?}", resp.unwrap_err());
18 }
19}
Sourcepub async fn get_security_monitoring_suppression_with_http_info(
&self,
suppression_id: String,
) -> Result<ResponseContent<SecurityMonitoringSuppressionResponse>, Error<GetSecurityMonitoringSuppressionError>>
pub async fn get_security_monitoring_suppression_with_http_info( &self, suppression_id: String, ) -> Result<ResponseContent<SecurityMonitoringSuppressionResponse>, Error<GetSecurityMonitoringSuppressionError>>
Get the details of a specific suppression rule.
Sourcepub async fn get_signal_notification_rule(
&self,
id: String,
) -> Result<NotificationRuleResponse, Error<GetSignalNotificationRuleError>>
pub async fn get_signal_notification_rule( &self, id: String, ) -> Result<NotificationRuleResponse, Error<GetSignalNotificationRuleError>>
Get the details of a notification rule for security signals.
Examples found in repository?
7async fn main() {
8 // there is a valid "valid_signal_notification_rule" in the system
9 let valid_signal_notification_rule_data_id =
10 std::env::var("VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID").unwrap();
11 let configuration = datadog::Configuration::new();
12 let api = SecurityMonitoringAPI::with_config(configuration);
13 let resp = api
14 .get_signal_notification_rule(valid_signal_notification_rule_data_id.clone())
15 .await;
16 if let Ok(value) = resp {
17 println!("{:#?}", value);
18 } else {
19 println!("{:#?}", resp.unwrap_err());
20 }
21}
Sourcepub async fn get_signal_notification_rule_with_http_info(
&self,
id: String,
) -> Result<ResponseContent<NotificationRuleResponse>, Error<GetSignalNotificationRuleError>>
pub async fn get_signal_notification_rule_with_http_info( &self, id: String, ) -> Result<ResponseContent<NotificationRuleResponse>, Error<GetSignalNotificationRuleError>>
Get the details of a notification rule for security signals.
Sourcepub async fn get_signal_notification_rules(
&self,
) -> Result<BTreeMap<String, Value>, Error<GetSignalNotificationRulesError>>
pub async fn get_signal_notification_rules( &self, ) -> Result<BTreeMap<String, Value>, Error<GetSignalNotificationRulesError>>
Returns the list of notification rules for security signals.
Sourcepub async fn get_signal_notification_rules_with_http_info(
&self,
) -> Result<ResponseContent<BTreeMap<String, Value>>, Error<GetSignalNotificationRulesError>>
pub async fn get_signal_notification_rules_with_http_info( &self, ) -> Result<ResponseContent<BTreeMap<String, Value>>, Error<GetSignalNotificationRulesError>>
Returns the list of notification rules for security signals.
Sourcepub async fn get_vulnerability_notification_rule(
&self,
id: String,
) -> Result<NotificationRuleResponse, Error<GetVulnerabilityNotificationRuleError>>
pub async fn get_vulnerability_notification_rule( &self, id: String, ) -> Result<NotificationRuleResponse, Error<GetVulnerabilityNotificationRuleError>>
Get the details of a notification rule for security vulnerabilities.
Examples found in repository?
7async fn main() {
8 // there is a valid "valid_vulnerability_notification_rule" in the system
9 let valid_vulnerability_notification_rule_data_id =
10 std::env::var("VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID").unwrap();
11 let configuration = datadog::Configuration::new();
12 let api = SecurityMonitoringAPI::with_config(configuration);
13 let resp = api
14 .get_vulnerability_notification_rule(valid_vulnerability_notification_rule_data_id.clone())
15 .await;
16 if let Ok(value) = resp {
17 println!("{:#?}", value);
18 } else {
19 println!("{:#?}", resp.unwrap_err());
20 }
21}
Sourcepub async fn get_vulnerability_notification_rule_with_http_info(
&self,
id: String,
) -> Result<ResponseContent<NotificationRuleResponse>, Error<GetVulnerabilityNotificationRuleError>>
pub async fn get_vulnerability_notification_rule_with_http_info( &self, id: String, ) -> Result<ResponseContent<NotificationRuleResponse>, Error<GetVulnerabilityNotificationRuleError>>
Get the details of a notification rule for security vulnerabilities.
Sourcepub async fn get_vulnerability_notification_rules(
&self,
) -> Result<BTreeMap<String, Value>, Error<GetVulnerabilityNotificationRulesError>>
pub async fn get_vulnerability_notification_rules( &self, ) -> Result<BTreeMap<String, Value>, Error<GetVulnerabilityNotificationRulesError>>
Returns the list of notification rules for security vulnerabilities.
Sourcepub async fn get_vulnerability_notification_rules_with_http_info(
&self,
) -> Result<ResponseContent<BTreeMap<String, Value>>, Error<GetVulnerabilityNotificationRulesError>>
pub async fn get_vulnerability_notification_rules_with_http_info( &self, ) -> Result<ResponseContent<BTreeMap<String, Value>>, Error<GetVulnerabilityNotificationRulesError>>
Returns the list of notification rules for security vulnerabilities.
Sourcepub async fn list_findings(
&self,
params: ListFindingsOptionalParams,
) -> Result<ListFindingsResponse, Error<ListFindingsError>>
pub async fn list_findings( &self, params: ListFindingsOptionalParams, ) -> Result<ListFindingsResponse, Error<ListFindingsError>>
Get a list of findings. These include both misconfigurations and identity risks.
Note: To filter and return only identity risks, add the following query parameter: ?filter[tags]=dd_rule_type:ciem
§Filtering
Filters can be applied by appending query parameters to the URL.
- Using a single filter:
?filter[attribute_key]=attribute_value
- Chaining filters:
?filter[attribute_key]=attribute_value&filter[attribute_key]=attribute_value...
- Filtering on tags:
?filter[tags]=tag_key:tag_value&filter[tags]=tag_key_2:tag_value_2
Here, attribute_key
can be any of the filter keys described further below.
Query parameters of type integer
support comparison operators (>
, >=
, <
, <=
). This is particularly useful when filtering by evaluation_changed_at
or resource_discovery_timestamp
. For example: ?filter[evaluation_changed_at]=>20123123121
.
You can also use the negation operator on strings. For example, use filter[resource_type]=-aws*
to filter for any non-AWS resources.
The operator must come after the equal sign. For example, to filter with the >=
operator, add the operator after the equal sign: filter[evaluation_changed_at]=>=1678809373257
.
Query parameters must be only among the documented ones and with values of correct types. Duplicated query parameters (e.g. filter[status]=low&filter[status]=info
) are not allowed.
§Additional extension fields
Additional extension fields are available for some findings.
The data is available when you include the query parameter ?detailed_findings=true
in the request.
The following fields are available for findings:
external_id
: The resource external ID related to the finding.description
: The description and remediation steps for the finding.datadog_link
: The Datadog relative link for the finding.
§Response
The response includes an array of finding objects, pagination metadata, and a count of items that match the query.
Each finding object contains the following:
- The finding ID that can be used in a
GetFinding
request to retrieve the full finding details. - Core attributes, including status, evaluation, high-level resource details, muted state, and rule details.
evaluation_changed_at
andresource_discovery_date
time stamps.- An array of associated tags.
Examples found in repository?
7async fn main() {
8 let mut configuration = datadog::Configuration::new();
9 configuration.set_unstable_operation_enabled("v2.ListFindings", true);
10 let api = SecurityMonitoringAPI::with_config(configuration);
11 let resp = api
12 .list_findings(ListFindingsOptionalParams::default())
13 .await;
14 if let Ok(value) = resp {
15 println!("{:#?}", value);
16 } else {
17 println!("{:#?}", resp.unwrap_err());
18 }
19}
More examples
7async fn main() {
8 let mut configuration = datadog::Configuration::new();
9 configuration.set_unstable_operation_enabled("v2.ListFindings", true);
10 let api = SecurityMonitoringAPI::with_config(configuration);
11 let resp = api
12 .list_findings(ListFindingsOptionalParams::default().detailed_findings(true))
13 .await;
14 if let Ok(value) = resp {
15 println!("{:#?}", value);
16 } else {
17 println!("{:#?}", resp.unwrap_err());
18 }
19}
8async fn main() {
9 let mut configuration = datadog::Configuration::new();
10 configuration.set_unstable_operation_enabled("v2.ListFindings", true);
11 let api = SecurityMonitoringAPI::with_config(configuration);
12 let resp = api
13 .list_findings(
14 ListFindingsOptionalParams::default().filter_vulnerability_type(vec![
15 FindingVulnerabilityType::MISCONFIGURATION,
16 FindingVulnerabilityType::ATTACK_PATH,
17 ]),
18 )
19 .await;
20 if let Ok(value) = resp {
21 println!("{:#?}", value);
22 } else {
23 println!("{:#?}", resp.unwrap_err());
24 }
25}
Sourcepub fn list_findings_with_pagination(
&self,
params: ListFindingsOptionalParams,
) -> impl Stream<Item = Result<Finding, Error<ListFindingsError>>> + '_
pub fn list_findings_with_pagination( &self, params: ListFindingsOptionalParams, ) -> impl Stream<Item = Result<Finding, Error<ListFindingsError>>> + '_
Examples found in repository?
9async fn main() {
10 let mut configuration = datadog::Configuration::new();
11 configuration.set_unstable_operation_enabled("v2.ListFindings", true);
12 let api = SecurityMonitoringAPI::with_config(configuration);
13 let response = api.list_findings_with_pagination(ListFindingsOptionalParams::default());
14 pin_mut!(response);
15 while let Some(resp) = response.next().await {
16 if let Ok(value) = resp {
17 println!("{:#?}", value);
18 } else {
19 println!("{:#?}", resp.unwrap_err());
20 }
21 }
22}
Sourcepub async fn list_findings_with_http_info(
&self,
params: ListFindingsOptionalParams,
) -> Result<ResponseContent<ListFindingsResponse>, Error<ListFindingsError>>
pub async fn list_findings_with_http_info( &self, params: ListFindingsOptionalParams, ) -> Result<ResponseContent<ListFindingsResponse>, Error<ListFindingsError>>
Get a list of findings. These include both misconfigurations and identity risks.
Note: To filter and return only identity risks, add the following query parameter: ?filter[tags]=dd_rule_type:ciem
§Filtering
Filters can be applied by appending query parameters to the URL.
- Using a single filter:
?filter[attribute_key]=attribute_value
- Chaining filters:
?filter[attribute_key]=attribute_value&filter[attribute_key]=attribute_value...
- Filtering on tags:
?filter[tags]=tag_key:tag_value&filter[tags]=tag_key_2:tag_value_2
Here, attribute_key
can be any of the filter keys described further below.
Query parameters of type integer
support comparison operators (>
, >=
, <
, <=
). This is particularly useful when filtering by evaluation_changed_at
or resource_discovery_timestamp
. For example: ?filter[evaluation_changed_at]=>20123123121
.
You can also use the negation operator on strings. For example, use filter[resource_type]=-aws*
to filter for any non-AWS resources.
The operator must come after the equal sign. For example, to filter with the >=
operator, add the operator after the equal sign: filter[evaluation_changed_at]=>=1678809373257
.
Query parameters must be only among the documented ones and with values of correct types. Duplicated query parameters (e.g. filter[status]=low&filter[status]=info
) are not allowed.
§Additional extension fields
Additional extension fields are available for some findings.
The data is available when you include the query parameter ?detailed_findings=true
in the request.
The following fields are available for findings:
external_id
: The resource external ID related to the finding.description
: The description and remediation steps for the finding.datadog_link
: The Datadog relative link for the finding.
§Response
The response includes an array of finding objects, pagination metadata, and a count of items that match the query.
Each finding object contains the following:
- The finding ID that can be used in a
GetFinding
request to retrieve the full finding details. - Core attributes, including status, evaluation, high-level resource details, muted state, and rule details.
evaluation_changed_at
andresource_discovery_date
time stamps.- An array of associated tags.
Sourcepub async fn list_historical_jobs(
&self,
params: ListHistoricalJobsOptionalParams,
) -> Result<ListHistoricalJobsResponse, Error<ListHistoricalJobsError>>
pub async fn list_historical_jobs( &self, params: ListHistoricalJobsOptionalParams, ) -> Result<ListHistoricalJobsResponse, Error<ListHistoricalJobsError>>
List historical jobs.
Examples found in repository?
7async fn main() {
8 // there is a valid "historical_job" in the system
9 let mut configuration = datadog::Configuration::new();
10 configuration.set_unstable_operation_enabled("v2.ListHistoricalJobs", true);
11 configuration.set_unstable_operation_enabled("v2.RunHistoricalJob", true);
12 let api = SecurityMonitoringAPI::with_config(configuration);
13 let resp = api
14 .list_historical_jobs(
15 ListHistoricalJobsOptionalParams::default().filter_query("id:string".to_string()),
16 )
17 .await;
18 if let Ok(value) = resp {
19 println!("{:#?}", value);
20 } else {
21 println!("{:#?}", resp.unwrap_err());
22 }
23}
Sourcepub async fn list_historical_jobs_with_http_info(
&self,
params: ListHistoricalJobsOptionalParams,
) -> Result<ResponseContent<ListHistoricalJobsResponse>, Error<ListHistoricalJobsError>>
pub async fn list_historical_jobs_with_http_info( &self, params: ListHistoricalJobsOptionalParams, ) -> Result<ResponseContent<ListHistoricalJobsResponse>, Error<ListHistoricalJobsError>>
List historical jobs.
Sourcepub async fn list_security_filters(
&self,
) -> Result<SecurityFiltersResponse, Error<ListSecurityFiltersError>>
pub async fn list_security_filters( &self, ) -> Result<SecurityFiltersResponse, Error<ListSecurityFiltersError>>
Get the list of configured security filters with their definitions.
Sourcepub async fn list_security_filters_with_http_info(
&self,
) -> Result<ResponseContent<SecurityFiltersResponse>, Error<ListSecurityFiltersError>>
pub async fn list_security_filters_with_http_info( &self, ) -> Result<ResponseContent<SecurityFiltersResponse>, Error<ListSecurityFiltersError>>
Get the list of configured security filters with their definitions.
Sourcepub async fn list_security_monitoring_rules(
&self,
params: ListSecurityMonitoringRulesOptionalParams,
) -> Result<SecurityMonitoringListRulesResponse, Error<ListSecurityMonitoringRulesError>>
pub async fn list_security_monitoring_rules( &self, params: ListSecurityMonitoringRulesOptionalParams, ) -> Result<SecurityMonitoringListRulesResponse, Error<ListSecurityMonitoringRulesError>>
List rules.
Examples found in repository?
7async fn main() {
8 let configuration = datadog::Configuration::new();
9 let api = SecurityMonitoringAPI::with_config(configuration);
10 let resp = api
11 .list_security_monitoring_rules(ListSecurityMonitoringRulesOptionalParams::default())
12 .await;
13 if let Ok(value) = resp {
14 println!("{:#?}", value);
15 } else {
16 println!("{:#?}", resp.unwrap_err());
17 }
18}
Sourcepub async fn list_security_monitoring_rules_with_http_info(
&self,
params: ListSecurityMonitoringRulesOptionalParams,
) -> Result<ResponseContent<SecurityMonitoringListRulesResponse>, Error<ListSecurityMonitoringRulesError>>
pub async fn list_security_monitoring_rules_with_http_info( &self, params: ListSecurityMonitoringRulesOptionalParams, ) -> Result<ResponseContent<SecurityMonitoringListRulesResponse>, Error<ListSecurityMonitoringRulesError>>
List rules.
Sourcepub async fn list_security_monitoring_signals(
&self,
params: ListSecurityMonitoringSignalsOptionalParams,
) -> Result<SecurityMonitoringSignalsListResponse, Error<ListSecurityMonitoringSignalsError>>
pub async fn list_security_monitoring_signals( &self, params: ListSecurityMonitoringSignalsOptionalParams, ) -> Result<SecurityMonitoringSignalsListResponse, Error<ListSecurityMonitoringSignalsError>>
The list endpoint returns security signals that match a search query. Both this endpoint and the POST endpoint can be used interchangeably when listing security signals.
Examples found in repository?
7async fn main() {
8 let configuration = datadog::Configuration::new();
9 let api = SecurityMonitoringAPI::with_config(configuration);
10 let resp = api
11 .list_security_monitoring_signals(ListSecurityMonitoringSignalsOptionalParams::default())
12 .await;
13 if let Ok(value) = resp {
14 println!("{:#?}", value);
15 } else {
16 println!("{:#?}", resp.unwrap_err());
17 }
18}
Sourcepub fn list_security_monitoring_signals_with_pagination(
&self,
params: ListSecurityMonitoringSignalsOptionalParams,
) -> impl Stream<Item = Result<SecurityMonitoringSignal, Error<ListSecurityMonitoringSignalsError>>> + '_
pub fn list_security_monitoring_signals_with_pagination( &self, params: ListSecurityMonitoringSignalsOptionalParams, ) -> impl Stream<Item = Result<SecurityMonitoringSignal, Error<ListSecurityMonitoringSignalsError>>> + '_
Examples found in repository?
9async fn main() {
10 let configuration = datadog::Configuration::new();
11 let api = SecurityMonitoringAPI::with_config(configuration);
12 let response = api.list_security_monitoring_signals_with_pagination(
13 ListSecurityMonitoringSignalsOptionalParams::default().page_limit(2),
14 );
15 pin_mut!(response);
16 while let Some(resp) = response.next().await {
17 if let Ok(value) = resp {
18 println!("{:#?}", value);
19 } else {
20 println!("{:#?}", resp.unwrap_err());
21 }
22 }
23}
Sourcepub async fn list_security_monitoring_signals_with_http_info(
&self,
params: ListSecurityMonitoringSignalsOptionalParams,
) -> Result<ResponseContent<SecurityMonitoringSignalsListResponse>, Error<ListSecurityMonitoringSignalsError>>
pub async fn list_security_monitoring_signals_with_http_info( &self, params: ListSecurityMonitoringSignalsOptionalParams, ) -> Result<ResponseContent<SecurityMonitoringSignalsListResponse>, Error<ListSecurityMonitoringSignalsError>>
The list endpoint returns security signals that match a search query. Both this endpoint and the POST endpoint can be used interchangeably when listing security signals.
Sourcepub async fn list_security_monitoring_suppressions(
&self,
) -> Result<SecurityMonitoringSuppressionsResponse, Error<ListSecurityMonitoringSuppressionsError>>
pub async fn list_security_monitoring_suppressions( &self, ) -> Result<SecurityMonitoringSuppressionsResponse, Error<ListSecurityMonitoringSuppressionsError>>
Get the list of all suppression rules.
Sourcepub async fn list_security_monitoring_suppressions_with_http_info(
&self,
) -> Result<ResponseContent<SecurityMonitoringSuppressionsResponse>, Error<ListSecurityMonitoringSuppressionsError>>
pub async fn list_security_monitoring_suppressions_with_http_info( &self, ) -> Result<ResponseContent<SecurityMonitoringSuppressionsResponse>, Error<ListSecurityMonitoringSuppressionsError>>
Get the list of all suppression rules.
Sourcepub async fn list_vulnerabilities(
&self,
params: ListVulnerabilitiesOptionalParams,
) -> Result<ListVulnerabilitiesResponse, Error<ListVulnerabilitiesError>>
pub async fn list_vulnerabilities( &self, params: ListVulnerabilitiesOptionalParams, ) -> Result<ListVulnerabilitiesResponse, Error<ListVulnerabilitiesError>>
Get a list of vulnerabilities.
§Pagination
Pagination is enabled by default in both vulnerabilities
and assets
. The size of the page varies depending on the endpoint and cannot be modified. To automate the request of the next page, you can use the links section in the response.
This endpoint will return paginated responses. The pages are stored in the links section of the response:
{
"data": [...],
"meta": {...},
"links": {
"self": "<https://.../api/v2/security/vulnerabilities",>
"first": "<https://.../api/v2/security/vulnerabilities?page[number]=1&page[token]=abc",>
"last": "<https://.../api/v2/security/vulnerabilities?page[number]=43&page[token]=abc",>
"next": "<https://.../api/v2/security/vulnerabilities?page[number]=2&page[token]=abc">
}
}
links.previous
is empty if the first page is requested.links.next
is empty if the last page is requested.
§Token
Vulnerabilities can be created, updated or deleted at any point in time.
Upon the first request, a token is created to ensure consistency across subsequent paginated requests.
A token is valid only for 24 hours.
§First request
We consider a request to be the first request when there is no page[token]
parameter.
The response of this first request contains the newly created token in the links
section.
This token can then be used in the subsequent paginated requests.
§Subsequent requests
Any request containing valid page[token]
and page[number]
parameters will be considered a subsequent request.
If the token
is invalid, a 404
response will be returned.
If the page number
is invalid, a 400
response will be returned.
§Filtering
The request can include some filter parameters to filter the data to be retrieved. The format of the filter parameters follows the JSON:API format: filter[$prop_name]
, where prop_name
is the property name in the entity being filtered by.
All filters can include multiple values, where data will be filtered with an OR clause: filter[title]=Title1,Title2
will filter all vulnerabilities where title is equal to Title1
OR Title2
.
String filters are case sensitive.
Boolean filters accept true
or false
as values.
Number filters must include an operator as a second filter input: filter[$prop_name][$operator]
. For example, for the vulnerabilities endpoint: filter[cvss.base.score][lte]=8
.
Available operators are: eq
(==), lt
(<), lte
(<=), gt
(>) and gte
(>=).
§Metadata
Following JSON:API format, object including non-standard meta-information.
This endpoint includes the meta member in the response. For more details on each of the properties included in this section, check the endpoints response tables.
{
"data": [...],
"meta": {
"total": 1500,
"count": 18732,
"token": "some_token"
},
"links": {...}
}
Examples found in repository?
10async fn main() {
11 let mut configuration = datadog::Configuration::new();
12 configuration.set_unstable_operation_enabled("v2.ListVulnerabilities", true);
13 let api = SecurityMonitoringAPI::with_config(configuration);
14 let resp = api
15 .list_vulnerabilities(
16 ListVulnerabilitiesOptionalParams::default()
17 .filter_cvss_base_severity(VulnerabilitySeverity::HIGH)
18 .filter_asset_type(AssetType::SERVICE)
19 .filter_tool(VulnerabilityTool::INFRA),
20 )
21 .await;
22 if let Ok(value) = resp {
23 println!("{:#?}", value);
24 } else {
25 println!("{:#?}", resp.unwrap_err());
26 }
27}
Sourcepub async fn list_vulnerabilities_with_http_info(
&self,
params: ListVulnerabilitiesOptionalParams,
) -> Result<ResponseContent<ListVulnerabilitiesResponse>, Error<ListVulnerabilitiesError>>
pub async fn list_vulnerabilities_with_http_info( &self, params: ListVulnerabilitiesOptionalParams, ) -> Result<ResponseContent<ListVulnerabilitiesResponse>, Error<ListVulnerabilitiesError>>
Get a list of vulnerabilities.
§Pagination
Pagination is enabled by default in both vulnerabilities
and assets
. The size of the page varies depending on the endpoint and cannot be modified. To automate the request of the next page, you can use the links section in the response.
This endpoint will return paginated responses. The pages are stored in the links section of the response:
{
"data": [...],
"meta": {...},
"links": {
"self": "<https://.../api/v2/security/vulnerabilities",>
"first": "<https://.../api/v2/security/vulnerabilities?page[number]=1&page[token]=abc",>
"last": "<https://.../api/v2/security/vulnerabilities?page[number]=43&page[token]=abc",>
"next": "<https://.../api/v2/security/vulnerabilities?page[number]=2&page[token]=abc">
}
}
links.previous
is empty if the first page is requested.links.next
is empty if the last page is requested.
§Token
Vulnerabilities can be created, updated or deleted at any point in time.
Upon the first request, a token is created to ensure consistency across subsequent paginated requests.
A token is valid only for 24 hours.
§First request
We consider a request to be the first request when there is no page[token]
parameter.
The response of this first request contains the newly created token in the links
section.
This token can then be used in the subsequent paginated requests.
§Subsequent requests
Any request containing valid page[token]
and page[number]
parameters will be considered a subsequent request.
If the token
is invalid, a 404
response will be returned.
If the page number
is invalid, a 400
response will be returned.
§Filtering
The request can include some filter parameters to filter the data to be retrieved. The format of the filter parameters follows the JSON:API format: filter[$prop_name]
, where prop_name
is the property name in the entity being filtered by.
All filters can include multiple values, where data will be filtered with an OR clause: filter[title]=Title1,Title2
will filter all vulnerabilities where title is equal to Title1
OR Title2
.
String filters are case sensitive.
Boolean filters accept true
or false
as values.
Number filters must include an operator as a second filter input: filter[$prop_name][$operator]
. For example, for the vulnerabilities endpoint: filter[cvss.base.score][lte]=8
.
Available operators are: eq
(==), lt
(<), lte
(<=), gt
(>) and gte
(>=).
§Metadata
Following JSON:API format, object including non-standard meta-information.
This endpoint includes the meta member in the response. For more details on each of the properties included in this section, check the endpoints response tables.
{
"data": [...],
"meta": {
"total": 1500,
"count": 18732,
"token": "some_token"
},
"links": {...}
}
Sourcepub async fn list_vulnerable_assets(
&self,
params: ListVulnerableAssetsOptionalParams,
) -> Result<ListVulnerableAssetsResponse, Error<ListVulnerableAssetsError>>
pub async fn list_vulnerable_assets( &self, params: ListVulnerableAssetsOptionalParams, ) -> Result<ListVulnerableAssetsResponse, Error<ListVulnerableAssetsError>>
Get a list of vulnerable assets.
§Pagination
Please review the Pagination section for the “List Vulnerabilities” endpoint.
§Filtering
Please review the Filtering section for the “List Vulnerabilities” endpoint.
§Metadata
Please review the Metadata section for the “List Vulnerabilities” endpoint.
Examples found in repository?
8async fn main() {
9 let mut configuration = datadog::Configuration::new();
10 configuration.set_unstable_operation_enabled("v2.ListVulnerableAssets", true);
11 let api = SecurityMonitoringAPI::with_config(configuration);
12 let resp = api
13 .list_vulnerable_assets(
14 ListVulnerableAssetsOptionalParams::default()
15 .filter_type(AssetType::HOST)
16 .filter_repository_url("github.com/datadog/dd-go".to_string())
17 .filter_risks_in_production(true),
18 )
19 .await;
20 if let Ok(value) = resp {
21 println!("{:#?}", value);
22 } else {
23 println!("{:#?}", resp.unwrap_err());
24 }
25}
Sourcepub async fn list_vulnerable_assets_with_http_info(
&self,
params: ListVulnerableAssetsOptionalParams,
) -> Result<ResponseContent<ListVulnerableAssetsResponse>, Error<ListVulnerableAssetsError>>
pub async fn list_vulnerable_assets_with_http_info( &self, params: ListVulnerableAssetsOptionalParams, ) -> Result<ResponseContent<ListVulnerableAssetsResponse>, Error<ListVulnerableAssetsError>>
Get a list of vulnerable assets.
§Pagination
Please review the Pagination section for the “List Vulnerabilities” endpoint.
§Filtering
Please review the Filtering section for the “List Vulnerabilities” endpoint.
§Metadata
Please review the Metadata section for the “List Vulnerabilities” endpoint.
Sourcepub async fn mute_findings(
&self,
body: BulkMuteFindingsRequest,
) -> Result<BulkMuteFindingsResponse, Error<MuteFindingsError>>
pub async fn mute_findings( &self, body: BulkMuteFindingsRequest, ) -> Result<BulkMuteFindingsResponse, Error<MuteFindingsError>>
Mute or unmute findings.
Examples found in repository?
14async fn main() {
15 let body = BulkMuteFindingsRequest::new(BulkMuteFindingsRequestData::new(
16 BulkMuteFindingsRequestAttributes::new(
17 BulkMuteFindingsRequestProperties::new(true, FindingMuteReason::ACCEPTED_RISK)
18 .expiration_date(1778721573794),
19 ),
20 "dbe5f567-192b-4404-b908-29b70e1c9f76".to_string(),
21 BulkMuteFindingsRequestMeta::new()
22 .findings(vec![BulkMuteFindingsRequestMetaFindings::new().finding_id(
23 "ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==".to_string(),
24 )]),
25 FindingType::FINDING,
26 ));
27 let mut configuration = datadog::Configuration::new();
28 configuration.set_unstable_operation_enabled("v2.MuteFindings", true);
29 let api = SecurityMonitoringAPI::with_config(configuration);
30 let resp = api.mute_findings(body).await;
31 if let Ok(value) = resp {
32 println!("{:#?}", value);
33 } else {
34 println!("{:#?}", resp.unwrap_err());
35 }
36}
Sourcepub async fn mute_findings_with_http_info(
&self,
body: BulkMuteFindingsRequest,
) -> Result<ResponseContent<BulkMuteFindingsResponse>, Error<MuteFindingsError>>
pub async fn mute_findings_with_http_info( &self, body: BulkMuteFindingsRequest, ) -> Result<ResponseContent<BulkMuteFindingsResponse>, Error<MuteFindingsError>>
Mute or unmute findings.
Sourcepub async fn patch_signal_notification_rule(
&self,
id: String,
body: PatchNotificationRuleParameters,
) -> Result<NotificationRuleResponse, Error<PatchSignalNotificationRuleError>>
pub async fn patch_signal_notification_rule( &self, id: String, body: PatchNotificationRuleParameters, ) -> Result<NotificationRuleResponse, Error<PatchSignalNotificationRuleError>>
Partially update the notification rule. All fields are optional; if a field is not provided, it is not updated.
Examples found in repository?
15async fn main() {
16 // there is a valid "valid_signal_notification_rule" in the system
17 let valid_signal_notification_rule_data_id =
18 std::env::var("VALID_SIGNAL_NOTIFICATION_RULE_DATA_ID").unwrap();
19 let body =
20 PatchNotificationRuleParameters::new().data(PatchNotificationRuleParametersData::new(
21 PatchNotificationRuleParametersDataAttributes::new()
22 .enabled(true)
23 .name("Rule 1".to_string())
24 .selectors(
25 Selectors::new(TriggerSource::SECURITY_FINDINGS)
26 .query("(source:production_service OR env:prod)".to_string())
27 .rule_types(vec![
28 RuleTypesItems::MISCONFIGURATION,
29 RuleTypesItems::ATTACK_PATH,
30 ])
31 .severities(vec![RuleSeverity::CRITICAL]),
32 )
33 .targets(vec!["@john.doe@email.com".to_string()])
34 .time_aggregation(86400)
35 .version(1),
36 valid_signal_notification_rule_data_id.clone(),
37 NotificationRulesType::NOTIFICATION_RULES,
38 ));
39 let configuration = datadog::Configuration::new();
40 let api = SecurityMonitoringAPI::with_config(configuration);
41 let resp = api
42 .patch_signal_notification_rule(valid_signal_notification_rule_data_id.clone(), body)
43 .await;
44 if let Ok(value) = resp {
45 println!("{:#?}", value);
46 } else {
47 println!("{:#?}", resp.unwrap_err());
48 }
49}
Sourcepub async fn patch_signal_notification_rule_with_http_info(
&self,
id: String,
body: PatchNotificationRuleParameters,
) -> Result<ResponseContent<NotificationRuleResponse>, Error<PatchSignalNotificationRuleError>>
pub async fn patch_signal_notification_rule_with_http_info( &self, id: String, body: PatchNotificationRuleParameters, ) -> Result<ResponseContent<NotificationRuleResponse>, Error<PatchSignalNotificationRuleError>>
Partially update the notification rule. All fields are optional; if a field is not provided, it is not updated.
Sourcepub async fn patch_vulnerability_notification_rule(
&self,
id: String,
body: PatchNotificationRuleParameters,
) -> Result<NotificationRuleResponse, Error<PatchVulnerabilityNotificationRuleError>>
pub async fn patch_vulnerability_notification_rule( &self, id: String, body: PatchNotificationRuleParameters, ) -> Result<NotificationRuleResponse, Error<PatchVulnerabilityNotificationRuleError>>
Partially update the notification rule. All fields are optional; if a field is not provided, it is not updated.
Examples found in repository?
15async fn main() {
16 // there is a valid "valid_vulnerability_notification_rule" in the system
17 let valid_vulnerability_notification_rule_data_id =
18 std::env::var("VALID_VULNERABILITY_NOTIFICATION_RULE_DATA_ID").unwrap();
19 let body =
20 PatchNotificationRuleParameters::new().data(PatchNotificationRuleParametersData::new(
21 PatchNotificationRuleParametersDataAttributes::new()
22 .enabled(true)
23 .name("Rule 1".to_string())
24 .selectors(
25 Selectors::new(TriggerSource::SECURITY_FINDINGS)
26 .query("(source:production_service OR env:prod)".to_string())
27 .rule_types(vec![
28 RuleTypesItems::MISCONFIGURATION,
29 RuleTypesItems::ATTACK_PATH,
30 ])
31 .severities(vec![RuleSeverity::CRITICAL]),
32 )
33 .targets(vec!["@john.doe@email.com".to_string()])
34 .time_aggregation(86400)
35 .version(1),
36 valid_vulnerability_notification_rule_data_id.clone(),
37 NotificationRulesType::NOTIFICATION_RULES,
38 ));
39 let configuration = datadog::Configuration::new();
40 let api = SecurityMonitoringAPI::with_config(configuration);
41 let resp = api
42 .patch_vulnerability_notification_rule(
43 valid_vulnerability_notification_rule_data_id.clone(),
44 body,
45 )
46 .await;
47 if let Ok(value) = resp {
48 println!("{:#?}", value);
49 } else {
50 println!("{:#?}", resp.unwrap_err());
51 }
52}
Sourcepub async fn patch_vulnerability_notification_rule_with_http_info(
&self,
id: String,
body: PatchNotificationRuleParameters,
) -> Result<ResponseContent<NotificationRuleResponse>, Error<PatchVulnerabilityNotificationRuleError>>
pub async fn patch_vulnerability_notification_rule_with_http_info( &self, id: String, body: PatchNotificationRuleParameters, ) -> Result<ResponseContent<NotificationRuleResponse>, Error<PatchVulnerabilityNotificationRuleError>>
Partially update the notification rule. All fields are optional; if a field is not provided, it is not updated.
Sourcepub async fn run_historical_job(
&self,
body: RunHistoricalJobRequest,
) -> Result<JobCreateResponse, Error<RunHistoricalJobError>>
pub async fn run_historical_job( &self, body: RunHistoricalJobRequest, ) -> Result<JobCreateResponse, Error<RunHistoricalJobError>>
Run a historical job.
Examples found in repository?
19async fn main() {
20 let body = RunHistoricalJobRequest::new().data(
21 RunHistoricalJobRequestData::new()
22 .attributes(
23 RunHistoricalJobRequestAttributes::new().job_definition(
24 JobDefinition::new(
25 vec![SecurityMonitoringRuleCaseCreate::new(
26 SecurityMonitoringRuleSeverity::INFO,
27 )
28 .condition("a > 1".to_string())
29 .name("Condition 1".to_string())
30 .notifications(vec![])],
31 1730387522611,
32 "main".to_string(),
33 "A large number of failed login attempts.".to_string(),
34 "Excessive number of failed attempts.".to_string(),
35 vec![HistoricalJobQuery::new()
36 .aggregation(SecurityMonitoringRuleQueryAggregation::COUNT)
37 .distinct_fields(vec![])
38 .group_by_fields(vec![])
39 .query("source:non_existing_src_weekend".to_string())],
40 1730387532611,
41 )
42 .options(
43 HistoricalJobOptions::new()
44 .evaluation_window(
45 SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES,
46 )
47 .keep_alive(SecurityMonitoringRuleKeepAlive::ONE_HOUR)
48 .max_signal_duration(SecurityMonitoringRuleMaxSignalDuration::ONE_DAY),
49 )
50 .tags(vec![])
51 .type_("log_detection".to_string()),
52 ),
53 )
54 .type_(RunHistoricalJobRequestDataType::HISTORICALDETECTIONSJOBCREATE),
55 );
56 let mut configuration = datadog::Configuration::new();
57 configuration.set_unstable_operation_enabled("v2.RunHistoricalJob", true);
58 let api = SecurityMonitoringAPI::with_config(configuration);
59 let resp = api.run_historical_job(body).await;
60 if let Ok(value) = resp {
61 println!("{:#?}", value);
62 } else {
63 println!("{:#?}", resp.unwrap_err());
64 }
65}
Sourcepub async fn run_historical_job_with_http_info(
&self,
body: RunHistoricalJobRequest,
) -> Result<ResponseContent<JobCreateResponse>, Error<RunHistoricalJobError>>
pub async fn run_historical_job_with_http_info( &self, body: RunHistoricalJobRequest, ) -> Result<ResponseContent<JobCreateResponse>, Error<RunHistoricalJobError>>
Run a historical job.
Sourcepub async fn search_security_monitoring_signals(
&self,
params: SearchSecurityMonitoringSignalsOptionalParams,
) -> Result<SecurityMonitoringSignalsListResponse, Error<SearchSecurityMonitoringSignalsError>>
pub async fn search_security_monitoring_signals( &self, params: SearchSecurityMonitoringSignalsOptionalParams, ) -> Result<SecurityMonitoringSignalsListResponse, Error<SearchSecurityMonitoringSignalsError>>
Returns security signals that match a search query. Both this endpoint and the GET endpoint can be used interchangeably for listing security signals.
Examples found in repository?
12async fn main() {
13 let body =
14 SecurityMonitoringSignalListRequest::new()
15 .filter(
16 SecurityMonitoringSignalListRequestFilter::new()
17 .from(
18 DateTime::parse_from_rfc3339("2019-01-02T09:42:36.320000+00:00")
19 .expect("Failed to parse datetime")
20 .with_timezone(&Utc),
21 )
22 .query("security:attack status:high".to_string())
23 .to(
24 DateTime::parse_from_rfc3339("2019-01-03T09:42:36.320000+00:00")
25 .expect("Failed to parse datetime")
26 .with_timezone(&Utc),
27 ),
28 )
29 .page(
30 SecurityMonitoringSignalListRequestPage::new()
31 .cursor(
32 "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==".to_string(),
33 )
34 .limit(25),
35 )
36 .sort(SecurityMonitoringSignalsSort::TIMESTAMP_ASCENDING);
37 let configuration = datadog::Configuration::new();
38 let api = SecurityMonitoringAPI::with_config(configuration);
39 let resp = api
40 .search_security_monitoring_signals(
41 SearchSecurityMonitoringSignalsOptionalParams::default().body(body),
42 )
43 .await;
44 if let Ok(value) = resp {
45 println!("{:#?}", value);
46 } else {
47 println!("{:#?}", resp.unwrap_err());
48 }
49}
Sourcepub fn search_security_monitoring_signals_with_pagination(
&self,
params: SearchSecurityMonitoringSignalsOptionalParams,
) -> impl Stream<Item = Result<SecurityMonitoringSignal, Error<SearchSecurityMonitoringSignalsError>>> + '_
pub fn search_security_monitoring_signals_with_pagination( &self, params: SearchSecurityMonitoringSignalsOptionalParams, ) -> impl Stream<Item = Result<SecurityMonitoringSignal, Error<SearchSecurityMonitoringSignalsError>>> + '_
Examples found in repository?
14async fn main() {
15 let body = SecurityMonitoringSignalListRequest::new()
16 .filter(
17 SecurityMonitoringSignalListRequestFilter::new()
18 .from(
19 DateTime::parse_from_rfc3339("2021-11-11T10:56:11+00:00")
20 .expect("Failed to parse datetime")
21 .with_timezone(&Utc),
22 )
23 .query("security:attack status:high".to_string())
24 .to(DateTime::parse_from_rfc3339("2021-11-11T11:11:11+00:00")
25 .expect("Failed to parse datetime")
26 .with_timezone(&Utc)),
27 )
28 .page(SecurityMonitoringSignalListRequestPage::new().limit(2))
29 .sort(SecurityMonitoringSignalsSort::TIMESTAMP_ASCENDING);
30 let configuration = datadog::Configuration::new();
31 let api = SecurityMonitoringAPI::with_config(configuration);
32 let response = api.search_security_monitoring_signals_with_pagination(
33 SearchSecurityMonitoringSignalsOptionalParams::default().body(body),
34 );
35 pin_mut!(response);
36 while let Some(resp) = response.next().await {
37 if let Ok(value) = resp {
38 println!("{:#?}", value);
39 } else {
40 println!("{:#?}", resp.unwrap_err());
41 }
42 }
43}
Sourcepub async fn search_security_monitoring_signals_with_http_info(
&self,
params: SearchSecurityMonitoringSignalsOptionalParams,
) -> Result<ResponseContent<SecurityMonitoringSignalsListResponse>, Error<SearchSecurityMonitoringSignalsError>>
pub async fn search_security_monitoring_signals_with_http_info( &self, params: SearchSecurityMonitoringSignalsOptionalParams, ) -> Result<ResponseContent<SecurityMonitoringSignalsListResponse>, Error<SearchSecurityMonitoringSignalsError>>
Returns security signals that match a search query. Both this endpoint and the GET endpoint can be used interchangeably for listing security signals.
Sourcepub async fn test_existing_security_monitoring_rule(
&self,
rule_id: String,
body: SecurityMonitoringRuleTestRequest,
) -> Result<SecurityMonitoringRuleTestResponse, Error<TestExistingSecurityMonitoringRuleError>>
pub async fn test_existing_security_monitoring_rule( &self, rule_id: String, body: SecurityMonitoringRuleTestRequest, ) -> Result<SecurityMonitoringRuleTestResponse, Error<TestExistingSecurityMonitoringRuleError>>
Test an existing rule.
Examples found in repository?
9async fn main() {
10 let body = SecurityMonitoringRuleTestRequest::new().rule_query_payloads(vec![
11 SecurityMonitoringRuleQueryPayload::new()
12 .expected_result(true)
13 .index(0)
14 .payload(
15 SecurityMonitoringRuleQueryPayloadData::new()
16 .ddsource("nginx".to_string())
17 .ddtags("env:staging,version:5.1".to_string())
18 .hostname("i-012345678".to_string())
19 .message(
20 "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World"
21 .to_string(),
22 )
23 .service("payment".to_string()),
24 ),
25 ]);
26 let configuration = datadog::Configuration::new();
27 let api = SecurityMonitoringAPI::with_config(configuration);
28 let resp = api
29 .test_existing_security_monitoring_rule("rule_id".to_string(), body)
30 .await;
31 if let Ok(value) = resp {
32 println!("{:#?}", value);
33 } else {
34 println!("{:#?}", resp.unwrap_err());
35 }
36}
Sourcepub async fn test_existing_security_monitoring_rule_with_http_info(
&self,
rule_id: String,
body: SecurityMonitoringRuleTestRequest,
) -> Result<ResponseContent<SecurityMonitoringRuleTestResponse>, Error<TestExistingSecurityMonitoringRuleError>>
pub async fn test_existing_security_monitoring_rule_with_http_info( &self, rule_id: String, body: SecurityMonitoringRuleTestRequest, ) -> Result<ResponseContent<SecurityMonitoringRuleTestResponse>, Error<TestExistingSecurityMonitoringRuleError>>
Test an existing rule.
Sourcepub async fn test_security_monitoring_rule(
&self,
body: SecurityMonitoringRuleTestRequest,
) -> Result<SecurityMonitoringRuleTestResponse, Error<TestSecurityMonitoringRuleError>>
pub async fn test_security_monitoring_rule( &self, body: SecurityMonitoringRuleTestRequest, ) -> Result<SecurityMonitoringRuleTestResponse, Error<TestSecurityMonitoringRuleError>>
Test a rule.
Examples found in repository?
21async fn main() {
22 let body = SecurityMonitoringRuleTestRequest::new()
23 .rule(
24 SecurityMonitoringRuleTestPayload::SecurityMonitoringStandardRuleTestPayload(Box::new(
25 SecurityMonitoringStandardRuleTestPayload::new(
26 vec![SecurityMonitoringRuleCaseCreate::new(
27 SecurityMonitoringRuleSeverity::INFO,
28 )
29 .condition("a > 0".to_string())
30 .name("".to_string())
31 .notifications(vec![])],
32 true,
33 "My security monitoring rule message.".to_string(),
34 "My security monitoring rule.".to_string(),
35 SecurityMonitoringRuleOptions::new()
36 .decrease_criticality_based_on_env(false)
37 .detection_method(SecurityMonitoringRuleDetectionMethod::THRESHOLD)
38 .evaluation_window(SecurityMonitoringRuleEvaluationWindow::ZERO_MINUTES)
39 .keep_alive(SecurityMonitoringRuleKeepAlive::ZERO_MINUTES)
40 .max_signal_duration(SecurityMonitoringRuleMaxSignalDuration::ZERO_MINUTES),
41 vec![SecurityMonitoringStandardRuleQuery::new()
42 .aggregation(SecurityMonitoringRuleQueryAggregation::COUNT)
43 .distinct_fields(vec![])
44 .group_by_fields(vec!["@userIdentity.assumed_role".to_string()])
45 .name("".to_string())
46 .query("source:source_here".to_string())],
47 )
48 .has_extended_title(true)
49 .tags(vec!["env:prod".to_string(), "team:security".to_string()])
50 .type_(SecurityMonitoringRuleTypeTest::LOG_DETECTION),
51 )),
52 )
53 .rule_query_payloads(vec![SecurityMonitoringRuleQueryPayload::new()
54 .expected_result(true)
55 .index(0)
56 .payload(
57 SecurityMonitoringRuleQueryPayloadData::new()
58 .ddsource("source_here".to_string())
59 .ddtags("env:staging,version:5.1".to_string())
60 .hostname("i-012345678".to_string())
61 .message(
62 "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World"
63 .to_string(),
64 )
65 .service("payment".to_string()),
66 )]);
67 let configuration = datadog::Configuration::new();
68 let api = SecurityMonitoringAPI::with_config(configuration);
69 let resp = api.test_security_monitoring_rule(body).await;
70 if let Ok(value) = resp {
71 println!("{:#?}", value);
72 } else {
73 println!("{:#?}", resp.unwrap_err());
74 }
75}
Sourcepub async fn test_security_monitoring_rule_with_http_info(
&self,
body: SecurityMonitoringRuleTestRequest,
) -> Result<ResponseContent<SecurityMonitoringRuleTestResponse>, Error<TestSecurityMonitoringRuleError>>
pub async fn test_security_monitoring_rule_with_http_info( &self, body: SecurityMonitoringRuleTestRequest, ) -> Result<ResponseContent<SecurityMonitoringRuleTestResponse>, Error<TestSecurityMonitoringRuleError>>
Test a rule.
Sourcepub async fn update_custom_framework(
&self,
handle: String,
version: String,
body: UpdateCustomFrameworkRequest,
) -> Result<UpdateCustomFrameworkResponse, Error<UpdateCustomFrameworkError>>
pub async fn update_custom_framework( &self, handle: String, version: String, body: UpdateCustomFrameworkRequest, ) -> Result<UpdateCustomFrameworkResponse, Error<UpdateCustomFrameworkError>>
Update a custom framework.
Examples found in repository?
12async fn main() {
13 let body = UpdateCustomFrameworkRequest::new(CustomFrameworkData::new(
14 CustomFrameworkDataAttributes::new(
15 "create-framework-new".to_string(),
16 "name".to_string(),
17 vec![CustomFrameworkRequirement::new(
18 vec![CustomFrameworkControl::new(
19 "control".to_string(),
20 vec!["def-000-be9".to_string()],
21 )],
22 "requirement".to_string(),
23 )],
24 "10".to_string(),
25 )
26 .icon_url("test-url".to_string()),
27 CustomFrameworkType::CUSTOM_FRAMEWORK,
28 ));
29 let configuration = datadog::Configuration::new();
30 let api = SecurityMonitoringAPI::with_config(configuration);
31 let resp = api
32 .update_custom_framework("create-framework-new".to_string(), "10".to_string(), body)
33 .await;
34 if let Ok(value) = resp {
35 println!("{:#?}", value);
36 } else {
37 println!("{:#?}", resp.unwrap_err());
38 }
39}
Sourcepub async fn update_custom_framework_with_http_info(
&self,
handle: String,
version: String,
body: UpdateCustomFrameworkRequest,
) -> Result<ResponseContent<UpdateCustomFrameworkResponse>, Error<UpdateCustomFrameworkError>>
pub async fn update_custom_framework_with_http_info( &self, handle: String, version: String, body: UpdateCustomFrameworkRequest, ) -> Result<ResponseContent<UpdateCustomFrameworkResponse>, Error<UpdateCustomFrameworkError>>
Update a custom framework.
Sourcepub async fn update_resource_evaluation_filters(
&self,
body: UpdateResourceEvaluationFiltersRequest,
) -> Result<UpdateResourceEvaluationFiltersResponse, Error<UpdateResourceEvaluationFiltersError>>
pub async fn update_resource_evaluation_filters( &self, body: UpdateResourceEvaluationFiltersRequest, ) -> Result<UpdateResourceEvaluationFiltersResponse, Error<UpdateResourceEvaluationFiltersError>>
Update resource filters.
Examples found in repository?
11async fn main() {
12 let body = UpdateResourceEvaluationFiltersRequest::new(
13 UpdateResourceEvaluationFiltersRequestData::new(
14 ResourceFilterAttributes::new(BTreeMap::from([(
15 "aws".to_string(),
16 BTreeMap::from([("aws_account_id".to_string(), vec!["tag1:v1".to_string()])]),
17 )])),
18 ResourceFilterRequestType::CSM_RESOURCE_FILTER,
19 )
20 .id("csm_resource_filter".to_string()),
21 );
22 let configuration = datadog::Configuration::new();
23 let api = SecurityMonitoringAPI::with_config(configuration);
24 let resp = api.update_resource_evaluation_filters(body).await;
25 if let Ok(value) = resp {
26 println!("{:#?}", value);
27 } else {
28 println!("{:#?}", resp.unwrap_err());
29 }
30}
Sourcepub async fn update_resource_evaluation_filters_with_http_info(
&self,
body: UpdateResourceEvaluationFiltersRequest,
) -> Result<ResponseContent<UpdateResourceEvaluationFiltersResponse>, Error<UpdateResourceEvaluationFiltersError>>
pub async fn update_resource_evaluation_filters_with_http_info( &self, body: UpdateResourceEvaluationFiltersRequest, ) -> Result<ResponseContent<UpdateResourceEvaluationFiltersResponse>, Error<UpdateResourceEvaluationFiltersError>>
Update resource filters.
Sourcepub async fn update_security_filter(
&self,
security_filter_id: String,
body: SecurityFilterUpdateRequest,
) -> Result<SecurityFilterResponse, Error<UpdateSecurityFilterError>>
pub async fn update_security_filter( &self, security_filter_id: String, body: SecurityFilterUpdateRequest, ) -> Result<SecurityFilterResponse, Error<UpdateSecurityFilterError>>
Update a specific security filter. Returns the security filter object when the request is successful.
Examples found in repository?
11async fn main() {
12 // there is a valid "security_filter" in the system
13 let security_filter_data_id = std::env::var("SECURITY_FILTER_DATA_ID").unwrap();
14 let body = SecurityFilterUpdateRequest::new(SecurityFilterUpdateData::new(
15 SecurityFilterUpdateAttributes::new()
16 .exclusion_filters(vec![])
17 .filtered_data_type(SecurityFilterFilteredDataType::LOGS)
18 .is_enabled(true)
19 .name("Example-Security-Monitoring".to_string())
20 .query("service:ExampleSecurityMonitoring".to_string())
21 .version(1),
22 SecurityFilterType::SECURITY_FILTERS,
23 ));
24 let configuration = datadog::Configuration::new();
25 let api = SecurityMonitoringAPI::with_config(configuration);
26 let resp = api
27 .update_security_filter(security_filter_data_id.clone(), body)
28 .await;
29 if let Ok(value) = resp {
30 println!("{:#?}", value);
31 } else {
32 println!("{:#?}", resp.unwrap_err());
33 }
34}
Sourcepub async fn update_security_filter_with_http_info(
&self,
security_filter_id: String,
body: SecurityFilterUpdateRequest,
) -> Result<ResponseContent<SecurityFilterResponse>, Error<UpdateSecurityFilterError>>
pub async fn update_security_filter_with_http_info( &self, security_filter_id: String, body: SecurityFilterUpdateRequest, ) -> Result<ResponseContent<SecurityFilterResponse>, Error<UpdateSecurityFilterError>>
Update a specific security filter. Returns the security filter object when the request is successful.
Sourcepub async fn update_security_monitoring_rule(
&self,
rule_id: String,
body: SecurityMonitoringRuleUpdatePayload,
) -> Result<SecurityMonitoringRuleResponse, Error<UpdateSecurityMonitoringRuleError>>
pub async fn update_security_monitoring_rule( &self, rule_id: String, body: SecurityMonitoringRuleUpdatePayload, ) -> Result<SecurityMonitoringRuleResponse, Error<UpdateSecurityMonitoringRuleError>>
Update an existing rule. When updating cases
, queries
or options
, the whole field
must be included. For example, when modifying a query all queries must be included.
Default rules can only be updated to be enabled, to change notifications, or to update
the tags (default tags cannot be removed).
Examples found in repository?
16async fn main() {
17 // there is a valid "security_rule" in the system
18 let security_rule_id = std::env::var("SECURITY_RULE_ID").unwrap();
19 let body = SecurityMonitoringRuleUpdatePayload::new()
20 .cases(vec![SecurityMonitoringRuleCase::new()
21 .condition("a > 0".to_string())
22 .name("".to_string())
23 .notifications(vec![])
24 .status(SecurityMonitoringRuleSeverity::INFO)])
25 .filters(vec![])
26 .is_enabled(true)
27 .message("Test rule".to_string())
28 .name("Example-Security-Monitoring-Updated".to_string())
29 .options(
30 SecurityMonitoringRuleOptions::new()
31 .evaluation_window(SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES)
32 .keep_alive(SecurityMonitoringRuleKeepAlive::ONE_HOUR)
33 .max_signal_duration(SecurityMonitoringRuleMaxSignalDuration::ONE_DAY),
34 )
35 .queries(vec![
36 SecurityMonitoringRuleQuery::SecurityMonitoringStandardRuleQuery(Box::new(
37 SecurityMonitoringStandardRuleQuery::new()
38 .aggregation(SecurityMonitoringRuleQueryAggregation::COUNT)
39 .distinct_fields(vec![])
40 .group_by_fields(vec![])
41 .metrics(vec![])
42 .query("@test:true".to_string()),
43 )),
44 ])
45 .tags(vec![]);
46 let configuration = datadog::Configuration::new();
47 let api = SecurityMonitoringAPI::with_config(configuration);
48 let resp = api
49 .update_security_monitoring_rule(security_rule_id.clone(), body)
50 .await;
51 if let Ok(value) = resp {
52 println!("{:#?}", value);
53 } else {
54 println!("{:#?}", resp.unwrap_err());
55 }
56}
More examples
13async fn main() {
14 // there is a valid "cloud_configuration_rule" in the system
15 let cloud_configuration_rule_id = std::env::var("CLOUD_CONFIGURATION_RULE_ID").unwrap();
16 let body =
17 SecurityMonitoringRuleUpdatePayload::new()
18 .cases(
19 vec![
20 SecurityMonitoringRuleCase::new()
21 .notifications(vec![])
22 .status(SecurityMonitoringRuleSeverity::INFO)
23 ],
24 )
25 .compliance_signal_options(
26 CloudConfigurationRuleComplianceSignalOptions::new()
27 .user_activation_status(Some(false))
28 .user_group_by_fields(Some(vec![])),
29 )
30 .is_enabled(false)
31 .message("ddd".to_string())
32 .name("Example-Security-Monitoring_cloud_updated".to_string())
33 .options(
34 SecurityMonitoringRuleOptions
35 ::new().compliance_rule_options(
36 CloudConfigurationComplianceRuleOptions::new()
37 .rego_rule(
38 CloudConfigurationRegoRule::new(
39 r#"package datadog
40
41import data.datadog.output as dd_output
42
43import future.keywords.contains
44import future.keywords.if
45import future.keywords.in
46
47milliseconds_in_a_day := ((1000 * 60) * 60) * 24
48
49eval(iam_service_account_key) = "skip" if {
50 iam_service_account_key.disabled
51} else = "pass" if {
52 (iam_service_account_key.resource_seen_at / milliseconds_in_a_day) - (iam_service_account_key.valid_after_time / milliseconds_in_a_day) <= 90
53} else = "fail"
54
55# This part remains unchanged for all rules
56results contains result if {
57 some resource in input.resources[input.main_resource_type]
58 result := dd_output.format(resource, eval(resource))
59}
60"#.to_string(),
61 vec!["gcp_compute_disk".to_string()],
62 ),
63 )
64 .resource_type("gcp_compute_disk".to_string()),
65 ),
66 )
67 .tags(vec![]);
68 let configuration = datadog::Configuration::new();
69 let api = SecurityMonitoringAPI::with_config(configuration);
70 let resp = api
71 .update_security_monitoring_rule(cloud_configuration_rule_id.clone(), body)
72 .await;
73 if let Ok(value) = resp {
74 println!("{:#?}", value);
75 } else {
76 println!("{:#?}", resp.unwrap_err());
77 }
78}
Sourcepub async fn update_security_monitoring_rule_with_http_info(
&self,
rule_id: String,
body: SecurityMonitoringRuleUpdatePayload,
) -> Result<ResponseContent<SecurityMonitoringRuleResponse>, Error<UpdateSecurityMonitoringRuleError>>
pub async fn update_security_monitoring_rule_with_http_info( &self, rule_id: String, body: SecurityMonitoringRuleUpdatePayload, ) -> Result<ResponseContent<SecurityMonitoringRuleResponse>, Error<UpdateSecurityMonitoringRuleError>>
Update an existing rule. When updating cases
, queries
or options
, the whole field
must be included. For example, when modifying a query all queries must be included.
Default rules can only be updated to be enabled, to change notifications, or to update
the tags (default tags cannot be removed).
Sourcepub async fn update_security_monitoring_suppression(
&self,
suppression_id: String,
body: SecurityMonitoringSuppressionUpdateRequest,
) -> Result<SecurityMonitoringSuppressionResponse, Error<UpdateSecurityMonitoringSuppressionError>>
pub async fn update_security_monitoring_suppression( &self, suppression_id: String, body: SecurityMonitoringSuppressionUpdateRequest, ) -> Result<SecurityMonitoringSuppressionResponse, Error<UpdateSecurityMonitoringSuppressionError>>
Update a specific suppression rule.
Examples found in repository?
10async fn main() {
11 // there is a valid "suppression" in the system
12 let suppression_data_id = std::env::var("SUPPRESSION_DATA_ID").unwrap();
13 let body = SecurityMonitoringSuppressionUpdateRequest::new(
14 SecurityMonitoringSuppressionUpdateData::new(
15 SecurityMonitoringSuppressionUpdateAttributes::new()
16 .suppression_query("env:staging status:low".to_string()),
17 SecurityMonitoringSuppressionType::SUPPRESSIONS,
18 ),
19 );
20 let configuration = datadog::Configuration::new();
21 let api = SecurityMonitoringAPI::with_config(configuration);
22 let resp = api
23 .update_security_monitoring_suppression(suppression_data_id.clone(), body)
24 .await;
25 if let Ok(value) = resp {
26 println!("{:#?}", value);
27 } else {
28 println!("{:#?}", resp.unwrap_err());
29 }
30}
Sourcepub async fn update_security_monitoring_suppression_with_http_info(
&self,
suppression_id: String,
body: SecurityMonitoringSuppressionUpdateRequest,
) -> Result<ResponseContent<SecurityMonitoringSuppressionResponse>, Error<UpdateSecurityMonitoringSuppressionError>>
pub async fn update_security_monitoring_suppression_with_http_info( &self, suppression_id: String, body: SecurityMonitoringSuppressionUpdateRequest, ) -> Result<ResponseContent<SecurityMonitoringSuppressionResponse>, Error<UpdateSecurityMonitoringSuppressionError>>
Update a specific suppression rule.
Sourcepub async fn validate_security_monitoring_rule(
&self,
body: SecurityMonitoringRuleValidatePayload,
) -> Result<(), Error<ValidateSecurityMonitoringRuleError>>
pub async fn validate_security_monitoring_rule( &self, body: SecurityMonitoringRuleValidatePayload, ) -> Result<(), Error<ValidateSecurityMonitoringRuleError>>
Validate a detection rule.
Examples found in repository?
18async fn main() {
19 let body =
20 SecurityMonitoringRuleValidatePayload::SecurityMonitoringStandardRulePayload(Box::new(
21 SecurityMonitoringStandardRulePayload::new(
22 vec![
23 SecurityMonitoringRuleCaseCreate::new(SecurityMonitoringRuleSeverity::INFO)
24 .condition("a > 0".to_string())
25 .name("".to_string())
26 .notifications(vec![]),
27 ],
28 true,
29 "My security monitoring rule".to_string(),
30 "My security monitoring rule".to_string(),
31 SecurityMonitoringRuleOptions::new()
32 .detection_method(SecurityMonitoringRuleDetectionMethod::THRESHOLD)
33 .evaluation_window(SecurityMonitoringRuleEvaluationWindow::THIRTY_MINUTES)
34 .keep_alive(SecurityMonitoringRuleKeepAlive::THIRTY_MINUTES)
35 .max_signal_duration(SecurityMonitoringRuleMaxSignalDuration::THIRTY_MINUTES),
36 vec![SecurityMonitoringStandardRuleQuery::new()
37 .aggregation(SecurityMonitoringRuleQueryAggregation::COUNT)
38 .distinct_fields(vec![])
39 .group_by_fields(vec!["@userIdentity.assumed_role".to_string()])
40 .name("".to_string())
41 .query("source:source_here".to_string())],
42 )
43 .has_extended_title(true)
44 .tags(vec!["env:prod".to_string(), "team:security".to_string()])
45 .type_(SecurityMonitoringRuleTypeCreate::LOG_DETECTION),
46 ));
47 let configuration = datadog::Configuration::new();
48 let api = SecurityMonitoringAPI::with_config(configuration);
49 let resp = api.validate_security_monitoring_rule(body).await;
50 if let Ok(value) = resp {
51 println!("{:#?}", value);
52 } else {
53 println!("{:#?}", resp.unwrap_err());
54 }
55}
Sourcepub async fn validate_security_monitoring_rule_with_http_info(
&self,
body: SecurityMonitoringRuleValidatePayload,
) -> Result<ResponseContent<()>, Error<ValidateSecurityMonitoringRuleError>>
pub async fn validate_security_monitoring_rule_with_http_info( &self, body: SecurityMonitoringRuleValidatePayload, ) -> Result<ResponseContent<()>, Error<ValidateSecurityMonitoringRuleError>>
Validate a detection rule.
Trait Implementations§
Source§impl Clone for SecurityMonitoringAPI
impl Clone for SecurityMonitoringAPI
Source§fn clone(&self) -> SecurityMonitoringAPI
fn clone(&self) -> SecurityMonitoringAPI
1.0.0 · Source§const fn clone_from(&mut self, source: &Self)
const fn clone_from(&mut self, source: &Self)
source
. Read more