v2_security_monitoring_TestSecurityMonitoringRule/
v2_security-monitoring_TestSecurityMonitoringRule.rs1use datadog_api_client::datadog;
3use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
4use datadog_api_client::datadogV2::model::SecurityMonitoringRuleCaseCreate;
5use datadog_api_client::datadogV2::model::SecurityMonitoringRuleDetectionMethod;
6use datadog_api_client::datadogV2::model::SecurityMonitoringRuleEvaluationWindow;
7use datadog_api_client::datadogV2::model::SecurityMonitoringRuleKeepAlive;
8use datadog_api_client::datadogV2::model::SecurityMonitoringRuleMaxSignalDuration;
9use datadog_api_client::datadogV2::model::SecurityMonitoringRuleOptions;
10use datadog_api_client::datadogV2::model::SecurityMonitoringRuleQueryAggregation;
11use datadog_api_client::datadogV2::model::SecurityMonitoringRuleQueryPayload;
12use datadog_api_client::datadogV2::model::SecurityMonitoringRuleQueryPayloadData;
13use datadog_api_client::datadogV2::model::SecurityMonitoringRuleSeverity;
14use datadog_api_client::datadogV2::model::SecurityMonitoringRuleTestPayload;
15use datadog_api_client::datadogV2::model::SecurityMonitoringRuleTestRequest;
16use datadog_api_client::datadogV2::model::SecurityMonitoringRuleTypeTest;
17use datadog_api_client::datadogV2::model::SecurityMonitoringStandardRuleQuery;
18use datadog_api_client::datadogV2::model::SecurityMonitoringStandardRuleTestPayload;
19
20#[tokio::main]
21async fn main() {
22 let body = SecurityMonitoringRuleTestRequest::new()
23 .rule(
24 SecurityMonitoringRuleTestPayload::SecurityMonitoringStandardRuleTestPayload(Box::new(
25 SecurityMonitoringStandardRuleTestPayload::new(
26 vec![SecurityMonitoringRuleCaseCreate::new(
27 SecurityMonitoringRuleSeverity::INFO,
28 )
29 .condition("a > 0".to_string())
30 .name("".to_string())
31 .notifications(vec![])],
32 true,
33 "My security monitoring rule message.".to_string(),
34 "My security monitoring rule.".to_string(),
35 SecurityMonitoringRuleOptions::new()
36 .decrease_criticality_based_on_env(false)
37 .detection_method(SecurityMonitoringRuleDetectionMethod::THRESHOLD)
38 .evaluation_window(SecurityMonitoringRuleEvaluationWindow::ZERO_MINUTES)
39 .keep_alive(SecurityMonitoringRuleKeepAlive::ZERO_MINUTES)
40 .max_signal_duration(SecurityMonitoringRuleMaxSignalDuration::ZERO_MINUTES),
41 vec![SecurityMonitoringStandardRuleQuery::new()
42 .aggregation(SecurityMonitoringRuleQueryAggregation::COUNT)
43 .distinct_fields(vec![])
44 .group_by_fields(vec!["@userIdentity.assumed_role".to_string()])
45 .name("".to_string())
46 .query("source:source_here".to_string())],
47 )
48 .has_extended_title(true)
49 .tags(vec!["env:prod".to_string(), "team:security".to_string()])
50 .type_(SecurityMonitoringRuleTypeTest::LOG_DETECTION),
51 )),
52 )
53 .rule_query_payloads(vec![SecurityMonitoringRuleQueryPayload::new()
54 .expected_result(true)
55 .index(0)
56 .payload(
57 SecurityMonitoringRuleQueryPayloadData::new()
58 .ddsource("source_here".to_string())
59 .ddtags("env:staging,version:5.1".to_string())
60 .hostname("i-012345678".to_string())
61 .message(
62 "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World"
63 .to_string(),
64 )
65 .service("payment".to_string()),
66 )]);
67 let configuration = datadog::Configuration::new();
68 let api = SecurityMonitoringAPI::with_config(configuration);
69 let resp = api.test_security_monitoring_rule(body).await;
70 if let Ok(value) = resp {
71 println!("{:#?}", value);
72 } else {
73 println!("{:#?}", resp.unwrap_err());
74 }
75}