Skip to content

Add bulk triage endpoints for security monitoring signals #3151

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
api-clients-generation-pipeline wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add bulk triage endpoints for security monitoring signals #3151

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
301 changes: 276 additions & 25 deletions .generator/schemas/v2/openapi.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57909,7 +57909,6 @@ components:
- none
- false_positive
- testing_or_maintenance
- remediated
- investigated_case_opened
- true_positive_benign
- true_positive_malicious
Expand All @@ -57919,7 +57918,6 @@ components:
- NONE
- FALSE_POSITIVE
- TESTING_OR_MAINTENANCE
- REMEDIATED
- INVESTIGATED_CASE_OPENED
- TRUE_POSITIVE_BENIGN
- TRUE_POSITIVE_MALICIOUS
Expand Down Expand Up @@ -58470,6 +58468,155 @@ components:
description: Version of the updated signal. If server side version is higher, update will be rejected.
format: int64
type: integer
SecurityMonitoringSignalsBulkAssigneeUpdateAttributes:
description: Attributes describing the new assignees for a bulk signal update.
properties:
assignee:
description: UUID of the user to assign to the signal. Use an empty string to unassign.
example: 773b045d-ccf8-4808-bd3b-955ef6a8c940
type: string
version:
$ref: "#/components/schemas/SecurityMonitoringSignalVersion"
required:
- assignee
type: object
SecurityMonitoringSignalsBulkAssigneeUpdateData:
description: Data for updating the assignees for multiple security signals.
properties:
attributes:
$ref: "#/components/schemas/SecurityMonitoringSignalsBulkAssigneeUpdateAttributes"
id:
description: The unique ID of the security signal.
example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA
type: string
type:
$ref: "#/components/schemas/SecurityMonitoringSignalType"
required:
- id
- attributes
type: object
SecurityMonitoringSignalsBulkAssigneeUpdateRequest:
description: Request body for updating the assignee of multiple security signals.
properties:
data:
description: An array of signal assignee updates.
items:
$ref: "#/components/schemas/SecurityMonitoringSignalsBulkAssigneeUpdateData"
maxItems: 199
type: array
required:
- data
type: object
SecurityMonitoringSignalsBulkStateUpdateData:
description: Data for updating the state for multiple security signals.
properties:
attributes:
$ref: "#/components/schemas/SecurityMonitoringSignalStateUpdateAttributes"
id:
description: The unique ID of the security signal.
example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA
type: string
type:
$ref: "#/components/schemas/SecurityMonitoringSignalType"
required:
- id
- attributes
type: object
SecurityMonitoringSignalsBulkStateUpdateRequest:
description: Request body for updating the triage states of multiple security signals.
properties:
data:
description: An array of signal state updates.
items:
$ref: "#/components/schemas/SecurityMonitoringSignalsBulkStateUpdateData"
maxItems: 199
type: array
required:
- data
type: object
SecurityMonitoringSignalsBulkTriageEvent:
description: A single signal event entry in a bulk triage update response.
properties:
event:
$ref: "#/components/schemas/SecurityMonitoringSignalsBulkTriageEventAttributes"
id:
description: The unique ID of the security signal.
example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA
type: string
required:
- id
- event
type: object
SecurityMonitoringSignalsBulkTriageEventAttributes:
description: Triage attributes of a security signal returned in a bulk update response.
properties:
archive_comment:
$ref: "#/components/schemas/SecurityMonitoringSignalArchiveComment"
archive_comment_timestamp:
description: Timestamp of the last edit to the archive comment.
format: int64
type: integer
archive_comment_user:
$ref: "#/components/schemas/SecurityMonitoringTriageUser"
archive_reason:
$ref: "#/components/schemas/SecurityMonitoringSignalArchiveReason"
assignee:
$ref: "#/components/schemas/SecurityMonitoringTriageUser"
id:
description: The unique ID of the security signal.
example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA
type: string
incident_ids:
$ref: "#/components/schemas/SecurityMonitoringSignalIncidentIds"
state:
$ref: "#/components/schemas/SecurityMonitoringSignalState"
state_update_timestamp:
description: Timestamp of the last state update.
format: int64
type: integer
state_update_user:
$ref: "#/components/schemas/SecurityMonitoringTriageUser"
required:
- id
- state
- assignee
- incident_ids
type: object
SecurityMonitoringSignalsBulkTriageUpdateResponse:
description: Response for a bulk triage update of security signals.
properties:
result:
$ref: "#/components/schemas/SecurityMonitoringSignalsBulkTriageUpdateResult"
status:
description: The status of the bulk operation.
example: done
type: string
type:
description: The type of the response.
example: status
type: string
required:
- type
- status
- result
type: object
SecurityMonitoringSignalsBulkTriageUpdateResult:
description: The result payload of a bulk signal triage update.
properties:
count:
description: The number of signals updated.
example: 2
format: int64
type: integer
events:
description: The list of updated signals.
items:
$ref: "#/components/schemas/SecurityMonitoringSignalsBulkTriageEvent"
type: array
required:
- count
- events
type: object
SecurityMonitoringSignalsListResponse:
description: "The response object with all security signals matching the request\nand pagination information."
properties:
Expand Down Expand Up @@ -102393,6 +102540,88 @@ paths:
operator: OR
permissions:
- security_monitoring_signals_read
/api/v2/security_monitoring/signals/bulk/assignee:
patch:
description: |-
Change the triage assignees of multiple security signals at once.
The maximum number of signals that can be updated in a single request is 199.
operationId: BulkEditSecurityMonitoringSignalsAssignee
requestBody:
content:
application/json:
schema:
$ref: "#/components/schemas/SecurityMonitoringSignalsBulkAssigneeUpdateRequest"
description: Attributes describing the signal assignee updates.
required: true
responses:
"200":
content:
application/json:
schema:
$ref: "#/components/schemas/SecurityMonitoringSignalsBulkTriageUpdateResponse"
description: OK
"400":
content:
application/json:
schema:
$ref: "#/components/schemas/JSONAPIErrorResponse"
description: Bad Request
"403":
content:
application/json:
schema:
$ref: "#/components/schemas/JSONAPIErrorResponse"
description: Forbidden
"429":
$ref: "#/components/responses/TooManyRequestsResponse"
summary: Bulk update triage assignee of security signals
tags: ["Security Monitoring"]
x-codegen-request-body-name: body
"x-permission":
operator: OR
permissions:
- security_monitoring_signals_write
/api/v2/security_monitoring/signals/bulk/state:
patch:
description: |-
Change the triage states of multiple security signals at once.
The maximum number of signals that can be updated in a single request is 199.
operationId: BulkEditSecurityMonitoringSignalsState
requestBody:
content:
application/json:
schema:
$ref: "#/components/schemas/SecurityMonitoringSignalsBulkStateUpdateRequest"
description: Attributes describing the signal state updates.
required: true
responses:
"200":
content:
application/json:
schema:
$ref: "#/components/schemas/SecurityMonitoringSignalsBulkTriageUpdateResponse"
description: OK
"400":
content:
application/json:
schema:
$ref: "#/components/schemas/JSONAPIErrorResponse"
description: Bad Request
"403":
content:
application/json:
schema:
$ref: "#/components/schemas/JSONAPIErrorResponse"
description: Forbidden
"429":
$ref: "#/components/responses/TooManyRequestsResponse"
summary: Bulk update triage state of security signals
tags: ["Security Monitoring"]
x-codegen-request-body-name: body
"x-permission":
operator: OR
permissions:
- security_monitoring_signals_write
/api/v2/security_monitoring/signals/search:
post:
description: |-
Expand Down Expand Up @@ -102449,8 +102678,6 @@ paths:
schema:
$ref: "#/components/schemas/SecurityMonitoringSignalResponse"
description: OK
"403":
$ref: "#/components/responses/NotAuthorizedResponse"
"404":
$ref: "#/components/responses/NotFoundResponse"
"429":
Expand Down Expand Up @@ -102488,17 +102715,25 @@ paths:
$ref: "#/components/schemas/SecurityMonitoringSignalTriageUpdateResponse"
description: OK
"400":
$ref: "#/components/responses/BadRequestResponse"
content:
application/json:
schema:
$ref: "#/components/schemas/APIErrorResponse"
description: Bad Request
"403":
$ref: "#/components/responses/NotAuthorizedResponse"
content:
application/json:
schema:
$ref: "#/components/schemas/APIErrorResponse"
description: Forbidden
"404":
$ref: "#/components/responses/NotFoundResponse"
content:
application/json:
schema:
$ref: "#/components/schemas/APIErrorResponse"
description: Not Found
"429":
$ref: "#/components/responses/TooManyRequestsResponse"
security:
- apiKeyAuth: []
appKeyAuth: []
- AuthZ: []
summary: Modify the triage assignee of a security signal
tags: ["Security Monitoring"]
x-codegen-request-body-name: body
Expand Down Expand Up @@ -102528,17 +102763,25 @@ paths:
$ref: "#/components/schemas/SecurityMonitoringSignalTriageUpdateResponse"
description: OK
"400":
$ref: "#/components/responses/BadRequestResponse"
content:
application/json:
schema:
$ref: "#/components/schemas/APIErrorResponse"
description: Bad Request
"403":
$ref: "#/components/responses/NotAuthorizedResponse"
content:
application/json:
schema:
$ref: "#/components/schemas/APIErrorResponse"
description: Forbidden
"404":
$ref: "#/components/responses/NotFoundResponse"
content:
application/json:
schema:
$ref: "#/components/schemas/APIErrorResponse"
description: Not Found
"429":
$ref: "#/components/responses/TooManyRequestsResponse"
security:
- apiKeyAuth: []
appKeyAuth: []
- AuthZ: []
summary: Change the related incidents of a security signal
tags: ["Security Monitoring"]
x-codegen-request-body-name: body
Expand Down Expand Up @@ -102568,17 +102811,25 @@ paths:
$ref: "#/components/schemas/SecurityMonitoringSignalTriageUpdateResponse"
description: OK
"400":
$ref: "#/components/responses/BadRequestResponse"
content:
application/json:
schema:
$ref: "#/components/schemas/APIErrorResponse"
description: Bad Request
"403":
$ref: "#/components/responses/NotAuthorizedResponse"
content:
application/json:
schema:
$ref: "#/components/schemas/APIErrorResponse"
description: Forbidden
"404":
$ref: "#/components/responses/NotFoundResponse"
content:
application/json:
schema:
$ref: "#/components/schemas/APIErrorResponse"
description: Not Found
"429":
$ref: "#/components/responses/TooManyRequestsResponse"
security:
- apiKeyAuth: []
appKeyAuth: []
- AuthZ: []
summary: Change the triage state of a security signal
tags: ["Security Monitoring"]
x-codegen-request-body-name: body
Expand Down
17 changes: 17 additions & 0 deletions examples/v2/security-monitoring/BulkEditSecurityMonitoringSignalsAssignee.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# Bulk update triage assignee of security signals returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::SecurityMonitoringSignalsBulkAssigneeUpdateRequest.new({
data: [
DatadogAPIClient::V2::SecurityMonitoringSignalsBulkAssigneeUpdateData.new({
attributes: DatadogAPIClient::V2::SecurityMonitoringSignalsBulkAssigneeUpdateAttributes.new({
assignee: "773b045d-ccf8-4808-bd3b-955ef6a8c940",
}),
id: "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA",
type: DatadogAPIClient::V2::SecurityMonitoringSignalType::SIGNAL,
}),
],
})
p api_instance.bulk_edit_security_monitoring_signals_assignee(body)
Loading