From fb0f4ebbfcb61955d1e322e5763bafb5a11abcc8 Mon Sep 17 00:00:00 2001 From: "ci.datadog-api-spec" Date: Mon, 27 Oct 2025 15:10:37 +0000 Subject: [PATCH] Regenerate client from commit a005daa of spec repo --- .generator/schemas/v2/openapi.yaml | 399 +++---- .../frozen.json | 2 +- .../recording.har | 10 +- .../frozen.json | 2 +- .../recording.har | 18 +- .../frozen.json | 2 +- .../recording.har | 22 +- .../frozen.json | 2 +- .../recording.har | 10 +- .../frozen.json | 2 +- .../recording.har | 10 +- .../frozen.json | 2 +- .../recording.har | 18 +- .../frozen.json | 2 +- .../recording.har | 10 +- .../frozen.json | 2 +- .../recording.har | 10 +- .../frozen.json | 2 +- .../recording.har | 28 +- .../frozen.json | 2 +- .../recording.har | 30 +- .../frozen.json | 1 - .../frozen.json | 1 - .../frozen.json | 1 - .../frozen.json | 1 + .../recording.har | 12 +- .../frozen.json | 1 + .../recording.har | 12 +- .../frozen.json | 1 + .../recording.har | 14 +- features/v2/given.json | 6 +- features/v2/security_monitoring.feature | 141 ++- features/v2/undo.json | 10 +- .../src/support/scenarios_model_mapping.ts | 16 +- .../src/v2/SecurityMonitoringApi.ts | 1006 +++++++++-------- services/security_monitoring/src/v2/index.ts | 34 +- .../ConvertJobResultsToSignalsAttributes.ts | 2 +- .../models/ConvertJobResultsToSignalsData.ts | 4 +- .../ConvertJobResultsToSignalsRequest.ts | 4 +- .../src/v2/models/JobCreateResponse.ts | 2 +- .../src/v2/models/JobCreateResponseData.ts | 6 +- .../src/v2/models/JobDefinition.ts | 14 +- .../src/v2/models/JobDefinitionFromRule.ts | 2 +- ...se.ts => ListThreatHuntingJobsResponse.ts} | 20 +- ...quest.ts => RunThreatHuntingJobRequest.ts} | 14 +- ...> RunThreatHuntingJobRequestAttributes.ts} | 10 +- ...a.ts => RunThreatHuntingJobRequestData.ts} | 20 +- ... => RunThreatHuntingJobRequestDataType.ts} | 2 +- ...ataType.ts => ThreatHuntingJobDataType.ts} | 2 +- ...istMeta.ts => ThreatHuntingJobListMeta.ts} | 4 +- ...bOptions.ts => ThreatHuntingJobOptions.ts} | 4 +- ...alJobQuery.ts => ThreatHuntingJobQuery.ts} | 6 +- ...esponse.ts => ThreatHuntingJobResponse.ts} | 14 +- ... => ThreatHuntingJobResponseAttributes.ts} | 8 +- ...ata.ts => ThreatHuntingJobResponseData.ts} | 20 +- .../src/v2/models/TypingInfo.ts | 44 +- 56 files changed, 1041 insertions(+), 1003 deletions(-) delete mode 100644 cassettes/v2/Security-Monitoring_1187227211/Run-a-historical-job-returns-Bad-Request-response_3841593672/frozen.json delete mode 100644 cassettes/v2/Security-Monitoring_1187227211/Run-a-historical-job-returns-Not-Found-response_258356351/frozen.json delete mode 100644 cassettes/v2/Security-Monitoring_1187227211/Run-a-historical-job-returns-Status-created-response_2964716074/frozen.json create mode 100644 cassettes/v2/Security-Monitoring_1187227211/Run-a-threat-hunting-job-returns-Bad-Request-response_1567776629/frozen.json rename cassettes/v2/Security-Monitoring_1187227211/{Run-a-historical-job-returns-Bad-Request-response_3841593672 => Run-a-threat-hunting-job-returns-Bad-Request-response_1567776629}/recording.har (86%) create mode 100644 cassettes/v2/Security-Monitoring_1187227211/Run-a-threat-hunting-job-returns-Not-Found-response_4013068630/frozen.json rename cassettes/v2/Security-Monitoring_1187227211/{Run-a-historical-job-returns-Not-Found-response_258356351 => Run-a-threat-hunting-job-returns-Not-Found-response_4013068630}/recording.har (83%) create mode 100644 cassettes/v2/Security-Monitoring_1187227211/Run-a-threat-hunting-job-returns-Status-created-response_674813617/frozen.json rename cassettes/v2/Security-Monitoring_1187227211/{Run-a-historical-job-returns-Status-created-response_2964716074 => Run-a-threat-hunting-job-returns-Status-created-response_674813617}/recording.har (81%) rename services/security_monitoring/src/v2/models/{ListHistoricalJobsResponse.ts => ListThreatHuntingJobsResponse.ts} (61%) rename services/security_monitoring/src/v2/models/{RunHistoricalJobRequest.ts => RunThreatHuntingJobRequest.ts} (67%) rename services/security_monitoring/src/v2/models/{RunHistoricalJobRequestAttributes.ts => RunThreatHuntingJobRequestAttributes.ts} (81%) rename services/security_monitoring/src/v2/models/{RunHistoricalJobRequestData.ts => RunThreatHuntingJobRequestData.ts} (58%) rename services/security_monitoring/src/v2/models/{RunHistoricalJobRequestDataType.ts => RunThreatHuntingJobRequestDataType.ts} (82%) rename services/security_monitoring/src/v2/models/{HistoricalJobDataType.ts => ThreatHuntingJobDataType.ts} (84%) rename services/security_monitoring/src/v2/models/{HistoricalJobListMeta.ts => ThreatHuntingJobListMeta.ts} (90%) rename services/security_monitoring/src/v2/models/{HistoricalJobOptions.ts => ThreatHuntingJobOptions.ts} (97%) rename services/security_monitoring/src/v2/models/{HistoricalJobQuery.ts => ThreatHuntingJobQuery.ts} (94%) rename services/security_monitoring/src/v2/models/{HistoricalJobResponse.ts => ThreatHuntingJobResponse.ts} (69%) rename services/security_monitoring/src/v2/models/{HistoricalJobResponseAttributes.ts => ThreatHuntingJobResponseAttributes.ts} (91%) rename services/security_monitoring/src/v2/models/{HistoricalJobResponseData.ts => ThreatHuntingJobResponseData.ts} (64%) diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 59c7b8b08efc..be9a2271b2b3 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -458,20 +458,6 @@ components: items: $ref: '#/components/schemas/GetIssueIncludeQueryParameterItem' type: array - HistoricalJobID: - description: The ID of the job. - in: path - name: job_id - required: true - schema: - type: string - HistoricalSignalID: - description: The ID of the historical signal. - in: path - name: histsignal_id - required: true - schema: - type: string IncidentAttachmentFilterQueryParameter: description: Specifies which types of attachments are included in the response. explode: false @@ -1091,6 +1077,20 @@ components: required: true schema: type: string + ThreatHuntingJobID: + description: The ID of the job. + in: path + name: job_id + required: true + schema: + type: string + ThreatHuntingSignalID: + description: The ID of the threat hunting signal. + in: path + name: histsignal_id + required: true + schema: + type: string UserID: description: The ID of the user. in: path @@ -11815,7 +11815,7 @@ components: - GZIP - DEFLATE ConvertJobResultsToSignalsAttributes: - description: Attributes for converting historical job results to signals. + description: Attributes for converting threat hunting job results to signals. properties: id: description: Request ID. @@ -11847,7 +11847,7 @@ components: - notifications type: object ConvertJobResultsToSignalsData: - description: Data for converting historical job results to signals. + description: Data for converting threat hunting job results to signals. properties: attributes: $ref: '#/components/schemas/ConvertJobResultsToSignalsAttributes' @@ -11862,7 +11862,7 @@ components: x-enum-varnames: - HISTORICALDETECTIONSJOBRESULTSIGNALCONVERSION ConvertJobResultsToSignalsRequest: - description: Request for converting historical job results to signals. + description: Request for converting threat hunting job results to signals. properties: data: $ref: '#/components/schemas/ConvertJobResultsToSignalsData' @@ -22191,130 +22191,6 @@ components: - type - value type: object - HistoricalJobDataType: - description: Type of payload. - enum: - - historicalDetectionsJob - type: string - x-enum-varnames: - - HISTORICALDETECTIONSJOB - HistoricalJobListMeta: - description: Metadata about the list of jobs. - properties: - totalCount: - description: Number of jobs in the list. - format: int32 - maximum: 2147483647 - type: integer - type: object - HistoricalJobOptions: - description: Job options. - properties: - detectionMethod: - $ref: '#/components/schemas/SecurityMonitoringRuleDetectionMethod' - evaluationWindow: - $ref: '#/components/schemas/SecurityMonitoringRuleEvaluationWindow' - impossibleTravelOptions: - $ref: '#/components/schemas/SecurityMonitoringRuleImpossibleTravelOptions' - keepAlive: - $ref: '#/components/schemas/SecurityMonitoringRuleKeepAlive' - maxSignalDuration: - $ref: '#/components/schemas/SecurityMonitoringRuleMaxSignalDuration' - newValueOptions: - $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptions' - sequenceDetectionOptions: - $ref: '#/components/schemas/SecurityMonitoringRuleSequenceDetectionOptions' - thirdPartyRuleOptions: - $ref: '#/components/schemas/SecurityMonitoringRuleThirdPartyOptions' - type: object - HistoricalJobQuery: - description: Query for selecting logs analyzed by the historical job. - properties: - aggregation: - $ref: '#/components/schemas/SecurityMonitoringRuleQueryAggregation' - dataSource: - $ref: '#/components/schemas/SecurityMonitoringStandardDataSource' - distinctFields: - description: Field for which the cardinality is measured. Sent as an array. - items: - description: Field. - type: string - type: array - groupByFields: - description: Fields to group by. - items: - description: Field. - type: string - type: array - hasOptionalGroupByFields: - default: false - description: When false, events without a group-by value are ignored by - the query. When true, events with missing group-by fields are processed - with `N/A`, replacing the missing values. - example: false - type: boolean - metrics: - description: Group of target fields to aggregate over when using the sum, - max, geo data, or new value aggregations. The sum, max, and geo data aggregations - only accept one value in this list, whereas the new value aggregation - accepts up to five values. - items: - description: Field. - type: string - type: array - name: - description: Name of the query. - type: string - query: - description: Query to run on logs. - example: a > 3 - type: string - type: object - HistoricalJobResponse: - description: Historical job response. - properties: - data: - $ref: '#/components/schemas/HistoricalJobResponseData' - type: object - HistoricalJobResponseAttributes: - description: Historical job attributes. - properties: - createdAt: - description: Time when the job was created. - type: string - createdByHandle: - description: The handle of the user who created the job. - type: string - createdByName: - description: The name of the user who created the job. - type: string - createdFromRuleId: - description: ID of the rule used to create the job (if it is created from - a rule). - type: string - jobDefinition: - $ref: '#/components/schemas/JobDefinition' - jobName: - description: Job name. - type: string - jobStatus: - description: Job status. - type: string - modifiedAt: - description: Last modification time of the job. - type: string - type: object - HistoricalJobResponseData: - description: Historical job response data. - properties: - attributes: - $ref: '#/components/schemas/HistoricalJobResponseAttributes' - id: - description: ID of the job. - type: string - type: - $ref: '#/components/schemas/HistoricalJobDataType' - type: object HourlyUsage: description: Hourly usage for a product family for an org. properties: @@ -26495,7 +26371,7 @@ components: type: string type: object JobCreateResponse: - description: Run a historical job response. + description: Run a threat hunting job response. properties: data: $ref: '#/components/schemas/JobCreateResponseData' @@ -26507,10 +26383,10 @@ components: description: ID of the created job. type: string type: - $ref: '#/components/schemas/HistoricalJobDataType' + $ref: '#/components/schemas/ThreatHuntingJobDataType' type: object JobDefinition: - description: Definition of a historical job. + description: Definition of a threat hunting job. properties: calculatedFields: description: Calculated fields. @@ -26549,11 +26425,11 @@ components: example: Excessive number of failed attempts. type: string options: - $ref: '#/components/schemas/HistoricalJobOptions' + $ref: '#/components/schemas/ThreatHuntingJobOptions' queries: description: Queries for selecting logs analyzed by the job. items: - $ref: '#/components/schemas/HistoricalJobQuery' + $ref: '#/components/schemas/ThreatHuntingJobQuery' type: array referenceTables: description: Reference tables used in the queries. @@ -26590,7 +26466,8 @@ components: - message type: object JobDefinitionFromRule: - description: Definition of a historical job based on a security monitoring rule. + description: Definition of a threat hunting job based on a security monitoring + rule. properties: from: description: Starting time of data analyzed by the job. @@ -27290,17 +27167,6 @@ components: - data - meta type: object - ListHistoricalJobsResponse: - description: List of historical jobs. - properties: - data: - description: Array containing the list of historical jobs. - items: - $ref: '#/components/schemas/HistoricalJobResponseData' - type: array - meta: - $ref: '#/components/schemas/HistoricalJobListMeta' - type: object ListKindCatalogResponse: description: List kind response. properties: @@ -27468,6 +27334,17 @@ components: - _NAME - USER_COUNT - _USER_COUNT + ListThreatHuntingJobsResponse: + description: List of threat hunting jobs. + properties: + data: + description: Array containing the list of threat hunting jobs. + items: + $ref: '#/components/schemas/ThreatHuntingJobResponseData' + type: array + meta: + $ref: '#/components/schemas/ThreatHuntingJobListMeta' + type: object ListVulnerabilitiesResponse: description: The expected response schema when listing vulnerabilities. properties: @@ -41523,14 +41400,18 @@ components: $ref: '#/components/schemas/RumRetentionFilterData' type: array type: object - RunHistoricalJobRequest: - description: Run a historical job request. + RunRetentionFilterName: + description: The name of a RUM retention filter. + example: Retention filter for session + type: string + RunThreatHuntingJobRequest: + description: Run a threat hunting job request. properties: data: - $ref: '#/components/schemas/RunHistoricalJobRequestData' + $ref: '#/components/schemas/RunThreatHuntingJobRequestData' type: object - RunHistoricalJobRequestAttributes: - description: Run a historical job request. + RunThreatHuntingJobRequestAttributes: + description: Run a threat hunting job request. properties: fromRule: $ref: '#/components/schemas/JobDefinitionFromRule' @@ -41540,25 +41421,21 @@ components: jobDefinition: $ref: '#/components/schemas/JobDefinition' type: object - RunHistoricalJobRequestData: - description: Data for running a historical job request. + RunThreatHuntingJobRequestData: + description: Data for running a threat hunting job request. properties: attributes: - $ref: '#/components/schemas/RunHistoricalJobRequestAttributes' + $ref: '#/components/schemas/RunThreatHuntingJobRequestAttributes' type: - $ref: '#/components/schemas/RunHistoricalJobRequestDataType' + $ref: '#/components/schemas/RunThreatHuntingJobRequestDataType' type: object - RunHistoricalJobRequestDataType: + RunThreatHuntingJobRequestDataType: description: Type of data. enum: - historicalDetectionsJobCreate type: string x-enum-varnames: - HISTORICALDETECTIONSJOBCREATE - RunRetentionFilterName: - description: The name of a RUM retention filter. - example: Retention filter for session - type: string SAMLAssertionAttribute: description: SAML assertion attribute. properties: @@ -50443,6 +50320,130 @@ components: description: Offset type. type: string type: object + ThreatHuntingJobDataType: + description: Type of payload. + enum: + - historicalDetectionsJob + type: string + x-enum-varnames: + - HISTORICALDETECTIONSJOB + ThreatHuntingJobListMeta: + description: Metadata about the list of jobs. + properties: + totalCount: + description: Number of jobs in the list. + format: int32 + maximum: 2147483647 + type: integer + type: object + ThreatHuntingJobOptions: + description: Job options. + properties: + detectionMethod: + $ref: '#/components/schemas/SecurityMonitoringRuleDetectionMethod' + evaluationWindow: + $ref: '#/components/schemas/SecurityMonitoringRuleEvaluationWindow' + impossibleTravelOptions: + $ref: '#/components/schemas/SecurityMonitoringRuleImpossibleTravelOptions' + keepAlive: + $ref: '#/components/schemas/SecurityMonitoringRuleKeepAlive' + maxSignalDuration: + $ref: '#/components/schemas/SecurityMonitoringRuleMaxSignalDuration' + newValueOptions: + $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptions' + sequenceDetectionOptions: + $ref: '#/components/schemas/SecurityMonitoringRuleSequenceDetectionOptions' + thirdPartyRuleOptions: + $ref: '#/components/schemas/SecurityMonitoringRuleThirdPartyOptions' + type: object + ThreatHuntingJobQuery: + description: Query for selecting logs analyzed by the threat hunting job. + properties: + aggregation: + $ref: '#/components/schemas/SecurityMonitoringRuleQueryAggregation' + dataSource: + $ref: '#/components/schemas/SecurityMonitoringStandardDataSource' + distinctFields: + description: Field for which the cardinality is measured. Sent as an array. + items: + description: Field. + type: string + type: array + groupByFields: + description: Fields to group by. + items: + description: Field. + type: string + type: array + hasOptionalGroupByFields: + default: false + description: When false, events without a group-by value are ignored by + the query. When true, events with missing group-by fields are processed + with `N/A`, replacing the missing values. + example: false + type: boolean + metrics: + description: Group of target fields to aggregate over when using the sum, + max, geo data, or new value aggregations. The sum, max, and geo data aggregations + only accept one value in this list, whereas the new value aggregation + accepts up to five values. + items: + description: Field. + type: string + type: array + name: + description: Name of the query. + type: string + query: + description: Query to run on logs. + example: a > 3 + type: string + type: object + ThreatHuntingJobResponse: + description: Threat hunting job response. + properties: + data: + $ref: '#/components/schemas/ThreatHuntingJobResponseData' + type: object + ThreatHuntingJobResponseAttributes: + description: Threat hunting job attributes. + properties: + createdAt: + description: Time when the job was created. + type: string + createdByHandle: + description: The handle of the user who created the job. + type: string + createdByName: + description: The name of the user who created the job. + type: string + createdFromRuleId: + description: ID of the rule used to create the job (if it is created from + a rule). + type: string + jobDefinition: + $ref: '#/components/schemas/JobDefinition' + jobName: + description: Job name. + type: string + jobStatus: + description: Job status. + type: string + modifiedAt: + description: Last modification time of the job. + type: string + type: object + ThreatHuntingJobResponseData: + description: Threat hunting job response data. + properties: + attributes: + $ref: '#/components/schemas/ThreatHuntingJobResponseAttributes' + id: + description: ID of the job. + type: string + type: + $ref: '#/components/schemas/ThreatHuntingJobDataType' + type: object TimeAggregation: description: 'Time aggregation period (in seconds) is used to aggregate the results of the notification rule evaluation. @@ -76493,7 +76494,7 @@ paths: permissions: - incident_settings_write x-unstable: '**Note**: This endpoint is deprecated.' - /api/v2/siem-historical-detections/histsignals: + /api/v2/siem-threat-hunting/histsignals: get: description: List hist signals. operationId: ListSecurityMonitoringHistsignals @@ -76534,7 +76535,7 @@ paths: x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' - /api/v2/siem-historical-detections/histsignals/search: + /api/v2/siem-threat-hunting/histsignals/search: get: description: Search hist signals. operationId: SearchSecurityMonitoringHistsignals @@ -76574,12 +76575,12 @@ paths: x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' - /api/v2/siem-historical-detections/histsignals/{histsignal_id}: + /api/v2/siem-threat-hunting/histsignals/{histsignal_id}: get: description: Get a hist signal's details. operationId: GetSecurityMonitoringHistsignal parameters: - - $ref: '#/components/parameters/HistoricalSignalID' + - $ref: '#/components/parameters/ThreatHuntingSignalID' responses: '200': content: @@ -76610,10 +76611,10 @@ paths: x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' - /api/v2/siem-historical-detections/jobs: + /api/v2/siem-threat-hunting/jobs: get: - description: List historical jobs. - operationId: ListHistoricalJobs + description: List threat hunting jobs. + operationId: ListThreatHuntingJobs parameters: - $ref: '#/components/parameters/PageSize' - $ref: '#/components/parameters/PageNumber' @@ -76636,7 +76637,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/ListHistoricalJobsResponse' + $ref: '#/components/schemas/ListThreatHuntingJobsResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' @@ -76648,20 +76649,20 @@ paths: - apiKeyAuth: [] appKeyAuth: [] - AuthZ: [] - summary: List historical jobs + summary: List threat hunting jobs tags: - Security Monitoring x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' post: - description: Run a historical job. - operationId: RunHistoricalJob + description: Run a threat hunting job. + operationId: RunThreatHuntingJob requestBody: content: application/json: schema: - $ref: '#/components/schemas/RunHistoricalJobRequest' + $ref: '#/components/schemas/RunThreatHuntingJobRequest' required: true responses: '201': @@ -76685,7 +76686,7 @@ paths: appKeyAuth: [] - AuthZ: - security_monitoring_rules_write - summary: Run a historical job + summary: Run a threat hunting job tags: - Security Monitoring x-codegen-request-body-name: body @@ -76696,7 +76697,7 @@ paths: x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' - /api/v2/siem-historical-detections/jobs/signal_convert: + /api/v2/siem-threat-hunting/jobs/signal_convert: post: description: Convert a job result to a signal. operationId: ConvertJobResultToSignal @@ -76730,12 +76731,12 @@ paths: x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' - /api/v2/siem-historical-detections/jobs/{job_id}: + /api/v2/siem-threat-hunting/jobs/{job_id}: delete: description: Delete an existing job. - operationId: DeleteHistoricalJob + operationId: DeleteThreatHuntingJob parameters: - - $ref: '#/components/parameters/HistoricalJobID' + - $ref: '#/components/parameters/ThreatHuntingJobID' responses: '204': description: OK @@ -76763,15 +76764,15 @@ paths: Please check the documentation regularly for updates.' get: description: Get a job's details. - operationId: GetHistoricalJob + operationId: GetThreatHuntingJob parameters: - - $ref: '#/components/parameters/HistoricalJobID' + - $ref: '#/components/parameters/ThreatHuntingJobID' responses: '200': content: application/json: schema: - $ref: '#/components/schemas/HistoricalJobResponse' + $ref: '#/components/schemas/ThreatHuntingJobResponse' description: OK '400': $ref: '#/components/responses/BadRequestResponse' @@ -76796,12 +76797,12 @@ paths: x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' - /api/v2/siem-historical-detections/jobs/{job_id}/cancel: + /api/v2/siem-threat-hunting/jobs/{job_id}/cancel: patch: - description: Cancel a historical job. - operationId: CancelHistoricalJob + description: Cancel a threat hunting job. + operationId: CancelThreatHuntingJob parameters: - - $ref: '#/components/parameters/HistoricalJobID' + - $ref: '#/components/parameters/ThreatHuntingJobID' responses: '204': description: OK @@ -76822,7 +76823,7 @@ paths: appKeyAuth: [] - AuthZ: - security_monitoring_rules_write - summary: Cancel a historical job + summary: Cancel a threat hunting job tags: - Security Monitoring x-permission: @@ -76832,12 +76833,12 @@ paths: x-unstable: '**Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates.' - /api/v2/siem-historical-detections/jobs/{job_id}/histsignals: + /api/v2/siem-threat-hunting/jobs/{job_id}/histsignals: get: description: Get a job's hist signals. operationId: GetSecurityMonitoringHistsignalsByJobId parameters: - - $ref: '#/components/parameters/HistoricalJobID' + - $ref: '#/components/parameters/ThreatHuntingJobID' - $ref: '#/components/parameters/QueryFilterSearch' - $ref: '#/components/parameters/QueryFilterFrom' - $ref: '#/components/parameters/QueryFilterTo' diff --git a/cassettes/v2/Security-Monitoring_1187227211/Cancel-a-historical-job-returns-Bad-Request-response_2626511957/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Cancel-a-historical-job-returns-Bad-Request-response_2626511957/frozen.json index 13b076dc4f2f..b5a56d601766 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/Cancel-a-historical-job-returns-Bad-Request-response_2626511957/frozen.json +++ b/cassettes/v2/Security-Monitoring_1187227211/Cancel-a-historical-job-returns-Bad-Request-response_2626511957/frozen.json @@ -1 +1 @@ -"2024-11-08T09:54:38.539Z" +"2025-10-24T14:24:00.041Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/Cancel-a-historical-job-returns-Bad-Request-response_2626511957/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Cancel-a-historical-job-returns-Bad-Request-response_2626511957/recording.har index 42cc0ec6da0b..5dce883c618a 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/Cancel-a-historical-job-returns-Bad-Request-response_2626511957/recording.har +++ b/cassettes/v2/Security-Monitoring_1187227211/Cancel-a-historical-job-returns-Bad-Request-response_2626511957/recording.har @@ -8,7 +8,7 @@ }, "entries": [ { - "_id": "9ee0d12dc2a76c2c4cd5598af0680035", + "_id": "e4257625426956fbc2c716c61d098a68", "_order": 0, "cache": {}, "request": { @@ -21,11 +21,11 @@ "value": "*/*" } ], - "headersSize": 536, + "headersSize": 532, "httpVersion": "HTTP/1.1", "method": "PATCH", "queryString": [], - "url": "https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/inva-lid/cancel" + "url": "https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/inva-lid/cancel" }, "response": { "bodySize": 54, @@ -47,8 +47,8 @@ "status": 400, "statusText": "Bad Request" }, - "startedDateTime": "2024-11-08T09:54:38.930Z", - "time": 66 + "startedDateTime": "2025-10-24T14:24:00.666Z", + "time": 183 } ], "pages": [], diff --git a/cassettes/v2/Security-Monitoring_1187227211/Cancel-a-historical-job-returns-Not-Found-response_1180168758/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Cancel-a-historical-job-returns-Not-Found-response_1180168758/frozen.json index 465df313840a..43f153497ff5 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/Cancel-a-historical-job-returns-Not-Found-response_1180168758/frozen.json +++ b/cassettes/v2/Security-Monitoring_1187227211/Cancel-a-historical-job-returns-Not-Found-response_1180168758/frozen.json @@ -1 +1 @@ -"2024-11-08T09:54:39.006Z" +"2025-10-24T14:24:00.856Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/Cancel-a-historical-job-returns-Not-Found-response_1180168758/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Cancel-a-historical-job-returns-Not-Found-response_1180168758/recording.har index 243a532e9988..195bfa7dfb98 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/Cancel-a-historical-job-returns-Not-Found-response_1180168758/recording.har +++ b/cassettes/v2/Security-Monitoring_1187227211/Cancel-a-historical-job-returns-Not-Found-response_1180168758/recording.har @@ -8,7 +8,7 @@ }, "entries": [ { - "_id": "699b2b92566c9d9269d6d218f57402f8", + "_id": "e39b14a977fad872956237286fee579e", "_order": 0, "cache": {}, "request": { @@ -21,18 +21,18 @@ "value": "*/*" } ], - "headersSize": 563, + "headersSize": 560, "httpVersion": "HTTP/1.1", "method": "PATCH", "queryString": [], - "url": "https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93/cancel" + "url": "https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93/cancel" }, "response": { - "bodySize": 116, + "bodySize": 50, "content": { "mimeType": "application/vnd.api+json", - "size": 116, - "text": "{\"errors\":[{\"status\":\"404\",\"title\":\"Not Found\",\"detail\":\"Job 8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93 was not found.\"}]}" + "size": 50, + "text": "{\"errors\":[{\"status\":\"404\",\"detail\":\"Not Found\"}]}" }, "cookies": [], "headers": [ @@ -41,14 +41,14 @@ "value": "application/vnd.api+json" } ], - "headersSize": 525, + "headersSize": 524, "httpVersion": "HTTP/1.1", "redirectURL": "", "status": 404, "statusText": "Not Found" }, - "startedDateTime": "2024-11-08T09:54:39.009Z", - "time": 68 + "startedDateTime": "2025-10-24T14:24:00.869Z", + "time": 101 } ], "pages": [], diff --git a/cassettes/v2/Security-Monitoring_1187227211/Cancel-a-historical-job-returns-OK-response_1956551145/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Cancel-a-historical-job-returns-OK-response_1956551145/frozen.json index 6cecbf756651..83279b597ce6 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/Cancel-a-historical-job-returns-OK-response_1956551145/frozen.json +++ b/cassettes/v2/Security-Monitoring_1187227211/Cancel-a-historical-job-returns-OK-response_1956551145/frozen.json @@ -1 +1 @@ -"2024-11-08T09:54:39.082Z" +"2025-10-24T14:24:00.975Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/Cancel-a-historical-job-returns-OK-response_1956551145/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Cancel-a-historical-job-returns-OK-response_1956551145/recording.har index 3290eb4b7147..e7e8eb7093f4 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/Cancel-a-historical-job-returns-OK-response_1956551145/recording.har +++ b/cassettes/v2/Security-Monitoring_1187227211/Cancel-a-historical-job-returns-OK-response_1956551145/recording.har @@ -8,7 +8,7 @@ }, "entries": [ { - "_id": "6bb82102e994f0d1ee96e1e3f1d80ffd", + "_id": "4c138fa0d83459728bd7894a659525ac", "_order": 0, "cache": {}, "request": { @@ -26,7 +26,7 @@ "value": "application/json" } ], - "headersSize": 582, + "headersSize": 578, "httpVersion": "HTTP/1.1", "method": "POST", "postData": { @@ -35,14 +35,14 @@ "text": "{\"data\":{\"attributes\":{\"jobDefinition\":{\"cases\":[{\"condition\":\"a > 1\",\"name\":\"Condition 1\",\"notifications\":[],\"status\":\"info\"}],\"from\":1730387522611,\"index\":\"main\",\"message\":\"A large number of failed login attempts.\",\"name\":\"Excessive number of failed attempts.\",\"options\":{\"evaluationWindow\":900,\"keepAlive\":3600,\"maxSignalDuration\":86400},\"queries\":[{\"aggregation\":\"count\",\"distinctFields\":[],\"groupByFields\":[],\"query\":\"source:non_existing_src_weekend\"}],\"tags\":[],\"to\":1730387532611,\"type\":\"log_detection\"}},\"type\":\"historicalDetectionsJobCreate\"}}" }, "queryString": [], - "url": "https://api.datadoghq.com/api/v2/siem-historical-detections/jobs" + "url": "https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs" }, "response": { "bodySize": 87, "content": { "mimeType": "application/vnd.api+json", "size": 87, - "text": "{\"data\":{\"id\":\"e332b07e-d573-45fa-b2df-9a1bcc27f17e\",\"type\":\"historicalDetectionsJob\"}}" + "text": "{\"data\":{\"id\":\"cafe565c-106b-486e-ad21-a712656723b4\",\"type\":\"historicalDetectionsJob\"}}" }, "cookies": [], "headers": [ @@ -57,11 +57,11 @@ "status": 201, "statusText": "Created" }, - "startedDateTime": "2024-11-08T09:54:39.085Z", - "time": 108 + "startedDateTime": "2025-10-24T14:24:00.980Z", + "time": 140 }, { - "_id": "43cd9ba3ae67113c4ab17f57b600ac37", + "_id": "260d5e644c21417854680ac43b40d556", "_order": 0, "cache": {}, "request": { @@ -74,11 +74,11 @@ "value": "*/*" } ], - "headersSize": 564, + "headersSize": 560, "httpVersion": "HTTP/1.1", "method": "PATCH", "queryString": [], - "url": "https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/e332b07e-d573-45fa-b2df-9a1bcc27f17e/cancel" + "url": "https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/cafe565c-106b-486e-ad21-a712656723b4/cancel" }, "response": { "bodySize": 0, @@ -94,8 +94,8 @@ "status": 204, "statusText": "No Content" }, - "startedDateTime": "2024-11-08T09:54:39.197Z", - "time": 74 + "startedDateTime": "2025-10-24T14:24:01.125Z", + "time": 92 } ], "pages": [], diff --git a/cassettes/v2/Security-Monitoring_1187227211/Convert-a-job-result-to-a-signal-returns-Bad-Request-response_2618814137/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Convert-a-job-result-to-a-signal-returns-Bad-Request-response_2618814137/frozen.json index 78bd1eb7e90b..85dc03005dbc 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/Convert-a-job-result-to-a-signal-returns-Bad-Request-response_2618814137/frozen.json +++ b/cassettes/v2/Security-Monitoring_1187227211/Convert-a-job-result-to-a-signal-returns-Bad-Request-response_2618814137/frozen.json @@ -1 +1 @@ -"2024-11-08T09:54:39.280Z" +"2025-10-24T14:24:01.235Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/Convert-a-job-result-to-a-signal-returns-Bad-Request-response_2618814137/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Convert-a-job-result-to-a-signal-returns-Bad-Request-response_2618814137/recording.har index 8cc89eddcfb1..32dddbcbba41 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/Convert-a-job-result-to-a-signal-returns-Bad-Request-response_2618814137/recording.har +++ b/cassettes/v2/Security-Monitoring_1187227211/Convert-a-job-result-to-a-signal-returns-Bad-Request-response_2618814137/recording.har @@ -8,7 +8,7 @@ }, "entries": [ { - "_id": "0d4946af2c85586b74ddeb117a50a4a6", + "_id": "547f0189451a142459cd9f22ee5351f6", "_order": 0, "cache": {}, "request": { @@ -26,7 +26,7 @@ "value": "application/json" } ], - "headersSize": 592, + "headersSize": 585, "httpVersion": "HTTP/1.1", "method": "POST", "postData": { @@ -35,7 +35,7 @@ "text": "{\"data\":{\"attributes\":{\"jobResultIds\":[\"\"],\"notifications\":[\"\"],\"signalMessage\":\"A large number of failed login attempts.\",\"signalSeverity\":\"critical\"},\"type\":\"historicalDetectionsJobResultSignalConversion\"}}" }, "queryString": [], - "url": "https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/signal_convert" + "url": "https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/signal_convert" }, "response": { "bodySize": 91, @@ -57,8 +57,8 @@ "status": 400, "statusText": "Bad Request" }, - "startedDateTime": "2024-11-08T09:54:39.282Z", - "time": 62 + "startedDateTime": "2025-10-24T14:24:01.238Z", + "time": 74 } ], "pages": [], diff --git a/cassettes/v2/Security-Monitoring_1187227211/Delete-an-existing-job-returns-Bad-Request-response_812796719/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Delete-an-existing-job-returns-Bad-Request-response_812796719/frozen.json index 2334f25deaf7..43d60b929130 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/Delete-an-existing-job-returns-Bad-Request-response_812796719/frozen.json +++ b/cassettes/v2/Security-Monitoring_1187227211/Delete-an-existing-job-returns-Bad-Request-response_812796719/frozen.json @@ -1 +1 @@ -"2024-11-08T09:54:39.371Z" +"2025-10-24T14:24:01.339Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/Delete-an-existing-job-returns-Bad-Request-response_812796719/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Delete-an-existing-job-returns-Bad-Request-response_812796719/recording.har index f40dd9178595..0cf09beadde1 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/Delete-an-existing-job-returns-Bad-Request-response_812796719/recording.har +++ b/cassettes/v2/Security-Monitoring_1187227211/Delete-an-existing-job-returns-Bad-Request-response_812796719/recording.har @@ -8,7 +8,7 @@ }, "entries": [ { - "_id": "74a52942ee0024790dc5b284709530a7", + "_id": "75c431a76ec2040e5a4c0f15acc3ea11", "_order": 0, "cache": {}, "request": { @@ -21,11 +21,11 @@ "value": "*/*" } ], - "headersSize": 530, + "headersSize": 526, "httpVersion": "HTTP/1.1", "method": "DELETE", "queryString": [], - "url": "https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/inva-lid" + "url": "https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/inva-lid" }, "response": { "bodySize": 78, @@ -47,8 +47,8 @@ "status": 400, "statusText": "Bad Request" }, - "startedDateTime": "2024-11-08T09:54:39.375Z", - "time": 74 + "startedDateTime": "2025-10-24T14:24:01.341Z", + "time": 81 } ], "pages": [], diff --git a/cassettes/v2/Security-Monitoring_1187227211/Delete-an-existing-job-returns-Not-Found-response_3638474920/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Delete-an-existing-job-returns-Not-Found-response_3638474920/frozen.json index 4c2be97946cb..0b5719d0620d 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/Delete-an-existing-job-returns-Not-Found-response_3638474920/frozen.json +++ b/cassettes/v2/Security-Monitoring_1187227211/Delete-an-existing-job-returns-Not-Found-response_3638474920/frozen.json @@ -1 +1 @@ -"2024-11-08T09:54:39.455Z" +"2025-10-24T14:24:01.428Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/Delete-an-existing-job-returns-Not-Found-response_3638474920/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Delete-an-existing-job-returns-Not-Found-response_3638474920/recording.har index 3f7721a3fea5..85efc0f9cd1c 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/Delete-an-existing-job-returns-Not-Found-response_3638474920/recording.har +++ b/cassettes/v2/Security-Monitoring_1187227211/Delete-an-existing-job-returns-Not-Found-response_3638474920/recording.har @@ -8,7 +8,7 @@ }, "entries": [ { - "_id": "9e763f3fed9d995ac14975ddbbeec6b1", + "_id": "4d768dca9f974e76a412a45a6abf3e26", "_order": 0, "cache": {}, "request": { @@ -21,18 +21,18 @@ "value": "*/*" } ], - "headersSize": 558, + "headersSize": 552, "httpVersion": "HTTP/1.1", "method": "DELETE", "queryString": [], - "url": "https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93" + "url": "https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93" }, "response": { - "bodySize": 116, + "bodySize": 50, "content": { "mimeType": "application/vnd.api+json", - "size": 116, - "text": "{\"errors\":[{\"status\":\"404\",\"title\":\"Not Found\",\"detail\":\"Job 8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93 was not found.\"}]}" + "size": 50, + "text": "{\"errors\":[{\"status\":\"404\",\"detail\":\"Not Found\"}]}" }, "cookies": [], "headers": [ @@ -41,14 +41,14 @@ "value": "application/vnd.api+json" } ], - "headersSize": 525, + "headersSize": 524, "httpVersion": "HTTP/1.1", "redirectURL": "", "status": 404, "statusText": "Not Found" }, - "startedDateTime": "2024-11-08T09:54:39.457Z", - "time": 72 + "startedDateTime": "2025-10-24T14:24:01.433Z", + "time": 93 } ], "pages": [], diff --git a/cassettes/v2/Security-Monitoring_1187227211/Get-a-job-s-details-returns-Bad-Request-response_334587409/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Get-a-job-s-details-returns-Bad-Request-response_334587409/frozen.json index 5ee867c763cc..76b7447ff6ce 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/Get-a-job-s-details-returns-Bad-Request-response_334587409/frozen.json +++ b/cassettes/v2/Security-Monitoring_1187227211/Get-a-job-s-details-returns-Bad-Request-response_334587409/frozen.json @@ -1 +1 @@ -"2024-11-08T09:54:39.538Z" +"2025-10-24T14:24:01.540Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/Get-a-job-s-details-returns-Bad-Request-response_334587409/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Get-a-job-s-details-returns-Bad-Request-response_334587409/recording.har index 0eb31ad963a5..b8da1baa1b95 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/Get-a-job-s-details-returns-Bad-Request-response_334587409/recording.har +++ b/cassettes/v2/Security-Monitoring_1187227211/Get-a-job-s-details-returns-Bad-Request-response_334587409/recording.har @@ -8,7 +8,7 @@ }, "entries": [ { - "_id": "b91d3d2f868f0795c35b288e8f822892", + "_id": "97fa0f78e4c02b547fb1fd5e12937587", "_order": 0, "cache": {}, "request": { @@ -21,11 +21,11 @@ "value": "application/json" } ], - "headersSize": 537, + "headersSize": 532, "httpVersion": "HTTP/1.1", "method": "GET", "queryString": [], - "url": "https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/inva-lid" + "url": "https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/inva-lid" }, "response": { "bodySize": 54, @@ -47,8 +47,8 @@ "status": 400, "statusText": "Bad Request" }, - "startedDateTime": "2024-11-08T09:54:39.543Z", - "time": 64 + "startedDateTime": "2025-10-24T14:24:01.543Z", + "time": 71 } ], "pages": [], diff --git a/cassettes/v2/Security-Monitoring_1187227211/Get-a-job-s-details-returns-Not-Found-response_2859948026/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Get-a-job-s-details-returns-Not-Found-response_2859948026/frozen.json index b4f3053e351f..92af3308d292 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/Get-a-job-s-details-returns-Not-Found-response_2859948026/frozen.json +++ b/cassettes/v2/Security-Monitoring_1187227211/Get-a-job-s-details-returns-Not-Found-response_2859948026/frozen.json @@ -1 +1 @@ -"2024-11-08T09:54:39.611Z" +"2025-10-24T14:24:01.618Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/Get-a-job-s-details-returns-Not-Found-response_2859948026/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Get-a-job-s-details-returns-Not-Found-response_2859948026/recording.har index 1d455778ba5a..ae4320831322 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/Get-a-job-s-details-returns-Not-Found-response_2859948026/recording.har +++ b/cassettes/v2/Security-Monitoring_1187227211/Get-a-job-s-details-returns-Not-Found-response_2859948026/recording.har @@ -8,7 +8,7 @@ }, "entries": [ { - "_id": "30d26c2a643971ca97218f20041d2227", + "_id": "5374e38c55425a83f75d7f135c065277", "_order": 0, "cache": {}, "request": { @@ -21,11 +21,11 @@ "value": "application/json" } ], - "headersSize": 565, + "headersSize": 561, "httpVersion": "HTTP/1.1", "method": "GET", "queryString": [], - "url": "https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93" + "url": "https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93" }, "response": { "bodySize": 116, @@ -47,8 +47,8 @@ "status": 404, "statusText": "Not Found" }, - "startedDateTime": "2024-11-08T09:54:39.616Z", - "time": 73 + "startedDateTime": "2025-10-24T14:24:01.621Z", + "time": 81 } ], "pages": [], diff --git a/cassettes/v2/Security-Monitoring_1187227211/Get-a-job-s-details-returns-OK-response_1805717789/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Get-a-job-s-details-returns-OK-response_1805717789/frozen.json index 39b3bcc8acc0..fc5fbf825da7 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/Get-a-job-s-details-returns-OK-response_1805717789/frozen.json +++ b/cassettes/v2/Security-Monitoring_1187227211/Get-a-job-s-details-returns-OK-response_1805717789/frozen.json @@ -1 +1 @@ -"2024-12-18T17:02:38.823Z" +"2025-10-24T14:24:01.707Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/Get-a-job-s-details-returns-OK-response_1805717789/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Get-a-job-s-details-returns-OK-response_1805717789/recording.har index 77fcd6d9781c..f7d7bf98413e 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/Get-a-job-s-details-returns-OK-response_1805717789/recording.har +++ b/cassettes/v2/Security-Monitoring_1187227211/Get-a-job-s-details-returns-OK-response_1805717789/recording.har @@ -8,7 +8,7 @@ }, "entries": [ { - "_id": "6bb82102e994f0d1ee96e1e3f1d80ffd", + "_id": "4c138fa0d83459728bd7894a659525ac", "_order": 0, "cache": {}, "request": { @@ -26,7 +26,7 @@ "value": "application/json" } ], - "headersSize": 582, + "headersSize": 577, "httpVersion": "HTTP/1.1", "method": "POST", "postData": { @@ -35,14 +35,14 @@ "text": "{\"data\":{\"attributes\":{\"jobDefinition\":{\"cases\":[{\"condition\":\"a > 1\",\"name\":\"Condition 1\",\"notifications\":[],\"status\":\"info\"}],\"from\":1730387522611,\"index\":\"main\",\"message\":\"A large number of failed login attempts.\",\"name\":\"Excessive number of failed attempts.\",\"options\":{\"evaluationWindow\":900,\"keepAlive\":3600,\"maxSignalDuration\":86400},\"queries\":[{\"aggregation\":\"count\",\"distinctFields\":[],\"groupByFields\":[],\"query\":\"source:non_existing_src_weekend\"}],\"tags\":[],\"to\":1730387532611,\"type\":\"log_detection\"}},\"type\":\"historicalDetectionsJobCreate\"}}" }, "queryString": [], - "url": "https://api.datadoghq.com/api/v2/siem-historical-detections/jobs" + "url": "https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs" }, "response": { "bodySize": 87, "content": { "mimeType": "application/vnd.api+json", "size": 87, - "text": "{\"data\":{\"id\":\"fa90e7ac-998d-4bf4-9d32-2e831a1e9479\",\"type\":\"historicalDetectionsJob\"}}" + "text": "{\"data\":{\"id\":\"071b3516-4072-44d9-9288-d4adaa1db921\",\"type\":\"historicalDetectionsJob\"}}" }, "cookies": [], "headers": [ @@ -57,11 +57,11 @@ "status": 201, "statusText": "Created" }, - "startedDateTime": "2024-12-18T17:02:39.209Z", - "time": 474 + "startedDateTime": "2025-10-24T14:24:01.710Z", + "time": 376 }, { - "_id": "7b01960b436d672769de5d7f5dd093c1", + "_id": "08901fdd0425df60dbdee039f0e4a4dc", "_order": 0, "cache": {}, "request": { @@ -74,18 +74,18 @@ "value": "application/json" } ], - "headersSize": 565, + "headersSize": 560, "httpVersion": "HTTP/1.1", "method": "GET", "queryString": [], - "url": "https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/fa90e7ac-998d-4bf4-9d32-2e831a1e9479" + "url": "https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs/071b3516-4072-44d9-9288-d4adaa1db921" }, "response": { - "bodySize": 914, + "bodySize": 934, "content": { "mimeType": "application/vnd.api+json", - "size": 914, - "text": "{\"data\":{\"id\":\"fa90e7ac-998d-4bf4-9d32-2e831a1e9479\",\"type\":\"historicalDetectionsJob\",\"attributes\":{\"createdAt\":\"2024-12-18 17:02:39.551791+00\",\"createdByHandle\":\"9919ec9b-ebc7-49ee-8dc8-03626e717cca\",\"createdByName\":\"CI Account\",\"jobDefinition\":{\"from\":1730387522611,\"to\":1730387532611,\"index\":\"main\",\"name\":\"Excessive number of failed attempts.\",\"cases\":[{\"name\":\"Condition 1\",\"status\":\"info\",\"notifications\":[],\"condition\":\"a \\u003e 1\"}],\"queries\":[{\"query\":\"source:non_existing_src_weekend\",\"groupByFields\":[],\"hasOptionalGroupByFields\":false,\"distinctFields\":[],\"aggregation\":\"count\",\"name\":\"\"}],\"options\":{\"evaluationWindow\":900,\"detectionMethod\":\"threshold\",\"maxSignalDuration\":86400,\"keepAlive\":3600},\"message\":\"A large number of failed login attempts.\",\"tags\":[],\"type\":\"log_detection\"},\"jobName\":\"Excessive number of failed attempts.\",\"jobStatus\":\"pending\",\"modifiedAt\":\"2024-12-18 17:02:39.551791+00\"}}}" + "size": 934, + "text": "{\"data\":{\"id\":\"071b3516-4072-44d9-9288-d4adaa1db921\",\"type\":\"historicalDetectionsJob\",\"attributes\":{\"createdAt\":\"2025-10-24 14:24:02.057923+00\",\"createdByHandle\":\"9919ec9b-ebc7-49ee-8dc8-03626e717cca\",\"createdByName\":\"CI Account\",\"jobDefinition\":{\"from\":1730387522611,\"to\":1730387532611,\"index\":\"main\",\"name\":\"Excessive number of failed attempts.\",\"cases\":[{\"name\":\"Condition 1\",\"status\":\"info\",\"notifications\":[],\"condition\":\"a \\u003e 1\"}],\"queries\":[{\"query\":\"source:non_existing_src_weekend\",\"groupByFields\":[],\"hasOptionalGroupByFields\":false,\"distinctFields\":[],\"aggregation\":\"count\",\"name\":\"\",\"dataSource\":\"logs\"}],\"options\":{\"evaluationWindow\":900,\"detectionMethod\":\"threshold\",\"maxSignalDuration\":86400,\"keepAlive\":3600},\"message\":\"A large number of failed login attempts.\",\"tags\":[],\"type\":\"log_detection\"},\"jobName\":\"Excessive number of failed attempts.\",\"jobStatus\":\"pending\",\"modifiedAt\":\"2025-10-24 14:24:02.057923+00\"}}}" }, "cookies": [], "headers": [ @@ -100,8 +100,8 @@ "status": 200, "statusText": "OK" }, - "startedDateTime": "2024-12-18T17:02:39.691Z", - "time": 171 + "startedDateTime": "2025-10-24T14:24:02.090Z", + "time": 73 } ], "pages": [], diff --git a/cassettes/v2/Security-Monitoring_1187227211/List-historical-jobs-returns-OK-response_1213227315/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/List-historical-jobs-returns-OK-response_1213227315/frozen.json index b2aadd2a6cc7..ecaf4231cafe 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/List-historical-jobs-returns-OK-response_1213227315/frozen.json +++ b/cassettes/v2/Security-Monitoring_1187227211/List-historical-jobs-returns-OK-response_1213227315/frozen.json @@ -1 +1 @@ -"2024-12-18T17:02:39.880Z" +"2025-10-24T14:24:02.188Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/List-historical-jobs-returns-OK-response_1213227315/recording.har b/cassettes/v2/Security-Monitoring_1187227211/List-historical-jobs-returns-OK-response_1213227315/recording.har index 983a9bead67e..cfed885ffca0 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/List-historical-jobs-returns-OK-response_1213227315/recording.har +++ b/cassettes/v2/Security-Monitoring_1187227211/List-historical-jobs-returns-OK-response_1213227315/recording.har @@ -8,7 +8,7 @@ }, "entries": [ { - "_id": "6bb82102e994f0d1ee96e1e3f1d80ffd", + "_id": "4c138fa0d83459728bd7894a659525ac", "_order": 0, "cache": {}, "request": { @@ -26,7 +26,7 @@ "value": "application/json" } ], - "headersSize": 582, + "headersSize": 578, "httpVersion": "HTTP/1.1", "method": "POST", "postData": { @@ -35,14 +35,14 @@ "text": "{\"data\":{\"attributes\":{\"jobDefinition\":{\"cases\":[{\"condition\":\"a > 1\",\"name\":\"Condition 1\",\"notifications\":[],\"status\":\"info\"}],\"from\":1730387522611,\"index\":\"main\",\"message\":\"A large number of failed login attempts.\",\"name\":\"Excessive number of failed attempts.\",\"options\":{\"evaluationWindow\":900,\"keepAlive\":3600,\"maxSignalDuration\":86400},\"queries\":[{\"aggregation\":\"count\",\"distinctFields\":[],\"groupByFields\":[],\"query\":\"source:non_existing_src_weekend\"}],\"tags\":[],\"to\":1730387532611,\"type\":\"log_detection\"}},\"type\":\"historicalDetectionsJobCreate\"}}" }, "queryString": [], - "url": "https://api.datadoghq.com/api/v2/siem-historical-detections/jobs" + "url": "https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs" }, "response": { "bodySize": 87, "content": { "mimeType": "application/vnd.api+json", "size": 87, - "text": "{\"data\":{\"id\":\"7b16f110-0ce9-46cd-9dad-b658ced2ac50\",\"type\":\"historicalDetectionsJob\"}}" + "text": "{\"data\":{\"id\":\"e935c6c8-ba76-4ebf-8770-bb772a5ec1ed\",\"type\":\"historicalDetectionsJob\"}}" }, "cookies": [], "headers": [ @@ -57,11 +57,11 @@ "status": 201, "statusText": "Created" }, - "startedDateTime": "2024-12-18T17:02:39.882Z", - "time": 402 + "startedDateTime": "2025-10-24T14:24:02.195Z", + "time": 87 }, { - "_id": "0728d69cabf496956f86d405f93de5cf", + "_id": "4f7ef994a9ff2d13c4074a6f863a4781", "_order": 0, "cache": {}, "request": { @@ -74,25 +74,25 @@ "value": "application/json" } ], - "headersSize": 590, + "headersSize": 586, "httpVersion": "HTTP/1.1", "method": "GET", "queryString": [ { "name": "filter", "value": { - "query": "id:7b16f110-0ce9-46cd-9dad-b658ced2ac50" + "query": "id:e935c6c8-ba76-4ebf-8770-bb772a5ec1ed" } } ], - "url": "https://api.datadoghq.com/api/v2/siem-historical-detections/jobs?filter%5Bquery%5D=id%3A7b16f110-0ce9-46cd-9dad-b658ced2ac50" + "url": "https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs?filter%5Bquery%5D=id%3Ae935c6c8-ba76-4ebf-8770-bb772a5ec1ed" }, "response": { - "bodySize": 940, + "bodySize": 960, "content": { "mimeType": "application/vnd.api+json", - "size": 940, - "text": "{\"data\":[{\"id\":\"7b16f110-0ce9-46cd-9dad-b658ced2ac50\",\"type\":\"historicalDetectionsJob\",\"attributes\":{\"createdAt\":\"2024-12-18 17:02:40.144396+00\",\"createdByHandle\":\"9919ec9b-ebc7-49ee-8dc8-03626e717cca\",\"createdByName\":\"CI Account\",\"jobDefinition\":{\"from\":1730387522611,\"to\":1730387532611,\"index\":\"main\",\"name\":\"Excessive number of failed attempts.\",\"cases\":[{\"name\":\"Condition 1\",\"status\":\"info\",\"notifications\":[],\"condition\":\"a \\u003e 1\"}],\"queries\":[{\"query\":\"source:non_existing_src_weekend\",\"groupByFields\":[],\"hasOptionalGroupByFields\":false,\"distinctFields\":[],\"aggregation\":\"count\",\"name\":\"\"}],\"options\":{\"evaluationWindow\":900,\"detectionMethod\":\"threshold\",\"maxSignalDuration\":86400,\"keepAlive\":3600},\"message\":\"A large number of failed login attempts.\",\"tags\":[],\"type\":\"log_detection\"},\"jobName\":\"Excessive number of failed attempts.\",\"jobStatus\":\"pending\",\"modifiedAt\":\"2024-12-18 17:02:40.144396+00\"}}],\"meta\":{\"totalCount\":1}}" + "size": 960, + "text": "{\"data\":[{\"id\":\"e935c6c8-ba76-4ebf-8770-bb772a5ec1ed\",\"type\":\"historicalDetectionsJob\",\"attributes\":{\"createdAt\":\"2025-10-24 14:24:02.256887+00\",\"createdByHandle\":\"9919ec9b-ebc7-49ee-8dc8-03626e717cca\",\"createdByName\":\"CI Account\",\"jobDefinition\":{\"from\":1730387522611,\"to\":1730387532611,\"index\":\"main\",\"name\":\"Excessive number of failed attempts.\",\"cases\":[{\"name\":\"Condition 1\",\"status\":\"info\",\"notifications\":[],\"condition\":\"a \\u003e 1\"}],\"queries\":[{\"query\":\"source:non_existing_src_weekend\",\"groupByFields\":[],\"hasOptionalGroupByFields\":false,\"distinctFields\":[],\"aggregation\":\"count\",\"name\":\"\",\"dataSource\":\"logs\"}],\"options\":{\"evaluationWindow\":900,\"detectionMethod\":\"threshold\",\"maxSignalDuration\":86400,\"keepAlive\":3600},\"message\":\"A large number of failed login attempts.\",\"tags\":[],\"type\":\"log_detection\"},\"jobName\":\"Excessive number of failed attempts.\",\"jobStatus\":\"pending\",\"modifiedAt\":\"2025-10-24 14:24:02.256887+00\"}}],\"meta\":{\"totalCount\":1}}" }, "cookies": [], "headers": [ @@ -107,8 +107,8 @@ "status": 200, "statusText": "OK" }, - "startedDateTime": "2024-12-18T17:02:40.290Z", - "time": 189 + "startedDateTime": "2025-10-24T14:24:02.289Z", + "time": 78 } ], "pages": [], diff --git a/cassettes/v2/Security-Monitoring_1187227211/Run-a-historical-job-returns-Bad-Request-response_3841593672/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Run-a-historical-job-returns-Bad-Request-response_3841593672/frozen.json deleted file mode 100644 index 717f83d1d840..000000000000 --- a/cassettes/v2/Security-Monitoring_1187227211/Run-a-historical-job-returns-Bad-Request-response_3841593672/frozen.json +++ /dev/null @@ -1 +0,0 @@ -"2024-11-08T09:54:40.114Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/Run-a-historical-job-returns-Not-Found-response_258356351/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Run-a-historical-job-returns-Not-Found-response_258356351/frozen.json deleted file mode 100644 index d97d22162bff..000000000000 --- a/cassettes/v2/Security-Monitoring_1187227211/Run-a-historical-job-returns-Not-Found-response_258356351/frozen.json +++ /dev/null @@ -1 +0,0 @@ -"2025-06-26T16:57:47.524Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/Run-a-historical-job-returns-Status-created-response_2964716074/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Run-a-historical-job-returns-Status-created-response_2964716074/frozen.json deleted file mode 100644 index bbb8004149c8..000000000000 --- a/cassettes/v2/Security-Monitoring_1187227211/Run-a-historical-job-returns-Status-created-response_2964716074/frozen.json +++ /dev/null @@ -1 +0,0 @@ -"2024-11-08T09:54:40.272Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/Run-a-threat-hunting-job-returns-Bad-Request-response_1567776629/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Run-a-threat-hunting-job-returns-Bad-Request-response_1567776629/frozen.json new file mode 100644 index 000000000000..7bb1005d01cf --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/Run-a-threat-hunting-job-returns-Bad-Request-response_1567776629/frozen.json @@ -0,0 +1 @@ +"2025-10-24T14:24:02.385Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/Run-a-historical-job-returns-Bad-Request-response_3841593672/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Run-a-threat-hunting-job-returns-Bad-Request-response_1567776629/recording.har similarity index 86% rename from cassettes/v2/Security-Monitoring_1187227211/Run-a-historical-job-returns-Bad-Request-response_3841593672/recording.har rename to cassettes/v2/Security-Monitoring_1187227211/Run-a-threat-hunting-job-returns-Bad-Request-response_1567776629/recording.har index 61ecf202035e..8746624d05cd 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/Run-a-historical-job-returns-Bad-Request-response_3841593672/recording.har +++ b/cassettes/v2/Security-Monitoring_1187227211/Run-a-threat-hunting-job-returns-Bad-Request-response_1567776629/recording.har @@ -1,6 +1,6 @@ { "log": { - "_recordingName": "Security Monitoring/Run a historical job returns \"Bad Request\" response", + "_recordingName": "Security Monitoring/Run a threat hunting job returns \"Bad Request\" response", "creator": { "comment": "persister:fs", "name": "Polly.JS", @@ -8,7 +8,7 @@ }, "entries": [ { - "_id": "d6c37d4c15bfd57cafedccbe43952e41", + "_id": "8385b3da78cdf5dc4258fcc039b5013a", "_order": 0, "cache": {}, "request": { @@ -26,7 +26,7 @@ "value": "application/json" } ], - "headersSize": 581, + "headersSize": 578, "httpVersion": "HTTP/1.1", "method": "POST", "postData": { @@ -35,7 +35,7 @@ "text": "{\"data\":{\"attributes\":{\"jobDefinition\":{\"cases\":[{\"condition\":\"a > 1\",\"name\":\"Condition 1\",\"notifications\":[],\"status\":\"info\"}],\"from\":1730387522611,\"index\":\"non_existing_index\",\"message\":\"A large number of failed login attempts.\",\"name\":\"Excessive number of failed attempts.\",\"options\":{\"evaluationWindow\":900,\"keepAlive\":3600,\"maxSignalDuration\":86400},\"queries\":[{\"aggregation\":\"count\",\"distinctFields\":[],\"groupByFields\":[],\"query\":\"source:non_existing_src_weekend\"}],\"tags\":[],\"to\":1730391122611,\"type\":\"log_detection\"}},\"type\":\"historicalDetectionsJobCreate\"}}" }, "queryString": [], - "url": "https://api.datadoghq.com/api/v2/siem-historical-detections/jobs" + "url": "https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs" }, "response": { "bodySize": 96, @@ -57,8 +57,8 @@ "status": 400, "statusText": "Bad Request" }, - "startedDateTime": "2024-11-08T09:54:40.117Z", - "time": 70 + "startedDateTime": "2025-10-24T14:24:02.389Z", + "time": 93 } ], "pages": [], diff --git a/cassettes/v2/Security-Monitoring_1187227211/Run-a-threat-hunting-job-returns-Not-Found-response_4013068630/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Run-a-threat-hunting-job-returns-Not-Found-response_4013068630/frozen.json new file mode 100644 index 000000000000..0436a829ceba --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/Run-a-threat-hunting-job-returns-Not-Found-response_4013068630/frozen.json @@ -0,0 +1 @@ +"2025-10-24T14:24:02.486Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/Run-a-historical-job-returns-Not-Found-response_258356351/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Run-a-threat-hunting-job-returns-Not-Found-response_4013068630/recording.har similarity index 83% rename from cassettes/v2/Security-Monitoring_1187227211/Run-a-historical-job-returns-Not-Found-response_258356351/recording.har rename to cassettes/v2/Security-Monitoring_1187227211/Run-a-threat-hunting-job-returns-Not-Found-response_4013068630/recording.har index 25316b1a3e78..7917aa1c1e31 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/Run-a-historical-job-returns-Not-Found-response_258356351/recording.har +++ b/cassettes/v2/Security-Monitoring_1187227211/Run-a-threat-hunting-job-returns-Not-Found-response_4013068630/recording.har @@ -1,6 +1,6 @@ { "log": { - "_recordingName": "Security Monitoring/Run a historical job returns \"Not Found\" response", + "_recordingName": "Security Monitoring/Run a threat hunting job returns \"Not Found\" response", "creator": { "comment": "persister:fs", "name": "Polly.JS", @@ -8,7 +8,7 @@ }, "entries": [ { - "_id": "6baefcd2575a7f9d36bff35d836edcfc", + "_id": "ad287eca8deaa404d9ebbd2408021229", "_order": 0, "cache": {}, "request": { @@ -26,7 +26,7 @@ "value": "application/json" } ], - "headersSize": 582, + "headersSize": 578, "httpVersion": "HTTP/1.1", "method": "POST", "postData": { @@ -35,7 +35,7 @@ "text": "{\"data\":{\"attributes\":{\"fromRule\":{\"from\":1730201035064,\"id\":\"non-existng\",\"index\":\"main\",\"notifications\":[],\"to\":1730204635115}},\"type\":\"historicalDetectionsJobCreate\"}}" }, "queryString": [], - "url": "https://api.datadoghq.com/api/v2/siem-historical-detections/jobs" + "url": "https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs" }, "response": { "bodySize": 49, @@ -57,8 +57,8 @@ "status": 404, "statusText": "Not Found" }, - "startedDateTime": "2025-06-26T16:57:47.528Z", - "time": 100 + "startedDateTime": "2025-10-24T14:24:02.489Z", + "time": 76 } ], "pages": [], diff --git a/cassettes/v2/Security-Monitoring_1187227211/Run-a-threat-hunting-job-returns-Status-created-response_674813617/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Run-a-threat-hunting-job-returns-Status-created-response_674813617/frozen.json new file mode 100644 index 000000000000..609cbdfc0aa7 --- /dev/null +++ b/cassettes/v2/Security-Monitoring_1187227211/Run-a-threat-hunting-job-returns-Status-created-response_674813617/frozen.json @@ -0,0 +1 @@ +"2025-10-24T14:24:02.570Z" diff --git a/cassettes/v2/Security-Monitoring_1187227211/Run-a-historical-job-returns-Status-created-response_2964716074/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Run-a-threat-hunting-job-returns-Status-created-response_674813617/recording.har similarity index 81% rename from cassettes/v2/Security-Monitoring_1187227211/Run-a-historical-job-returns-Status-created-response_2964716074/recording.har rename to cassettes/v2/Security-Monitoring_1187227211/Run-a-threat-hunting-job-returns-Status-created-response_674813617/recording.har index 18ef041376f5..4e45701183b8 100644 --- a/cassettes/v2/Security-Monitoring_1187227211/Run-a-historical-job-returns-Status-created-response_2964716074/recording.har +++ b/cassettes/v2/Security-Monitoring_1187227211/Run-a-threat-hunting-job-returns-Status-created-response_674813617/recording.har @@ -1,6 +1,6 @@ { "log": { - "_recordingName": "Security Monitoring/Run a historical job returns \"Status created\" response", + "_recordingName": "Security Monitoring/Run a threat hunting job returns \"Status created\" response", "creator": { "comment": "persister:fs", "name": "Polly.JS", @@ -8,7 +8,7 @@ }, "entries": [ { - "_id": "6bb82102e994f0d1ee96e1e3f1d80ffd", + "_id": "4c138fa0d83459728bd7894a659525ac", "_order": 0, "cache": {}, "request": { @@ -26,7 +26,7 @@ "value": "application/json" } ], - "headersSize": 582, + "headersSize": 577, "httpVersion": "HTTP/1.1", "method": "POST", "postData": { @@ -35,14 +35,14 @@ "text": "{\"data\":{\"attributes\":{\"jobDefinition\":{\"cases\":[{\"condition\":\"a > 1\",\"name\":\"Condition 1\",\"notifications\":[],\"status\":\"info\"}],\"from\":1730387522611,\"index\":\"main\",\"message\":\"A large number of failed login attempts.\",\"name\":\"Excessive number of failed attempts.\",\"options\":{\"evaluationWindow\":900,\"keepAlive\":3600,\"maxSignalDuration\":86400},\"queries\":[{\"aggregation\":\"count\",\"distinctFields\":[],\"groupByFields\":[],\"query\":\"source:non_existing_src_weekend\"}],\"tags\":[],\"to\":1730387532611,\"type\":\"log_detection\"}},\"type\":\"historicalDetectionsJobCreate\"}}" }, "queryString": [], - "url": "https://api.datadoghq.com/api/v2/siem-historical-detections/jobs" + "url": "https://api.datadoghq.com/api/v2/siem-threat-hunting/jobs" }, "response": { "bodySize": 87, "content": { "mimeType": "application/vnd.api+json", "size": 87, - "text": "{\"data\":{\"id\":\"6f4c9c40-782b-4d14-900f-65ccc02389db\",\"type\":\"historicalDetectionsJob\"}}" + "text": "{\"data\":{\"id\":\"6ff7a8ce-a0d1-4ea3-8cc9-e9c52cda0d24\",\"type\":\"historicalDetectionsJob\"}}" }, "cookies": [], "headers": [ @@ -57,8 +57,8 @@ "status": 201, "statusText": "Created" }, - "startedDateTime": "2024-11-08T09:54:40.274Z", - "time": 86 + "startedDateTime": "2025-10-24T14:24:02.572Z", + "time": 104 } ], "pages": [], diff --git a/features/v2/given.json b/features/v2/given.json index a4ab9c24bd17..7c9df160aade 100644 --- a/features/v2/given.json +++ b/features/v2/given.json @@ -1086,10 +1086,10 @@ "value": "{\n \"data\": {\n \"type\": \"historicalDetectionsJobCreate\",\n \"attributes\": {\n \"jobDefinition\": {\n \"type\": \"log_detection\",\n \"name\": \"Excessive number of failed attempts.\",\n \"queries\": [\n {\n \"query\": \"source:non_existing_src_weekend\",\n \"aggregation\": \"count\",\n \"groupByFields\": [],\n \"distinctFields\": []\n }\n ],\n \"cases\": [\n {\n \"name\": \"Condition 1\",\n \"status\": \"info\",\n \"notifications\": [],\n \"condition\": \"a > 1\"\n }\n ],\n \"options\": {\n \"keepAlive\": 3600,\n \"maxSignalDuration\": 86400,\n \"evaluationWindow\": 900\n },\n \"message\": \"A large number of failed login attempts.\",\n \"tags\": [],\n \"from\": 1730387522611,\n \"to\": 1730387532611,\n \"index\": \"main\"\n }\n }\n }\n}" } ], - "step": "there is a valid \"historical_job\" in the system", - "key": "historical_job", + "step": "there is a valid \"threat_hunting_job\" in the system", + "key": "threat_hunting_job", "tag": "Security Monitoring", - "operationId": "RunHistoricalJob" + "operationId": "RunThreatHuntingJob" }, { "parameters": [ diff --git a/features/v2/security_monitoring.feature b/features/v2/security_monitoring.feature index 8e5e22baade8..703fc3e460f9 100644 --- a/features/v2/security_monitoring.feature +++ b/features/v2/security_monitoring.feature @@ -11,38 +11,62 @@ Feature: Security Monitoring @team:DataDog/k9-cloud-security-platform Scenario: Cancel a historical job returns "Bad Request" response - Given operation "CancelHistoricalJob" enabled - And new "CancelHistoricalJob" request + Given operation "CancelThreatHuntingJob" enabled + And new "CancelThreatHuntingJob" request And request contains "job_id" parameter with value "inva-lid" When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-security-platform - Scenario: Cancel a historical job returns "Conflict" response - Given operation "CancelHistoricalJob" enabled - And new "CancelHistoricalJob" request - And request contains "job_id" parameter from "REPLACE.ME" - When the request is sent - Then the response status is 409 Conflict - @team:DataDog/k9-cloud-security-platform Scenario: Cancel a historical job returns "Not Found" response - Given operation "CancelHistoricalJob" enabled - And new "CancelHistoricalJob" request + Given operation "CancelThreatHuntingJob" enabled + And new "CancelThreatHuntingJob" request And request contains "job_id" parameter with value "8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93" When the request is sent Then the response status is 404 Not Found @team:DataDog/k9-cloud-security-platform Scenario: Cancel a historical job returns "OK" response - Given operation "CancelHistoricalJob" enabled - And operation "RunHistoricalJob" enabled - And new "CancelHistoricalJob" request - And there is a valid "historical_job" in the system - And request contains "job_id" parameter from "historical_job.data.id" + Given operation "CancelThreatHuntingJob" enabled + And operation "RunThreatHuntingJob" enabled + And new "CancelThreatHuntingJob" request + And there is a valid "threat_hunting_job" in the system + And request contains "job_id" parameter from "threat_hunting_job.data.id" When the request is sent Then the response status is 204 No Content + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Cancel a threat hunting job returns "Bad Request" response + Given operation "CancelThreatHuntingJob" enabled + And new "CancelThreatHuntingJob" request + And request contains "job_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Cancel a threat hunting job returns "Conflict" response + Given operation "CancelThreatHuntingJob" enabled + And new "CancelThreatHuntingJob" request + And request contains "job_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 409 Conflict + + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Cancel a threat hunting job returns "Not Found" response + Given operation "CancelThreatHuntingJob" enabled + And new "CancelThreatHuntingJob" request + And request contains "job_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 404 Not Found + + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: Cancel a threat hunting job returns "OK" response + Given operation "CancelThreatHuntingJob" enabled + And new "CancelThreatHuntingJob" request + And request contains "job_id" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 204 OK + @generated @skip @team:DataDog/k9-cloud-security-platform Scenario: Change the related incidents of a security signal returns "Bad Request" response Given new "EditSecurityMonitoringSignalIncidents" request @@ -477,32 +501,32 @@ Feature: Security Monitoring @team:DataDog/k9-cloud-security-platform Scenario: Delete an existing job returns "Bad Request" response - Given operation "DeleteHistoricalJob" enabled - And new "DeleteHistoricalJob" request + Given operation "DeleteThreatHuntingJob" enabled + And new "DeleteThreatHuntingJob" request And request contains "job_id" parameter with value "inva-lid" When the request is sent Then the response status is 400 Bad Request @generated @skip @team:DataDog/k9-cloud-security-platform Scenario: Delete an existing job returns "Conflict" response - Given operation "DeleteHistoricalJob" enabled - And new "DeleteHistoricalJob" request + Given operation "DeleteThreatHuntingJob" enabled + And new "DeleteThreatHuntingJob" request And request contains "job_id" parameter from "REPLACE.ME" When the request is sent Then the response status is 409 Conflict @team:DataDog/k9-cloud-security-platform Scenario: Delete an existing job returns "Not Found" response - Given operation "DeleteHistoricalJob" enabled - And new "DeleteHistoricalJob" request + Given operation "DeleteThreatHuntingJob" enabled + And new "DeleteThreatHuntingJob" request And request contains "job_id" parameter with value "8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93" When the request is sent Then the response status is 404 Not Found @generated @skip @team:DataDog/k9-cloud-security-platform Scenario: Delete an existing job returns "OK" response - Given operation "DeleteHistoricalJob" enabled - And new "DeleteHistoricalJob" request + Given operation "DeleteThreatHuntingJob" enabled + And new "DeleteThreatHuntingJob" request And request contains "job_id" parameter from "REPLACE.ME" When the request is sent Then the response status is 204 OK @@ -627,27 +651,27 @@ Feature: Security Monitoring @team:DataDog/k9-cloud-security-platform Scenario: Get a job's details returns "Bad Request" response - Given operation "GetHistoricalJob" enabled - And new "GetHistoricalJob" request + Given operation "GetThreatHuntingJob" enabled + And new "GetThreatHuntingJob" request And request contains "job_id" parameter with value "inva-lid" When the request is sent Then the response status is 400 Bad Request @team:DataDog/k9-cloud-security-platform Scenario: Get a job's details returns "Not Found" response - Given operation "GetHistoricalJob" enabled - And new "GetHistoricalJob" request + Given operation "GetThreatHuntingJob" enabled + And new "GetThreatHuntingJob" request And request contains "job_id" parameter with value "8e2a37fb-b0c8-4761-a7f0-0a8d6a98ba93" When the request is sent Then the response status is 404 Not Found @team:DataDog/k9-cloud-security-platform Scenario: Get a job's details returns "OK" response - Given operation "GetHistoricalJob" enabled - And operation "RunHistoricalJob" enabled - And new "GetHistoricalJob" request - And there is a valid "historical_job" in the system - And request contains "job_id" parameter from "historical_job.data.id" + Given operation "GetThreatHuntingJob" enabled + And operation "RunThreatHuntingJob" enabled + And new "GetThreatHuntingJob" request + And there is a valid "threat_hunting_job" in the system + And request contains "job_id" parameter from "threat_hunting_job.data.id" When the request is sent Then the response status is 200 OK @@ -1021,20 +1045,13 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-security-platform - Scenario: List historical jobs returns "Bad Request" response - Given operation "ListHistoricalJobs" enabled - And new "ListHistoricalJobs" request - When the request is sent - Then the response status is 400 Bad Request - @team:DataDog/k9-cloud-security-platform Scenario: List historical jobs returns "OK" response - Given operation "ListHistoricalJobs" enabled - And operation "RunHistoricalJob" enabled - And new "ListHistoricalJobs" request - And there is a valid "historical_job" in the system - And request contains "filter[query]" parameter with value "id:{{historical_job.data.id}}" + Given operation "ListThreatHuntingJobs" enabled + And operation "RunThreatHuntingJob" enabled + And new "ListThreatHuntingJobs" request + And there is a valid "threat_hunting_job" in the system + And request contains "filter[query]" parameter with value "id:{{threat_hunting_job.data.id}}" When the request is sent Then the response status is 200 OK @@ -1088,6 +1105,20 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: List threat hunting jobs returns "Bad Request" response + Given operation "ListThreatHuntingJobs" enabled + And new "ListThreatHuntingJobs" request + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/k9-cloud-security-platform + Scenario: List threat hunting jobs returns "OK" response + Given operation "ListThreatHuntingJobs" enabled + And new "ListThreatHuntingJobs" request + When the request is sent + Then the response status is 200 OK + @generated @skip @team:DataDog/asm-vm Scenario: List vulnerabilities returns "Bad request: The server cannot process the request due to invalid syntax in the request." response Given operation "ListVulnerabilities" enabled @@ -1265,25 +1296,25 @@ Feature: Security Monitoring Then the response status is 422 The server cannot process the request because it contains invalid data. @team:DataDog/k9-cloud-security-platform - Scenario: Run a historical job returns "Bad Request" response - Given operation "RunHistoricalJob" enabled - And new "RunHistoricalJob" request + Scenario: Run a threat hunting job returns "Bad Request" response + Given operation "RunThreatHuntingJob" enabled + And new "RunThreatHuntingJob" request And body with value {"data":{"type":"historicalDetectionsJobCreate","attributes":{"jobDefinition":{"type":"log_detection","name":"Excessive number of failed attempts.","queries":[{"query":"source:non_existing_src_weekend","aggregation":"count","groupByFields":[],"distinctFields":[]}],"cases":[{"name":"Condition 1","status":"info","notifications":[],"condition":"a > 1"}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"evaluationWindow":900},"message":"A large number of failed login attempts.","tags":[],"from":1730387522611,"to":1730391122611,"index":"non_existing_index"}}}} When the request is sent Then the response status is 400 Bad Request @team:DataDog/k9-cloud-security-platform - Scenario: Run a historical job returns "Not Found" response - Given operation "RunHistoricalJob" enabled - And new "RunHistoricalJob" request + Scenario: Run a threat hunting job returns "Not Found" response + Given operation "RunThreatHuntingJob" enabled + And new "RunThreatHuntingJob" request And body with value {"data": { "type": "historicalDetectionsJobCreate", "attributes": {"fromRule": {"from": 1730201035064, "id": "non-existng", "index": "main", "notifications": [], "to": 1730204635115}}}} When the request is sent Then the response status is 404 Not Found @team:DataDog/k9-cloud-security-platform - Scenario: Run a historical job returns "Status created" response - Given operation "RunHistoricalJob" enabled - And new "RunHistoricalJob" request + Scenario: Run a threat hunting job returns "Status created" response + Given operation "RunThreatHuntingJob" enabled + And new "RunThreatHuntingJob" request And body with value {"data":{"type":"historicalDetectionsJobCreate","attributes":{"jobDefinition":{"type":"log_detection","name":"Excessive number of failed attempts.","queries":[{"query":"source:non_existing_src_weekend","aggregation":"count","groupByFields":[],"distinctFields":[]}],"cases":[{"name":"Condition 1","status":"info","notifications":[],"condition":"a > 1"}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"evaluationWindow":900},"message":"A large number of failed login attempts.","tags":[],"from":1730387522611,"to":1730387532611,"index":"main"}}}} When the request is sent Then the response status is 201 Status created diff --git a/features/v2/undo.json b/features/v2/undo.json index 5f2144f5fb2d..eb1380ab6b86 100644 --- a/features/v2/undo.json +++ b/features/v2/undo.json @@ -3909,13 +3909,13 @@ "type": "safe" } }, - "ListHistoricalJobs": { + "ListThreatHuntingJobs": { "tag": "Security Monitoring", "undo": { "type": "safe" } }, - "RunHistoricalJob": { + "RunThreatHuntingJob": { "tag": "Security Monitoring", "undo": { "type": "idempotent" @@ -3927,19 +3927,19 @@ "type": "idempotent" } }, - "DeleteHistoricalJob": { + "DeleteThreatHuntingJob": { "tag": "Security Monitoring", "undo": { "type": "idempotent" } }, - "GetHistoricalJob": { + "GetThreatHuntingJob": { "tag": "Security Monitoring", "undo": { "type": "safe" } }, - "CancelHistoricalJob": { + "CancelThreatHuntingJob": { "tag": "Security Monitoring", "undo": { "type": "idempotent" diff --git a/private/bdd_runner/src/support/scenarios_model_mapping.ts b/private/bdd_runner/src/support/scenarios_model_mapping.ts index b99835a102dc..91f06a8e3703 100644 --- a/private/bdd_runner/src/support/scenarios_model_mapping.ts +++ b/private/bdd_runner/src/support/scenarios_model_mapping.ts @@ -4507,7 +4507,7 @@ export const ScenariosModelMappings: { [key: string]: OperationMapping } = { }, operationResponseType: "SecurityMonitoringSignalResponse", }, - "SecurityMonitoringApi.V2.ListHistoricalJobs": { + "SecurityMonitoringApi.V2.ListThreatHuntingJobs": { pageSize: { type: "number", format: "int64", @@ -4524,11 +4524,11 @@ export const ScenariosModelMappings: { [key: string]: OperationMapping } = { type: "string", format: "", }, - operationResponseType: "ListHistoricalJobsResponse", + operationResponseType: "ListThreatHuntingJobsResponse", }, - "SecurityMonitoringApi.V2.RunHistoricalJob": { + "SecurityMonitoringApi.V2.RunThreatHuntingJob": { body: { - type: "RunHistoricalJobRequest", + type: "RunThreatHuntingJobRequest", format: "", }, operationResponseType: "JobCreateResponse", @@ -4540,21 +4540,21 @@ export const ScenariosModelMappings: { [key: string]: OperationMapping } = { }, operationResponseType: "{}", }, - "SecurityMonitoringApi.V2.GetHistoricalJob": { + "SecurityMonitoringApi.V2.GetThreatHuntingJob": { jobId: { type: "string", format: "", }, - operationResponseType: "HistoricalJobResponse", + operationResponseType: "ThreatHuntingJobResponse", }, - "SecurityMonitoringApi.V2.DeleteHistoricalJob": { + "SecurityMonitoringApi.V2.DeleteThreatHuntingJob": { jobId: { type: "string", format: "", }, operationResponseType: "{}", }, - "SecurityMonitoringApi.V2.CancelHistoricalJob": { + "SecurityMonitoringApi.V2.CancelThreatHuntingJob": { jobId: { type: "string", format: "", diff --git a/services/security_monitoring/src/v2/SecurityMonitoringApi.ts b/services/security_monitoring/src/v2/SecurityMonitoringApi.ts index 8d1463c494ca..29c2b7e8d0eb 100644 --- a/services/security_monitoring/src/v2/SecurityMonitoringApi.ts +++ b/services/security_monitoring/src/v2/SecurityMonitoringApi.ts @@ -41,18 +41,17 @@ import { GetFindingResponse } from "./models/GetFindingResponse"; import { GetResourceEvaluationFiltersResponse } from "./models/GetResourceEvaluationFiltersResponse"; import { GetRuleVersionHistoryResponse } from "./models/GetRuleVersionHistoryResponse"; import { GetSBOMResponse } from "./models/GetSBOMResponse"; -import { HistoricalJobResponse } from "./models/HistoricalJobResponse"; import { JobCreateResponse } from "./models/JobCreateResponse"; import { JSONAPIErrorResponse } from "./models/JSONAPIErrorResponse"; import { ListAssetsSBOMsResponse } from "./models/ListAssetsSBOMsResponse"; import { ListFindingsResponse } from "./models/ListFindingsResponse"; -import { ListHistoricalJobsResponse } from "./models/ListHistoricalJobsResponse"; +import { ListThreatHuntingJobsResponse } from "./models/ListThreatHuntingJobsResponse"; import { ListVulnerabilitiesResponse } from "./models/ListVulnerabilitiesResponse"; import { ListVulnerableAssetsResponse } from "./models/ListVulnerableAssetsResponse"; import { NotificationRuleResponse } from "./models/NotificationRuleResponse"; import { NotificationRulesList } from "./models/NotificationRulesList"; import { PatchNotificationRuleParameters } from "./models/PatchNotificationRuleParameters"; -import { RunHistoricalJobRequest } from "./models/RunHistoricalJobRequest"; +import { RunThreatHuntingJobRequest } from "./models/RunThreatHuntingJobRequest"; import { SBOMComponentLicenseType } from "./models/SBOMComponentLicenseType"; import { SBOMFormat } from "./models/SBOMFormat"; import { ScannedAssetsMetadata } from "./models/ScannedAssetsMetadata"; @@ -83,6 +82,7 @@ import { SecurityMonitoringSuppressionCreateRequest } from "./models/SecurityMon import { SecurityMonitoringSuppressionResponse } from "./models/SecurityMonitoringSuppressionResponse"; import { SecurityMonitoringSuppressionsResponse } from "./models/SecurityMonitoringSuppressionsResponse"; import { SecurityMonitoringSuppressionUpdateRequest } from "./models/SecurityMonitoringSuppressionUpdateRequest"; +import { ThreatHuntingJobResponse } from "./models/ThreatHuntingJobResponse"; import { UpdateCustomFrameworkRequest } from "./models/UpdateCustomFrameworkRequest"; import { UpdateCustomFrameworkResponse } from "./models/UpdateCustomFrameworkResponse"; import { UpdateResourceEvaluationFiltersRequest } from "./models/UpdateResourceEvaluationFiltersRequest"; @@ -103,7 +103,7 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { this.userAgent = buildUserAgent("security-monitoring", version); } } - public async cancelHistoricalJob( + public async cancelThreatHuntingJob( jobId: string, _options?: Configuration, ): Promise { @@ -111,29 +111,29 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { if ( !_config.unstableOperations[ - "SecurityMonitoringApi.v2.cancelHistoricalJob" + "SecurityMonitoringApi.v2.cancelThreatHuntingJob" ] ) { throw new Error( - "Unstable operation 'cancelHistoricalJob' is disabled. Enable it by setting `configuration.unstableOperations['SecurityMonitoringApi.v2.cancelHistoricalJob'] = true`", + "Unstable operation 'cancelThreatHuntingJob' is disabled. Enable it by setting `configuration.unstableOperations['SecurityMonitoringApi.v2.cancelThreatHuntingJob'] = true`", ); } // verify required parameter 'jobId' is not null or undefined if (jobId === null || jobId === undefined) { - throw new RequiredError("jobId", "cancelHistoricalJob"); + throw new RequiredError("jobId", "cancelThreatHuntingJob"); } // Path Params const localVarPath = - "/api/v2/siem-historical-detections/jobs/{job_id}/cancel".replace( + "/api/v2/siem-threat-hunting/jobs/{job_id}/cancel".replace( "{job_id}", encodeURIComponent(String(jobId)), ); // Make Request Context const { server, overrides } = _config.getServerAndOverrides( - "SecurityMonitoringApi.v2.cancelHistoricalJob", + "SecurityMonitoringApi.v2.cancelThreatHuntingJob", SecurityMonitoringApi.operationServers, ); const requestContext = server.makeRequestContext( @@ -230,8 +230,7 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { } // Path Params - const localVarPath = - "/api/v2/siem-historical-detections/jobs/signal_convert"; + const localVarPath = "/api/v2/siem-threat-hunting/jobs/signal_convert"; // Make Request Context const { server, overrides } = _config.getServerAndOverrides( @@ -685,62 +684,6 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { return requestContext; } - public async deleteHistoricalJob( - jobId: string, - _options?: Configuration, - ): Promise { - const _config = _options || this.configuration; - - if ( - !_config.unstableOperations[ - "SecurityMonitoringApi.v2.deleteHistoricalJob" - ] - ) { - throw new Error( - "Unstable operation 'deleteHistoricalJob' is disabled. Enable it by setting `configuration.unstableOperations['SecurityMonitoringApi.v2.deleteHistoricalJob'] = true`", - ); - } - - // verify required parameter 'jobId' is not null or undefined - if (jobId === null || jobId === undefined) { - throw new RequiredError("jobId", "deleteHistoricalJob"); - } - - // Path Params - const localVarPath = - "/api/v2/siem-historical-detections/jobs/{job_id}".replace( - "{job_id}", - encodeURIComponent(String(jobId)), - ); - - // Make Request Context - const { server, overrides } = _config.getServerAndOverrides( - "SecurityMonitoringApi.v2.deleteHistoricalJob", - SecurityMonitoringApi.operationServers, - ); - const requestContext = server.makeRequestContext( - localVarPath, - HttpMethod.DELETE, - overrides, - ); - requestContext.setHeaderParam("Accept", "*/*"); - requestContext.setHttpConfig(_config.httpConfig); - - // Set User-Agent - if (this.userAgent) { - requestContext.setHeaderParam("User-Agent", this.userAgent); - } - - // Apply auth methods - applySecurityAuthentication(_config, requestContext, [ - "apiKeyAuth", - "appKeyAuth", - "AuthZ", - ]); - - return requestContext; - } - public async deleteSecurityFilter( securityFilterId: string, _options?: Configuration, @@ -926,6 +869,61 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { return requestContext; } + public async deleteThreatHuntingJob( + jobId: string, + _options?: Configuration, + ): Promise { + const _config = _options || this.configuration; + + if ( + !_config.unstableOperations[ + "SecurityMonitoringApi.v2.deleteThreatHuntingJob" + ] + ) { + throw new Error( + "Unstable operation 'deleteThreatHuntingJob' is disabled. Enable it by setting `configuration.unstableOperations['SecurityMonitoringApi.v2.deleteThreatHuntingJob'] = true`", + ); + } + + // verify required parameter 'jobId' is not null or undefined + if (jobId === null || jobId === undefined) { + throw new RequiredError("jobId", "deleteThreatHuntingJob"); + } + + // Path Params + const localVarPath = "/api/v2/siem-threat-hunting/jobs/{job_id}".replace( + "{job_id}", + encodeURIComponent(String(jobId)), + ); + + // Make Request Context + const { server, overrides } = _config.getServerAndOverrides( + "SecurityMonitoringApi.v2.deleteThreatHuntingJob", + SecurityMonitoringApi.operationServers, + ); + const requestContext = server.makeRequestContext( + localVarPath, + HttpMethod.DELETE, + overrides, + ); + requestContext.setHeaderParam("Accept", "*/*"); + requestContext.setHttpConfig(_config.httpConfig); + + // Set User-Agent + if (this.userAgent) { + requestContext.setHeaderParam("User-Agent", this.userAgent); + } + + // Apply auth methods + applySecurityAuthentication(_config, requestContext, [ + "apiKeyAuth", + "appKeyAuth", + "AuthZ", + ]); + + return requestContext; + } + public async deleteVulnerabilityNotificationRule( id: string, _options?: Configuration, @@ -1285,60 +1283,6 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { return requestContext; } - public async getHistoricalJob( - jobId: string, - _options?: Configuration, - ): Promise { - const _config = _options || this.configuration; - - if ( - !_config.unstableOperations["SecurityMonitoringApi.v2.getHistoricalJob"] - ) { - throw new Error( - "Unstable operation 'getHistoricalJob' is disabled. Enable it by setting `configuration.unstableOperations['SecurityMonitoringApi.v2.getHistoricalJob'] = true`", - ); - } - - // verify required parameter 'jobId' is not null or undefined - if (jobId === null || jobId === undefined) { - throw new RequiredError("jobId", "getHistoricalJob"); - } - - // Path Params - const localVarPath = - "/api/v2/siem-historical-detections/jobs/{job_id}".replace( - "{job_id}", - encodeURIComponent(String(jobId)), - ); - - // Make Request Context - const { server, overrides } = _config.getServerAndOverrides( - "SecurityMonitoringApi.v2.getHistoricalJob", - SecurityMonitoringApi.operationServers, - ); - const requestContext = server.makeRequestContext( - localVarPath, - HttpMethod.GET, - overrides, - ); - requestContext.setHeaderParam("Accept", "application/json"); - requestContext.setHttpConfig(_config.httpConfig); - - // Set User-Agent - if (this.userAgent) { - requestContext.setHeaderParam("User-Agent", this.userAgent); - } - - // Apply auth methods - applySecurityAuthentication(_config, requestContext, [ - "apiKeyAuth", - "appKeyAuth", - "AuthZ", - ]); - - return requestContext; - } - public async getResourceEvaluationFilters( cloudProvider?: string, accountId?: string, @@ -1627,7 +1571,7 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { // Path Params const localVarPath = - "/api/v2/siem-historical-detections/histsignals/{histsignal_id}".replace( + "/api/v2/siem-threat-hunting/histsignals/{histsignal_id}".replace( "{histsignal_id}", encodeURIComponent(String(histsignalId)), ); @@ -1692,7 +1636,7 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { // Path Params const localVarPath = - "/api/v2/siem-historical-detections/jobs/{job_id}/histsignals".replace( + "/api/v2/siem-threat-hunting/jobs/{job_id}/histsignals".replace( "{job_id}", encodeURIComponent(String(jobId)), ); @@ -2087,6 +2031,61 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { return requestContext; } + public async getThreatHuntingJob( + jobId: string, + _options?: Configuration, + ): Promise { + const _config = _options || this.configuration; + + if ( + !_config.unstableOperations[ + "SecurityMonitoringApi.v2.getThreatHuntingJob" + ] + ) { + throw new Error( + "Unstable operation 'getThreatHuntingJob' is disabled. Enable it by setting `configuration.unstableOperations['SecurityMonitoringApi.v2.getThreatHuntingJob'] = true`", + ); + } + + // verify required parameter 'jobId' is not null or undefined + if (jobId === null || jobId === undefined) { + throw new RequiredError("jobId", "getThreatHuntingJob"); + } + + // Path Params + const localVarPath = "/api/v2/siem-threat-hunting/jobs/{job_id}".replace( + "{job_id}", + encodeURIComponent(String(jobId)), + ); + + // Make Request Context + const { server, overrides } = _config.getServerAndOverrides( + "SecurityMonitoringApi.v2.getThreatHuntingJob", + SecurityMonitoringApi.operationServers, + ); + const requestContext = server.makeRequestContext( + localVarPath, + HttpMethod.GET, + overrides, + ); + requestContext.setHeaderParam("Accept", "application/json"); + requestContext.setHttpConfig(_config.httpConfig); + + // Set User-Agent + if (this.userAgent) { + requestContext.setHeaderParam("User-Agent", this.userAgent); + } + + // Apply auth methods + applySecurityAuthentication(_config, requestContext, [ + "apiKeyAuth", + "appKeyAuth", + "AuthZ", + ]); + + return requestContext; + } + public async getVulnerabilityNotificationRule( id: string, _options?: Configuration, @@ -2450,84 +2449,6 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { return requestContext; } - public async listHistoricalJobs( - pageSize?: number, - pageNumber?: number, - sort?: string, - filterQuery?: string, - _options?: Configuration, - ): Promise { - const _config = _options || this.configuration; - - if ( - !_config.unstableOperations["SecurityMonitoringApi.v2.listHistoricalJobs"] - ) { - throw new Error( - "Unstable operation 'listHistoricalJobs' is disabled. Enable it by setting `configuration.unstableOperations['SecurityMonitoringApi.v2.listHistoricalJobs'] = true`", - ); - } - - // Path Params - const localVarPath = "/api/v2/siem-historical-detections/jobs"; - - // Make Request Context - const { server, overrides } = _config.getServerAndOverrides( - "SecurityMonitoringApi.v2.listHistoricalJobs", - SecurityMonitoringApi.operationServers, - ); - const requestContext = server.makeRequestContext( - localVarPath, - HttpMethod.GET, - overrides, - ); - requestContext.setHeaderParam("Accept", "application/json"); - requestContext.setHttpConfig(_config.httpConfig); - - // Set User-Agent - if (this.userAgent) { - requestContext.setHeaderParam("User-Agent", this.userAgent); - } - - // Query Params - if (pageSize !== undefined) { - requestContext.setQueryParam( - "page[size]", - serialize(pageSize, TypingInfo, "number", "int64"), - "", - ); - } - if (pageNumber !== undefined) { - requestContext.setQueryParam( - "page[number]", - serialize(pageNumber, TypingInfo, "number", "int64"), - "", - ); - } - if (sort !== undefined) { - requestContext.setQueryParam( - "sort", - serialize(sort, TypingInfo, "string", ""), - "", - ); - } - if (filterQuery !== undefined) { - requestContext.setQueryParam( - "filter[query]", - serialize(filterQuery, TypingInfo, "string", ""), - "", - ); - } - - // Apply auth methods - applySecurityAuthentication(_config, requestContext, [ - "apiKeyAuth", - "appKeyAuth", - "AuthZ", - ]); - - return requestContext; - } - public async listScannedAssetsMetadata( pageToken?: string, pageNumber?: number, @@ -2682,7 +2603,7 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { } // Path Params - const localVarPath = "/api/v2/siem-historical-detections/histsignals"; + const localVarPath = "/api/v2/siem-threat-hunting/histsignals"; // Make Request Context const { server, overrides } = _config.getServerAndOverrides( @@ -2878,10 +2799,57 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { "", ); } - if (pageLimit !== undefined) { + if (pageLimit !== undefined) { + requestContext.setQueryParam( + "page[limit]", + serialize(pageLimit, TypingInfo, "number", "int32"), + "", + ); + } + + // Apply auth methods + applySecurityAuthentication(_config, requestContext, [ + "apiKeyAuth", + "appKeyAuth", + "AuthZ", + ]); + + return requestContext; + } + + public async listSecurityMonitoringSuppressions( + query?: string, + _options?: Configuration, + ): Promise { + const _config = _options || this.configuration; + + // Path Params + const localVarPath = + "/api/v2/security_monitoring/configuration/suppressions"; + + // Make Request Context + const { server, overrides } = _config.getServerAndOverrides( + "SecurityMonitoringApi.v2.listSecurityMonitoringSuppressions", + SecurityMonitoringApi.operationServers, + ); + const requestContext = server.makeRequestContext( + localVarPath, + HttpMethod.GET, + overrides, + ); + requestContext.setHeaderParam("Accept", "application/json"); + requestContext.setHttpConfig(_config.httpConfig); + + // Set User-Agent + if (this.userAgent) { + requestContext.setHeaderParam("User-Agent", this.userAgent); + } + + // Query Params + if (query !== undefined) { requestContext.setQueryParam( - "page[limit]", - serialize(pageLimit, TypingInfo, "number", "int32"), + "query", + serialize(query, TypingInfo, "string", ""), "", ); } @@ -2896,19 +2864,31 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { return requestContext; } - public async listSecurityMonitoringSuppressions( - query?: string, + public async listThreatHuntingJobs( + pageSize?: number, + pageNumber?: number, + sort?: string, + filterQuery?: string, _options?: Configuration, ): Promise { const _config = _options || this.configuration; + if ( + !_config.unstableOperations[ + "SecurityMonitoringApi.v2.listThreatHuntingJobs" + ] + ) { + throw new Error( + "Unstable operation 'listThreatHuntingJobs' is disabled. Enable it by setting `configuration.unstableOperations['SecurityMonitoringApi.v2.listThreatHuntingJobs'] = true`", + ); + } + // Path Params - const localVarPath = - "/api/v2/security_monitoring/configuration/suppressions"; + const localVarPath = "/api/v2/siem-threat-hunting/jobs"; // Make Request Context const { server, overrides } = _config.getServerAndOverrides( - "SecurityMonitoringApi.v2.listSecurityMonitoringSuppressions", + "SecurityMonitoringApi.v2.listThreatHuntingJobs", SecurityMonitoringApi.operationServers, ); const requestContext = server.makeRequestContext( @@ -2925,10 +2905,31 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { } // Query Params - if (query !== undefined) { + if (pageSize !== undefined) { requestContext.setQueryParam( - "query", - serialize(query, TypingInfo, "string", ""), + "page[size]", + serialize(pageSize, TypingInfo, "number", "int64"), + "", + ); + } + if (pageNumber !== undefined) { + requestContext.setQueryParam( + "page[number]", + serialize(pageNumber, TypingInfo, "number", "int64"), + "", + ); + } + if (sort !== undefined) { + requestContext.setQueryParam( + "sort", + serialize(sort, TypingInfo, "string", ""), + "", + ); + } + if (filterQuery !== undefined) { + requestContext.setQueryParam( + "filter[query]", + serialize(filterQuery, TypingInfo, "string", ""), "", ); } @@ -3725,31 +3726,33 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { return requestContext; } - public async runHistoricalJob( - body: RunHistoricalJobRequest, + public async runThreatHuntingJob( + body: RunThreatHuntingJobRequest, _options?: Configuration, ): Promise { const _config = _options || this.configuration; if ( - !_config.unstableOperations["SecurityMonitoringApi.v2.runHistoricalJob"] + !_config.unstableOperations[ + "SecurityMonitoringApi.v2.runThreatHuntingJob" + ] ) { throw new Error( - "Unstable operation 'runHistoricalJob' is disabled. Enable it by setting `configuration.unstableOperations['SecurityMonitoringApi.v2.runHistoricalJob'] = true`", + "Unstable operation 'runThreatHuntingJob' is disabled. Enable it by setting `configuration.unstableOperations['SecurityMonitoringApi.v2.runThreatHuntingJob'] = true`", ); } // verify required parameter 'body' is not null or undefined if (body === null || body === undefined) { - throw new RequiredError("body", "runHistoricalJob"); + throw new RequiredError("body", "runThreatHuntingJob"); } // Path Params - const localVarPath = "/api/v2/siem-historical-detections/jobs"; + const localVarPath = "/api/v2/siem-threat-hunting/jobs"; // Make Request Context const { server, overrides } = _config.getServerAndOverrides( - "SecurityMonitoringApi.v2.runHistoricalJob", + "SecurityMonitoringApi.v2.runThreatHuntingJob", SecurityMonitoringApi.operationServers, ); const requestContext = server.makeRequestContext( @@ -3769,7 +3772,7 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { const contentType = getPreferredMediaType(["application/json"]); requestContext.setHeaderParam("Content-Type", contentType); const serializedBody = stringify( - serialize(body, TypingInfo, "RunHistoricalJobRequest", ""), + serialize(body, TypingInfo, "RunThreatHuntingJobRequest", ""), contentType, ); requestContext.setBody(serializedBody); @@ -3801,8 +3804,7 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { } // Path Params - const localVarPath = - "/api/v2/siem-historical-detections/histsignals/search"; + const localVarPath = "/api/v2/siem-threat-hunting/histsignals/search"; // Make Request Context const { server, overrides } = _config.getServerAndOverrides( @@ -4420,10 +4422,12 @@ export class SecurityMonitoringApiResponseProcessor { * Unwraps the actual response sent by the server from the response context and deserializes the response content * to the expected objects * - * @params response Response returned by the server for a request to cancelHistoricalJob + * @params response Response returned by the server for a request to cancelThreatHuntingJob * @throws ApiException if the response code was not in [200, 299] */ - public async cancelHistoricalJob(response: ResponseContext): Promise { + public async cancelThreatHuntingJob( + response: ResponseContext, + ): Promise { const contentType = normalizeMediaType(response.headers["content-type"]); if (response.httpStatusCode === 204) { return; @@ -5067,20 +5071,17 @@ export class SecurityMonitoringApiResponseProcessor { * Unwraps the actual response sent by the server from the response context and deserializes the response content * to the expected objects * - * @params response Response returned by the server for a request to deleteHistoricalJob + * @params response Response returned by the server for a request to deleteSecurityFilter * @throws ApiException if the response code was not in [200, 299] */ - public async deleteHistoricalJob(response: ResponseContext): Promise { + public async deleteSecurityFilter(response: ResponseContext): Promise { const contentType = normalizeMediaType(response.headers["content-type"]); if (response.httpStatusCode === 204) { return; } if ( - response.httpStatusCode === 400 || - response.httpStatusCode === 401 || response.httpStatusCode === 403 || response.httpStatusCode === 404 || - response.httpStatusCode === 409 || response.httpStatusCode === 429 ) { const bodyText = parse(await response.body.text(), contentType); @@ -5117,10 +5118,12 @@ export class SecurityMonitoringApiResponseProcessor { * Unwraps the actual response sent by the server from the response context and deserializes the response content * to the expected objects * - * @params response Response returned by the server for a request to deleteSecurityFilter + * @params response Response returned by the server for a request to deleteSecurityMonitoringRule * @throws ApiException if the response code was not in [200, 299] */ - public async deleteSecurityFilter(response: ResponseContext): Promise { + public async deleteSecurityMonitoringRule( + response: ResponseContext, + ): Promise { const contentType = normalizeMediaType(response.headers["content-type"]); if (response.httpStatusCode === 204) { return; @@ -5164,10 +5167,10 @@ export class SecurityMonitoringApiResponseProcessor { * Unwraps the actual response sent by the server from the response context and deserializes the response content * to the expected objects * - * @params response Response returned by the server for a request to deleteSecurityMonitoringRule + * @params response Response returned by the server for a request to deleteSecurityMonitoringSuppression * @throws ApiException if the response code was not in [200, 299] */ - public async deleteSecurityMonitoringRule( + public async deleteSecurityMonitoringSuppression( response: ResponseContext, ): Promise { const contentType = normalizeMediaType(response.headers["content-type"]); @@ -5213,10 +5216,10 @@ export class SecurityMonitoringApiResponseProcessor { * Unwraps the actual response sent by the server from the response context and deserializes the response content * to the expected objects * - * @params response Response returned by the server for a request to deleteSecurityMonitoringSuppression + * @params response Response returned by the server for a request to deleteSignalNotificationRule * @throws ApiException if the response code was not in [200, 299] */ - public async deleteSecurityMonitoringSuppression( + public async deleteSignalNotificationRule( response: ResponseContext, ): Promise { const contentType = normalizeMediaType(response.headers["content-type"]); @@ -5262,10 +5265,10 @@ export class SecurityMonitoringApiResponseProcessor { * Unwraps the actual response sent by the server from the response context and deserializes the response content * to the expected objects * - * @params response Response returned by the server for a request to deleteSignalNotificationRule + * @params response Response returned by the server for a request to deleteThreatHuntingJob * @throws ApiException if the response code was not in [200, 299] */ - public async deleteSignalNotificationRule( + public async deleteThreatHuntingJob( response: ResponseContext, ): Promise { const contentType = normalizeMediaType(response.headers["content-type"]); @@ -5273,8 +5276,11 @@ export class SecurityMonitoringApiResponseProcessor { return; } if ( + response.httpStatusCode === 400 || + response.httpStatusCode === 401 || response.httpStatusCode === 403 || response.httpStatusCode === 404 || + response.httpStatusCode === 409 || response.httpStatusCode === 429 ) { const bodyText = parse(await response.body.text(), contentType); @@ -5663,67 +5669,6 @@ export class SecurityMonitoringApiResponseProcessor { ); } - /** - * Unwraps the actual response sent by the server from the response context and deserializes the response content - * to the expected objects - * - * @params response Response returned by the server for a request to getHistoricalJob - * @throws ApiException if the response code was not in [200, 299] - */ - public async getHistoricalJob( - response: ResponseContext, - ): Promise { - const contentType = normalizeMediaType(response.headers["content-type"]); - if (response.httpStatusCode === 200) { - const body: HistoricalJobResponse = deserialize( - parse(await response.body.text(), contentType), - TypingInfo, - "HistoricalJobResponse", - ) as HistoricalJobResponse; - return body; - } - if ( - response.httpStatusCode === 400 || - response.httpStatusCode === 403 || - response.httpStatusCode === 404 || - response.httpStatusCode === 429 - ) { - const bodyText = parse(await response.body.text(), contentType); - let body: APIErrorResponse; - try { - body = deserialize( - bodyText, - TypingInfo, - "APIErrorResponse", - ) as APIErrorResponse; - } catch (error) { - logger.debug(`Got error deserializing error: ${error}`); - throw new ApiException( - response.httpStatusCode, - bodyText, - ); - } - throw new ApiException(response.httpStatusCode, body); - } - - // Work around for missing responses in specification, e.g. for petstore.yaml - if (response.httpStatusCode >= 200 && response.httpStatusCode <= 299) { - const body: HistoricalJobResponse = deserialize( - parse(await response.body.text(), contentType), - TypingInfo, - "HistoricalJobResponse", - "", - ) as HistoricalJobResponse; - return body; - } - - const body = (await response.body.text()) || ""; - throw new ApiException( - response.httpStatusCode, - 'Unknown API Status Code!\nBody: "' + body + '"', - ); - } - /** * Unwraps the actual response sent by the server from the response context and deserializes the response content * to the expected objects @@ -6519,19 +6464,19 @@ export class SecurityMonitoringApiResponseProcessor { * Unwraps the actual response sent by the server from the response context and deserializes the response content * to the expected objects * - * @params response Response returned by the server for a request to getVulnerabilityNotificationRule + * @params response Response returned by the server for a request to getThreatHuntingJob * @throws ApiException if the response code was not in [200, 299] */ - public async getVulnerabilityNotificationRule( + public async getThreatHuntingJob( response: ResponseContext, - ): Promise { + ): Promise { const contentType = normalizeMediaType(response.headers["content-type"]); if (response.httpStatusCode === 200) { - const body: NotificationRuleResponse = deserialize( + const body: ThreatHuntingJobResponse = deserialize( parse(await response.body.text(), contentType), TypingInfo, - "NotificationRuleResponse", - ) as NotificationRuleResponse; + "ThreatHuntingJobResponse", + ) as ThreatHuntingJobResponse; return body; } if ( @@ -6560,12 +6505,12 @@ export class SecurityMonitoringApiResponseProcessor { // Work around for missing responses in specification, e.g. for petstore.yaml if (response.httpStatusCode >= 200 && response.httpStatusCode <= 299) { - const body: NotificationRuleResponse = deserialize( + const body: ThreatHuntingJobResponse = deserialize( parse(await response.body.text(), contentType), TypingInfo, - "NotificationRuleResponse", + "ThreatHuntingJobResponse", "", - ) as NotificationRuleResponse; + ) as ThreatHuntingJobResponse; return body; } @@ -6580,22 +6525,27 @@ export class SecurityMonitoringApiResponseProcessor { * Unwraps the actual response sent by the server from the response context and deserializes the response content * to the expected objects * - * @params response Response returned by the server for a request to getVulnerabilityNotificationRules + * @params response Response returned by the server for a request to getVulnerabilityNotificationRule * @throws ApiException if the response code was not in [200, 299] */ - public async getVulnerabilityNotificationRules( + public async getVulnerabilityNotificationRule( response: ResponseContext, - ): Promise { + ): Promise { const contentType = normalizeMediaType(response.headers["content-type"]); if (response.httpStatusCode === 200) { - const body: NotificationRulesList = deserialize( + const body: NotificationRuleResponse = deserialize( parse(await response.body.text(), contentType), TypingInfo, - "NotificationRulesList", - ) as NotificationRulesList; + "NotificationRuleResponse", + ) as NotificationRuleResponse; return body; } - if (response.httpStatusCode === 403 || response.httpStatusCode === 429) { + if ( + response.httpStatusCode === 400 || + response.httpStatusCode === 403 || + response.httpStatusCode === 404 || + response.httpStatusCode === 429 + ) { const bodyText = parse(await response.body.text(), contentType); let body: APIErrorResponse; try { @@ -6616,12 +6566,12 @@ export class SecurityMonitoringApiResponseProcessor { // Work around for missing responses in specification, e.g. for petstore.yaml if (response.httpStatusCode >= 200 && response.httpStatusCode <= 299) { - const body: NotificationRulesList = deserialize( + const body: NotificationRuleResponse = deserialize( parse(await response.body.text(), contentType), TypingInfo, - "NotificationRulesList", + "NotificationRuleResponse", "", - ) as NotificationRulesList; + ) as NotificationRuleResponse; return body; } @@ -6636,47 +6586,22 @@ export class SecurityMonitoringApiResponseProcessor { * Unwraps the actual response sent by the server from the response context and deserializes the response content * to the expected objects * - * @params response Response returned by the server for a request to listAssetsSBOMs + * @params response Response returned by the server for a request to getVulnerabilityNotificationRules * @throws ApiException if the response code was not in [200, 299] */ - public async listAssetsSBOMs( + public async getVulnerabilityNotificationRules( response: ResponseContext, - ): Promise { + ): Promise { const contentType = normalizeMediaType(response.headers["content-type"]); if (response.httpStatusCode === 200) { - const body: ListAssetsSBOMsResponse = deserialize( + const body: NotificationRulesList = deserialize( parse(await response.body.text(), contentType), TypingInfo, - "ListAssetsSBOMsResponse", - ) as ListAssetsSBOMsResponse; + "NotificationRulesList", + ) as NotificationRulesList; return body; } - if ( - response.httpStatusCode === 400 || - response.httpStatusCode === 403 || - response.httpStatusCode === 404 - ) { - const bodyText = parse(await response.body.text(), contentType); - let body: JSONAPIErrorResponse; - try { - body = deserialize( - bodyText, - TypingInfo, - "JSONAPIErrorResponse", - ) as JSONAPIErrorResponse; - } catch (error) { - logger.debug(`Got error deserializing error: ${error}`); - throw new ApiException( - response.httpStatusCode, - bodyText, - ); - } - throw new ApiException( - response.httpStatusCode, - body, - ); - } - if (response.httpStatusCode === 429) { + if (response.httpStatusCode === 403 || response.httpStatusCode === 429) { const bodyText = parse(await response.body.text(), contentType); let body: APIErrorResponse; try { @@ -6697,12 +6622,12 @@ export class SecurityMonitoringApiResponseProcessor { // Work around for missing responses in specification, e.g. for petstore.yaml if (response.httpStatusCode >= 200 && response.httpStatusCode <= 299) { - const body: ListAssetsSBOMsResponse = deserialize( + const body: NotificationRulesList = deserialize( parse(await response.body.text(), contentType), TypingInfo, - "ListAssetsSBOMsResponse", + "NotificationRulesList", "", - ) as ListAssetsSBOMsResponse; + ) as NotificationRulesList; return body; } @@ -6717,26 +6642,25 @@ export class SecurityMonitoringApiResponseProcessor { * Unwraps the actual response sent by the server from the response context and deserializes the response content * to the expected objects * - * @params response Response returned by the server for a request to listFindings + * @params response Response returned by the server for a request to listAssetsSBOMs * @throws ApiException if the response code was not in [200, 299] */ - public async listFindings( + public async listAssetsSBOMs( response: ResponseContext, - ): Promise { + ): Promise { const contentType = normalizeMediaType(response.headers["content-type"]); if (response.httpStatusCode === 200) { - const body: ListFindingsResponse = deserialize( + const body: ListAssetsSBOMsResponse = deserialize( parse(await response.body.text(), contentType), TypingInfo, - "ListFindingsResponse", - ) as ListFindingsResponse; + "ListAssetsSBOMsResponse", + ) as ListAssetsSBOMsResponse; return body; } if ( response.httpStatusCode === 400 || response.httpStatusCode === 403 || - response.httpStatusCode === 404 || - response.httpStatusCode === 429 + response.httpStatusCode === 404 ) { const bodyText = parse(await response.body.text(), contentType); let body: JSONAPIErrorResponse; @@ -6758,15 +6682,33 @@ export class SecurityMonitoringApiResponseProcessor { body, ); } + if (response.httpStatusCode === 429) { + const bodyText = parse(await response.body.text(), contentType); + let body: APIErrorResponse; + try { + body = deserialize( + bodyText, + TypingInfo, + "APIErrorResponse", + ) as APIErrorResponse; + } catch (error) { + logger.debug(`Got error deserializing error: ${error}`); + throw new ApiException( + response.httpStatusCode, + bodyText, + ); + } + throw new ApiException(response.httpStatusCode, body); + } // Work around for missing responses in specification, e.g. for petstore.yaml if (response.httpStatusCode >= 200 && response.httpStatusCode <= 299) { - const body: ListFindingsResponse = deserialize( + const body: ListAssetsSBOMsResponse = deserialize( parse(await response.body.text(), contentType), TypingInfo, - "ListFindingsResponse", + "ListAssetsSBOMsResponse", "", - ) as ListFindingsResponse; + ) as ListAssetsSBOMsResponse; return body; } @@ -6781,52 +6723,56 @@ export class SecurityMonitoringApiResponseProcessor { * Unwraps the actual response sent by the server from the response context and deserializes the response content * to the expected objects * - * @params response Response returned by the server for a request to listHistoricalJobs + * @params response Response returned by the server for a request to listFindings * @throws ApiException if the response code was not in [200, 299] */ - public async listHistoricalJobs( + public async listFindings( response: ResponseContext, - ): Promise { + ): Promise { const contentType = normalizeMediaType(response.headers["content-type"]); if (response.httpStatusCode === 200) { - const body: ListHistoricalJobsResponse = deserialize( + const body: ListFindingsResponse = deserialize( parse(await response.body.text(), contentType), TypingInfo, - "ListHistoricalJobsResponse", - ) as ListHistoricalJobsResponse; + "ListFindingsResponse", + ) as ListFindingsResponse; return body; } if ( response.httpStatusCode === 400 || response.httpStatusCode === 403 || + response.httpStatusCode === 404 || response.httpStatusCode === 429 ) { const bodyText = parse(await response.body.text(), contentType); - let body: APIErrorResponse; + let body: JSONAPIErrorResponse; try { body = deserialize( bodyText, TypingInfo, - "APIErrorResponse", - ) as APIErrorResponse; + "JSONAPIErrorResponse", + ) as JSONAPIErrorResponse; } catch (error) { logger.debug(`Got error deserializing error: ${error}`); - throw new ApiException( + throw new ApiException( response.httpStatusCode, bodyText, ); } - throw new ApiException(response.httpStatusCode, body); + throw new ApiException( + response.httpStatusCode, + body, + ); } // Work around for missing responses in specification, e.g. for petstore.yaml if (response.httpStatusCode >= 200 && response.httpStatusCode <= 299) { - const body: ListHistoricalJobsResponse = deserialize( + const body: ListFindingsResponse = deserialize( parse(await response.body.text(), contentType), TypingInfo, - "ListHistoricalJobsResponse", + "ListFindingsResponse", "", - ) as ListHistoricalJobsResponse; + ) as ListFindingsResponse; return body; } @@ -7207,6 +7153,66 @@ export class SecurityMonitoringApiResponseProcessor { ); } + /** + * Unwraps the actual response sent by the server from the response context and deserializes the response content + * to the expected objects + * + * @params response Response returned by the server for a request to listThreatHuntingJobs + * @throws ApiException if the response code was not in [200, 299] + */ + public async listThreatHuntingJobs( + response: ResponseContext, + ): Promise { + const contentType = normalizeMediaType(response.headers["content-type"]); + if (response.httpStatusCode === 200) { + const body: ListThreatHuntingJobsResponse = deserialize( + parse(await response.body.text(), contentType), + TypingInfo, + "ListThreatHuntingJobsResponse", + ) as ListThreatHuntingJobsResponse; + return body; + } + if ( + response.httpStatusCode === 400 || + response.httpStatusCode === 403 || + response.httpStatusCode === 429 + ) { + const bodyText = parse(await response.body.text(), contentType); + let body: APIErrorResponse; + try { + body = deserialize( + bodyText, + TypingInfo, + "APIErrorResponse", + ) as APIErrorResponse; + } catch (error) { + logger.debug(`Got error deserializing error: ${error}`); + throw new ApiException( + response.httpStatusCode, + bodyText, + ); + } + throw new ApiException(response.httpStatusCode, body); + } + + // Work around for missing responses in specification, e.g. for petstore.yaml + if (response.httpStatusCode >= 200 && response.httpStatusCode <= 299) { + const body: ListThreatHuntingJobsResponse = deserialize( + parse(await response.body.text(), contentType), + TypingInfo, + "ListThreatHuntingJobsResponse", + "", + ) as ListThreatHuntingJobsResponse; + return body; + } + + const body = (await response.body.text()) || ""; + throw new ApiException( + response.httpStatusCode, + 'Unknown API Status Code!\nBody: "' + body + '"', + ); + } + /** * Unwraps the actual response sent by the server from the response context and deserializes the response content * to the expected objects @@ -7602,10 +7608,10 @@ export class SecurityMonitoringApiResponseProcessor { * Unwraps the actual response sent by the server from the response context and deserializes the response content * to the expected objects * - * @params response Response returned by the server for a request to runHistoricalJob + * @params response Response returned by the server for a request to runThreatHuntingJob * @throws ApiException if the response code was not in [200, 299] */ - public async runHistoricalJob( + public async runThreatHuntingJob( response: ResponseContext, ): Promise { const contentType = normalizeMediaType(response.headers["content-type"]); @@ -8310,7 +8316,7 @@ export class SecurityMonitoringApiResponseProcessor { } } -export interface SecurityMonitoringApiCancelHistoricalJobRequest { +export interface SecurityMonitoringApiCancelThreatHuntingJobRequest { /** * The ID of the job. * @type string @@ -8401,14 +8407,6 @@ export interface SecurityMonitoringApiDeleteCustomFrameworkRequest { version: string; } -export interface SecurityMonitoringApiDeleteHistoricalJobRequest { - /** - * The ID of the job. - * @type string - */ - jobId: string; -} - export interface SecurityMonitoringApiDeleteSecurityFilterRequest { /** * The ID of the security filter. @@ -8441,6 +8439,14 @@ export interface SecurityMonitoringApiDeleteSignalNotificationRuleRequest { id: string; } +export interface SecurityMonitoringApiDeleteThreatHuntingJobRequest { + /** + * The ID of the job. + * @type string + */ + jobId: string; +} + export interface SecurityMonitoringApiDeleteVulnerabilityNotificationRuleRequest { /** * ID of the notification rule. @@ -8514,14 +8520,6 @@ export interface SecurityMonitoringApiGetFindingRequest { snapshotTimestamp?: number; } -export interface SecurityMonitoringApiGetHistoricalJobRequest { - /** - * The ID of the job. - * @type string - */ - jobId: string; -} - export interface SecurityMonitoringApiGetResourceEvaluationFiltersRequest { /** * Filter resource filters by cloud provider (e.g. aws, gcp, azure). @@ -8591,7 +8589,7 @@ export interface SecurityMonitoringApiGetSecurityFilterRequest { export interface SecurityMonitoringApiGetSecurityMonitoringHistsignalRequest { /** - * The ID of the historical signal. + * The ID of the threat hunting signal. * @type string */ histsignalId: string; @@ -8682,6 +8680,14 @@ export interface SecurityMonitoringApiGetSuppressionsAffectingRuleRequest { ruleId: string; } +export interface SecurityMonitoringApiGetThreatHuntingJobRequest { + /** + * The ID of the job. + * @type string + */ + jobId: string; +} + export interface SecurityMonitoringApiGetVulnerabilityNotificationRuleRequest { /** * ID of the notification rule. @@ -8811,29 +8817,6 @@ export interface SecurityMonitoringApiListFindingsRequest { detailedFindings?: boolean; } -export interface SecurityMonitoringApiListHistoricalJobsRequest { - /** - * Size for a given page. The maximum allowed value is 100. - * @type number - */ - pageSize?: number; - /** - * Specific page number to return. - * @type number - */ - pageNumber?: number; - /** - * The order of the jobs in results. - * @type string - */ - sort?: string; - /** - * Query used to filter items from the fetched list. - * @type string - */ - filterQuery?: string; -} - export interface SecurityMonitoringApiListScannedAssetsMetadataRequest { /** * Its value must come from the `links` section of the response of the first request. Do not manually edit it. @@ -8954,6 +8937,29 @@ export interface SecurityMonitoringApiListSecurityMonitoringSuppressionsRequest query?: string; } +export interface SecurityMonitoringApiListThreatHuntingJobsRequest { + /** + * Size for a given page. The maximum allowed value is 100. + * @type number + */ + pageSize?: number; + /** + * Specific page number to return. + * @type number + */ + pageNumber?: number; + /** + * The order of the jobs in results. + * @type string + */ + sort?: string; + /** + * Query used to filter items from the fetched list. + * @type string + */ + filterQuery?: string; +} + export interface SecurityMonitoringApiListVulnerabilitiesRequest { /** * Its value must come from the `links` section of the response of the first request. Do not manually edit it. @@ -9296,11 +9302,11 @@ export interface SecurityMonitoringApiPatchVulnerabilityNotificationRuleRequest body: PatchNotificationRuleParameters; } -export interface SecurityMonitoringApiRunHistoricalJobRequest { +export interface SecurityMonitoringApiRunThreatHuntingJobRequest { /** - * @type RunHistoricalJobRequest + * @type RunThreatHuntingJobRequest */ - body: RunHistoricalJobRequest; + body: RunThreatHuntingJobRequest; } export interface SecurityMonitoringApiSearchSecurityMonitoringHistsignalsRequest { @@ -9433,14 +9439,14 @@ export class SecurityMonitoringApi { } /** - * Cancel a historical job. + * Cancel a threat hunting job. * @param param The request object */ - public cancelHistoricalJob( - param: SecurityMonitoringApiCancelHistoricalJobRequest, + public cancelThreatHuntingJob( + param: SecurityMonitoringApiCancelThreatHuntingJobRequest, options?: Configuration, ): Promise { - const requestContextPromise = this.requestFactory.cancelHistoricalJob( + const requestContextPromise = this.requestFactory.cancelThreatHuntingJob( param.jobId, options, ); @@ -9448,7 +9454,7 @@ export class SecurityMonitoringApi { return this.configuration.httpApi .send(requestContext) .then((responseContext) => { - return this.responseProcessor.cancelHistoricalJob(responseContext); + return this.responseProcessor.cancelThreatHuntingJob(responseContext); }); }); } @@ -9683,27 +9689,6 @@ export class SecurityMonitoringApi { }); } - /** - * Delete an existing job. - * @param param The request object - */ - public deleteHistoricalJob( - param: SecurityMonitoringApiDeleteHistoricalJobRequest, - options?: Configuration, - ): Promise { - const requestContextPromise = this.requestFactory.deleteHistoricalJob( - param.jobId, - options, - ); - return requestContextPromise.then((requestContext) => { - return this.configuration.httpApi - .send(requestContext) - .then((responseContext) => { - return this.responseProcessor.deleteHistoricalJob(responseContext); - }); - }); - } - /** * Delete a specific security filter. * @param param The request object @@ -9791,6 +9776,27 @@ export class SecurityMonitoringApi { }); } + /** + * Delete an existing job. + * @param param The request object + */ + public deleteThreatHuntingJob( + param: SecurityMonitoringApiDeleteThreatHuntingJobRequest, + options?: Configuration, + ): Promise { + const requestContextPromise = this.requestFactory.deleteThreatHuntingJob( + param.jobId, + options, + ); + return requestContextPromise.then((requestContext) => { + return this.configuration.httpApi + .send(requestContext) + .then((responseContext) => { + return this.responseProcessor.deleteThreatHuntingJob(responseContext); + }); + }); + } + /** * Delete a notification rule for security vulnerabilities. * @param param The request object @@ -9934,27 +9940,6 @@ export class SecurityMonitoringApi { }); } - /** - * Get a job's details. - * @param param The request object - */ - public getHistoricalJob( - param: SecurityMonitoringApiGetHistoricalJobRequest, - options?: Configuration, - ): Promise { - const requestContextPromise = this.requestFactory.getHistoricalJob( - param.jobId, - options, - ); - return requestContextPromise.then((requestContext) => { - return this.configuration.httpApi - .send(requestContext) - .then((responseContext) => { - return this.responseProcessor.getHistoricalJob(responseContext); - }); - }); - } - /** * List resource filters. * @param param The request object @@ -10262,6 +10247,27 @@ export class SecurityMonitoringApi { }); } + /** + * Get a job's details. + * @param param The request object + */ + public getThreatHuntingJob( + param: SecurityMonitoringApiGetThreatHuntingJobRequest, + options?: Configuration, + ): Promise { + const requestContextPromise = this.requestFactory.getThreatHuntingJob( + param.jobId, + options, + ); + return requestContextPromise.then((requestContext) => { + return this.configuration.httpApi + .send(requestContext) + .then((responseContext) => { + return this.responseProcessor.getThreatHuntingJob(responseContext); + }); + }); + } + /** * Get the details of a notification rule for security vulnerabilities. * @param param The request object @@ -10485,30 +10491,6 @@ export class SecurityMonitoringApi { } } - /** - * List historical jobs. - * @param param The request object - */ - public listHistoricalJobs( - param: SecurityMonitoringApiListHistoricalJobsRequest = {}, - options?: Configuration, - ): Promise { - const requestContextPromise = this.requestFactory.listHistoricalJobs( - param.pageSize, - param.pageNumber, - param.sort, - param.filterQuery, - options, - ); - return requestContextPromise.then((requestContext) => { - return this.configuration.httpApi - .send(requestContext) - .then((responseContext) => { - return this.responseProcessor.listHistoricalJobs(responseContext); - }); - }); - } - /** * Get a list of security scanned assets metadata for an organization. * @@ -10765,6 +10747,30 @@ export class SecurityMonitoringApi { }); } + /** + * List threat hunting jobs. + * @param param The request object + */ + public listThreatHuntingJobs( + param: SecurityMonitoringApiListThreatHuntingJobsRequest = {}, + options?: Configuration, + ): Promise { + const requestContextPromise = this.requestFactory.listThreatHuntingJobs( + param.pageSize, + param.pageNumber, + param.sort, + param.filterQuery, + options, + ); + return requestContextPromise.then((requestContext) => { + return this.configuration.httpApi + .send(requestContext) + .then((responseContext) => { + return this.responseProcessor.listThreatHuntingJobs(responseContext); + }); + }); + } + /** * Get a list of vulnerabilities. * @@ -11036,14 +11042,14 @@ export class SecurityMonitoringApi { } /** - * Run a historical job. + * Run a threat hunting job. * @param param The request object */ - public runHistoricalJob( - param: SecurityMonitoringApiRunHistoricalJobRequest, + public runThreatHuntingJob( + param: SecurityMonitoringApiRunThreatHuntingJobRequest, options?: Configuration, ): Promise { - const requestContextPromise = this.requestFactory.runHistoricalJob( + const requestContextPromise = this.requestFactory.runThreatHuntingJob( param.body, options, ); @@ -11051,7 +11057,7 @@ export class SecurityMonitoringApi { return this.configuration.httpApi .send(requestContext) .then((responseContext) => { - return this.responseProcessor.runHistoricalJob(responseContext); + return this.responseProcessor.runThreatHuntingJob(responseContext); }); }); } diff --git a/services/security_monitoring/src/v2/index.ts b/services/security_monitoring/src/v2/index.ts index 0906852c8b01..a9a63bcf5aa3 100644 --- a/services/security_monitoring/src/v2/index.ts +++ b/services/security_monitoring/src/v2/index.ts @@ -1,5 +1,5 @@ export { - SecurityMonitoringApiCancelHistoricalJobRequest, + SecurityMonitoringApiCancelThreatHuntingJobRequest, SecurityMonitoringApiConvertExistingSecurityMonitoringRuleRequest, SecurityMonitoringApiConvertJobResultToSignalRequest, SecurityMonitoringApiConvertSecurityMonitoringRuleFromJSONToTerraformRequest, @@ -10,18 +10,17 @@ export { SecurityMonitoringApiCreateSignalNotificationRuleRequest, SecurityMonitoringApiCreateVulnerabilityNotificationRuleRequest, SecurityMonitoringApiDeleteCustomFrameworkRequest, - SecurityMonitoringApiDeleteHistoricalJobRequest, SecurityMonitoringApiDeleteSecurityFilterRequest, SecurityMonitoringApiDeleteSecurityMonitoringRuleRequest, SecurityMonitoringApiDeleteSecurityMonitoringSuppressionRequest, SecurityMonitoringApiDeleteSignalNotificationRuleRequest, + SecurityMonitoringApiDeleteThreatHuntingJobRequest, SecurityMonitoringApiDeleteVulnerabilityNotificationRuleRequest, SecurityMonitoringApiEditSecurityMonitoringSignalAssigneeRequest, SecurityMonitoringApiEditSecurityMonitoringSignalIncidentsRequest, SecurityMonitoringApiEditSecurityMonitoringSignalStateRequest, SecurityMonitoringApiGetCustomFrameworkRequest, SecurityMonitoringApiGetFindingRequest, - SecurityMonitoringApiGetHistoricalJobRequest, SecurityMonitoringApiGetResourceEvaluationFiltersRequest, SecurityMonitoringApiGetRuleVersionHistoryRequest, SecurityMonitoringApiGetSBOMRequest, @@ -34,21 +33,22 @@ export { SecurityMonitoringApiGetSignalNotificationRuleRequest, SecurityMonitoringApiGetSuppressionsAffectingFutureRuleRequest, SecurityMonitoringApiGetSuppressionsAffectingRuleRequest, + SecurityMonitoringApiGetThreatHuntingJobRequest, SecurityMonitoringApiGetVulnerabilityNotificationRuleRequest, SecurityMonitoringApiListAssetsSBOMsRequest, SecurityMonitoringApiListFindingsRequest, - SecurityMonitoringApiListHistoricalJobsRequest, SecurityMonitoringApiListScannedAssetsMetadataRequest, SecurityMonitoringApiListSecurityMonitoringHistsignalsRequest, SecurityMonitoringApiListSecurityMonitoringRulesRequest, SecurityMonitoringApiListSecurityMonitoringSignalsRequest, SecurityMonitoringApiListSecurityMonitoringSuppressionsRequest, + SecurityMonitoringApiListThreatHuntingJobsRequest, SecurityMonitoringApiListVulnerabilitiesRequest, SecurityMonitoringApiListVulnerableAssetsRequest, SecurityMonitoringApiMuteFindingsRequest, SecurityMonitoringApiPatchSignalNotificationRuleRequest, SecurityMonitoringApiPatchVulnerabilityNotificationRuleRequest, - SecurityMonitoringApiRunHistoricalJobRequest, + SecurityMonitoringApiRunThreatHuntingJobRequest, SecurityMonitoringApiSearchSecurityMonitoringHistsignalsRequest, SecurityMonitoringApiSearchSecurityMonitoringSignalsRequest, SecurityMonitoringApiTestExistingSecurityMonitoringRuleRequest, @@ -135,13 +135,6 @@ export { GetRuleVersionHistoryData } from "./models/GetRuleVersionHistoryData"; export { GetRuleVersionHistoryDataType } from "./models/GetRuleVersionHistoryDataType"; export { GetRuleVersionHistoryResponse } from "./models/GetRuleVersionHistoryResponse"; export { GetSBOMResponse } from "./models/GetSBOMResponse"; -export { HistoricalJobDataType } from "./models/HistoricalJobDataType"; -export { HistoricalJobListMeta } from "./models/HistoricalJobListMeta"; -export { HistoricalJobOptions } from "./models/HistoricalJobOptions"; -export { HistoricalJobQuery } from "./models/HistoricalJobQuery"; -export { HistoricalJobResponse } from "./models/HistoricalJobResponse"; -export { HistoricalJobResponseAttributes } from "./models/HistoricalJobResponseAttributes"; -export { HistoricalJobResponseData } from "./models/HistoricalJobResponseData"; export { JobCreateResponse } from "./models/JobCreateResponse"; export { JobCreateResponseData } from "./models/JobCreateResponseData"; export { JobDefinition } from "./models/JobDefinition"; @@ -155,7 +148,7 @@ export { ListAssetsSBOMsResponse } from "./models/ListAssetsSBOMsResponse"; export { ListFindingsMeta } from "./models/ListFindingsMeta"; export { ListFindingsPage } from "./models/ListFindingsPage"; export { ListFindingsResponse } from "./models/ListFindingsResponse"; -export { ListHistoricalJobsResponse } from "./models/ListHistoricalJobsResponse"; +export { ListThreatHuntingJobsResponse } from "./models/ListThreatHuntingJobsResponse"; export { ListVulnerabilitiesResponse } from "./models/ListVulnerabilitiesResponse"; export { ListVulnerableAssetsResponse } from "./models/ListVulnerableAssetsResponse"; export { Metadata } from "./models/Metadata"; @@ -179,10 +172,10 @@ export { RuleVersionHistory } from "./models/RuleVersionHistory"; export { RuleVersions } from "./models/RuleVersions"; export { RuleVersionUpdate } from "./models/RuleVersionUpdate"; export { RuleVersionUpdateType } from "./models/RuleVersionUpdateType"; -export { RunHistoricalJobRequest } from "./models/RunHistoricalJobRequest"; -export { RunHistoricalJobRequestAttributes } from "./models/RunHistoricalJobRequestAttributes"; -export { RunHistoricalJobRequestData } from "./models/RunHistoricalJobRequestData"; -export { RunHistoricalJobRequestDataType } from "./models/RunHistoricalJobRequestDataType"; +export { RunThreatHuntingJobRequest } from "./models/RunThreatHuntingJobRequest"; +export { RunThreatHuntingJobRequestAttributes } from "./models/RunThreatHuntingJobRequestAttributes"; +export { RunThreatHuntingJobRequestData } from "./models/RunThreatHuntingJobRequestData"; +export { RunThreatHuntingJobRequestDataType } from "./models/RunThreatHuntingJobRequestDataType"; export { SBOM } from "./models/SBOM"; export { SBOMAttributes } from "./models/SBOMAttributes"; export { SBOMComponent } from "./models/SBOMComponent"; @@ -319,6 +312,13 @@ export { SecurityMonitoringTriageUser } from "./models/SecurityMonitoringTriageU export { SecurityMonitoringUser } from "./models/SecurityMonitoringUser"; export { Selectors } from "./models/Selectors"; export { SpecVersion } from "./models/SpecVersion"; +export { ThreatHuntingJobDataType } from "./models/ThreatHuntingJobDataType"; +export { ThreatHuntingJobListMeta } from "./models/ThreatHuntingJobListMeta"; +export { ThreatHuntingJobOptions } from "./models/ThreatHuntingJobOptions"; +export { ThreatHuntingJobQuery } from "./models/ThreatHuntingJobQuery"; +export { ThreatHuntingJobResponse } from "./models/ThreatHuntingJobResponse"; +export { ThreatHuntingJobResponseAttributes } from "./models/ThreatHuntingJobResponseAttributes"; +export { ThreatHuntingJobResponseData } from "./models/ThreatHuntingJobResponseData"; export { TriggerSource } from "./models/TriggerSource"; export { UpdateCustomFrameworkRequest } from "./models/UpdateCustomFrameworkRequest"; export { UpdateCustomFrameworkResponse } from "./models/UpdateCustomFrameworkResponse"; diff --git a/services/security_monitoring/src/v2/models/ConvertJobResultsToSignalsAttributes.ts b/services/security_monitoring/src/v2/models/ConvertJobResultsToSignalsAttributes.ts index d5a54e8645f0..b97d9917dd83 100644 --- a/services/security_monitoring/src/v2/models/ConvertJobResultsToSignalsAttributes.ts +++ b/services/security_monitoring/src/v2/models/ConvertJobResultsToSignalsAttributes.ts @@ -3,7 +3,7 @@ import { AttributeTypeMap } from "@datadog/datadog-api-client"; import { SecurityMonitoringRuleSeverity } from "./SecurityMonitoringRuleSeverity"; /** - * Attributes for converting historical job results to signals. + * Attributes for converting threat hunting job results to signals. */ export class ConvertJobResultsToSignalsAttributes { /** diff --git a/services/security_monitoring/src/v2/models/ConvertJobResultsToSignalsData.ts b/services/security_monitoring/src/v2/models/ConvertJobResultsToSignalsData.ts index 49afc4a5b2cf..1c4506e4ddeb 100644 --- a/services/security_monitoring/src/v2/models/ConvertJobResultsToSignalsData.ts +++ b/services/security_monitoring/src/v2/models/ConvertJobResultsToSignalsData.ts @@ -4,11 +4,11 @@ import { ConvertJobResultsToSignalsAttributes } from "./ConvertJobResultsToSigna import { ConvertJobResultsToSignalsDataType } from "./ConvertJobResultsToSignalsDataType"; /** - * Data for converting historical job results to signals. + * Data for converting threat hunting job results to signals. */ export class ConvertJobResultsToSignalsData { /** - * Attributes for converting historical job results to signals. + * Attributes for converting threat hunting job results to signals. */ "attributes"?: ConvertJobResultsToSignalsAttributes; /** diff --git a/services/security_monitoring/src/v2/models/ConvertJobResultsToSignalsRequest.ts b/services/security_monitoring/src/v2/models/ConvertJobResultsToSignalsRequest.ts index 4578bca255fc..5b7474ce4724 100644 --- a/services/security_monitoring/src/v2/models/ConvertJobResultsToSignalsRequest.ts +++ b/services/security_monitoring/src/v2/models/ConvertJobResultsToSignalsRequest.ts @@ -3,11 +3,11 @@ import { AttributeTypeMap } from "@datadog/datadog-api-client"; import { ConvertJobResultsToSignalsData } from "./ConvertJobResultsToSignalsData"; /** - * Request for converting historical job results to signals. + * Request for converting threat hunting job results to signals. */ export class ConvertJobResultsToSignalsRequest { /** - * Data for converting historical job results to signals. + * Data for converting threat hunting job results to signals. */ "data"?: ConvertJobResultsToSignalsData; /** diff --git a/services/security_monitoring/src/v2/models/JobCreateResponse.ts b/services/security_monitoring/src/v2/models/JobCreateResponse.ts index 5a8fd84b74a0..e958b8b2ca14 100644 --- a/services/security_monitoring/src/v2/models/JobCreateResponse.ts +++ b/services/security_monitoring/src/v2/models/JobCreateResponse.ts @@ -3,7 +3,7 @@ import { AttributeTypeMap } from "@datadog/datadog-api-client"; import { JobCreateResponseData } from "./JobCreateResponseData"; /** - * Run a historical job response. + * Run a threat hunting job response. */ export class JobCreateResponse { /** diff --git a/services/security_monitoring/src/v2/models/JobCreateResponseData.ts b/services/security_monitoring/src/v2/models/JobCreateResponseData.ts index 1b4360ff66ec..b6a84be59012 100644 --- a/services/security_monitoring/src/v2/models/JobCreateResponseData.ts +++ b/services/security_monitoring/src/v2/models/JobCreateResponseData.ts @@ -1,6 +1,6 @@ import { AttributeTypeMap } from "@datadog/datadog-api-client"; -import { HistoricalJobDataType } from "./HistoricalJobDataType"; +import { ThreatHuntingJobDataType } from "./ThreatHuntingJobDataType"; /** * The definition of `JobCreateResponseData` object. @@ -13,7 +13,7 @@ export class JobCreateResponseData { /** * Type of payload. */ - "type"?: HistoricalJobDataType; + "type"?: ThreatHuntingJobDataType; /** * A container for additional, undeclared properties. * This is a holder for any undeclared properties as specified with @@ -35,7 +35,7 @@ export class JobCreateResponseData { }, type: { baseName: "type", - type: "HistoricalJobDataType", + type: "ThreatHuntingJobDataType", }, additionalProperties: { baseName: "additionalProperties", diff --git a/services/security_monitoring/src/v2/models/JobDefinition.ts b/services/security_monitoring/src/v2/models/JobDefinition.ts index 0f627408d89f..d961e12834ff 100644 --- a/services/security_monitoring/src/v2/models/JobDefinition.ts +++ b/services/security_monitoring/src/v2/models/JobDefinition.ts @@ -1,14 +1,14 @@ import { AttributeTypeMap } from "@datadog/datadog-api-client"; import { CalculatedField } from "./CalculatedField"; -import { HistoricalJobOptions } from "./HistoricalJobOptions"; -import { HistoricalJobQuery } from "./HistoricalJobQuery"; import { SecurityMonitoringReferenceTable } from "./SecurityMonitoringReferenceTable"; import { SecurityMonitoringRuleCaseCreate } from "./SecurityMonitoringRuleCaseCreate"; import { SecurityMonitoringThirdPartyRuleCaseCreate } from "./SecurityMonitoringThirdPartyRuleCaseCreate"; +import { ThreatHuntingJobOptions } from "./ThreatHuntingJobOptions"; +import { ThreatHuntingJobQuery } from "./ThreatHuntingJobQuery"; /** - * Definition of a historical job. + * Definition of a threat hunting job. */ export class JobDefinition { /** @@ -42,11 +42,11 @@ export class JobDefinition { /** * Job options. */ - "options"?: HistoricalJobOptions; + "options"?: ThreatHuntingJobOptions; /** * Queries for selecting logs analyzed by the job. */ - "queries": Array; + "queries": Array; /** * Reference tables used in the queries. */ @@ -118,11 +118,11 @@ export class JobDefinition { }, options: { baseName: "options", - type: "HistoricalJobOptions", + type: "ThreatHuntingJobOptions", }, queries: { baseName: "queries", - type: "Array", + type: "Array", required: true, }, referenceTables: { diff --git a/services/security_monitoring/src/v2/models/JobDefinitionFromRule.ts b/services/security_monitoring/src/v2/models/JobDefinitionFromRule.ts index 112ccf12d9b5..b0a6b2852a92 100644 --- a/services/security_monitoring/src/v2/models/JobDefinitionFromRule.ts +++ b/services/security_monitoring/src/v2/models/JobDefinitionFromRule.ts @@ -1,7 +1,7 @@ import { AttributeTypeMap } from "@datadog/datadog-api-client"; /** - * Definition of a historical job based on a security monitoring rule. + * Definition of a threat hunting job based on a security monitoring rule. */ export class JobDefinitionFromRule { /** diff --git a/services/security_monitoring/src/v2/models/ListHistoricalJobsResponse.ts b/services/security_monitoring/src/v2/models/ListThreatHuntingJobsResponse.ts similarity index 61% rename from services/security_monitoring/src/v2/models/ListHistoricalJobsResponse.ts rename to services/security_monitoring/src/v2/models/ListThreatHuntingJobsResponse.ts index 0219c3041b7e..f07fbd63dd2b 100644 --- a/services/security_monitoring/src/v2/models/ListHistoricalJobsResponse.ts +++ b/services/security_monitoring/src/v2/models/ListThreatHuntingJobsResponse.ts @@ -1,20 +1,20 @@ import { AttributeTypeMap } from "@datadog/datadog-api-client"; -import { HistoricalJobListMeta } from "./HistoricalJobListMeta"; -import { HistoricalJobResponseData } from "./HistoricalJobResponseData"; +import { ThreatHuntingJobListMeta } from "./ThreatHuntingJobListMeta"; +import { ThreatHuntingJobResponseData } from "./ThreatHuntingJobResponseData"; /** - * List of historical jobs. + * List of threat hunting jobs. */ -export class ListHistoricalJobsResponse { +export class ListThreatHuntingJobsResponse { /** - * Array containing the list of historical jobs. + * Array containing the list of threat hunting jobs. */ - "data"?: Array; + "data"?: Array; /** * Metadata about the list of jobs. */ - "meta"?: HistoricalJobListMeta; + "meta"?: ThreatHuntingJobListMeta; /** * A container for additional, undeclared properties. * This is a holder for any undeclared properties as specified with @@ -32,11 +32,11 @@ export class ListHistoricalJobsResponse { static readonly attributeTypeMap: AttributeTypeMap = { data: { baseName: "data", - type: "Array", + type: "Array", }, meta: { baseName: "meta", - type: "HistoricalJobListMeta", + type: "ThreatHuntingJobListMeta", }, additionalProperties: { baseName: "additionalProperties", @@ -48,7 +48,7 @@ export class ListHistoricalJobsResponse { * @ignore */ static getAttributeTypeMap(): AttributeTypeMap { - return ListHistoricalJobsResponse.attributeTypeMap; + return ListThreatHuntingJobsResponse.attributeTypeMap; } public constructor() {} diff --git a/services/security_monitoring/src/v2/models/RunHistoricalJobRequest.ts b/services/security_monitoring/src/v2/models/RunThreatHuntingJobRequest.ts similarity index 67% rename from services/security_monitoring/src/v2/models/RunHistoricalJobRequest.ts rename to services/security_monitoring/src/v2/models/RunThreatHuntingJobRequest.ts index 446bd7ec15c4..e10ec8c7760a 100644 --- a/services/security_monitoring/src/v2/models/RunHistoricalJobRequest.ts +++ b/services/security_monitoring/src/v2/models/RunThreatHuntingJobRequest.ts @@ -1,15 +1,15 @@ import { AttributeTypeMap } from "@datadog/datadog-api-client"; -import { RunHistoricalJobRequestData } from "./RunHistoricalJobRequestData"; +import { RunThreatHuntingJobRequestData } from "./RunThreatHuntingJobRequestData"; /** - * Run a historical job request. + * Run a threat hunting job request. */ -export class RunHistoricalJobRequest { +export class RunThreatHuntingJobRequest { /** - * Data for running a historical job request. + * Data for running a threat hunting job request. */ - "data"?: RunHistoricalJobRequestData; + "data"?: RunThreatHuntingJobRequestData; /** * A container for additional, undeclared properties. * This is a holder for any undeclared properties as specified with @@ -27,7 +27,7 @@ export class RunHistoricalJobRequest { static readonly attributeTypeMap: AttributeTypeMap = { data: { baseName: "data", - type: "RunHistoricalJobRequestData", + type: "RunThreatHuntingJobRequestData", }, additionalProperties: { baseName: "additionalProperties", @@ -39,7 +39,7 @@ export class RunHistoricalJobRequest { * @ignore */ static getAttributeTypeMap(): AttributeTypeMap { - return RunHistoricalJobRequest.attributeTypeMap; + return RunThreatHuntingJobRequest.attributeTypeMap; } public constructor() {} diff --git a/services/security_monitoring/src/v2/models/RunHistoricalJobRequestAttributes.ts b/services/security_monitoring/src/v2/models/RunThreatHuntingJobRequestAttributes.ts similarity index 81% rename from services/security_monitoring/src/v2/models/RunHistoricalJobRequestAttributes.ts rename to services/security_monitoring/src/v2/models/RunThreatHuntingJobRequestAttributes.ts index 4e6d4ae6fb18..42aa4fd1321a 100644 --- a/services/security_monitoring/src/v2/models/RunHistoricalJobRequestAttributes.ts +++ b/services/security_monitoring/src/v2/models/RunThreatHuntingJobRequestAttributes.ts @@ -4,11 +4,11 @@ import { JobDefinition } from "./JobDefinition"; import { JobDefinitionFromRule } from "./JobDefinitionFromRule"; /** - * Run a historical job request. + * Run a threat hunting job request. */ -export class RunHistoricalJobRequestAttributes { +export class RunThreatHuntingJobRequestAttributes { /** - * Definition of a historical job based on a security monitoring rule. + * Definition of a threat hunting job based on a security monitoring rule. */ "fromRule"?: JobDefinitionFromRule; /** @@ -16,7 +16,7 @@ export class RunHistoricalJobRequestAttributes { */ "id"?: string; /** - * Definition of a historical job. + * Definition of a threat hunting job. */ "jobDefinition"?: JobDefinition; /** @@ -56,7 +56,7 @@ export class RunHistoricalJobRequestAttributes { * @ignore */ static getAttributeTypeMap(): AttributeTypeMap { - return RunHistoricalJobRequestAttributes.attributeTypeMap; + return RunThreatHuntingJobRequestAttributes.attributeTypeMap; } public constructor() {} diff --git a/services/security_monitoring/src/v2/models/RunHistoricalJobRequestData.ts b/services/security_monitoring/src/v2/models/RunThreatHuntingJobRequestData.ts similarity index 58% rename from services/security_monitoring/src/v2/models/RunHistoricalJobRequestData.ts rename to services/security_monitoring/src/v2/models/RunThreatHuntingJobRequestData.ts index d3c487914b41..2aced058b2b5 100644 --- a/services/security_monitoring/src/v2/models/RunHistoricalJobRequestData.ts +++ b/services/security_monitoring/src/v2/models/RunThreatHuntingJobRequestData.ts @@ -1,20 +1,20 @@ import { AttributeTypeMap } from "@datadog/datadog-api-client"; -import { RunHistoricalJobRequestAttributes } from "./RunHistoricalJobRequestAttributes"; -import { RunHistoricalJobRequestDataType } from "./RunHistoricalJobRequestDataType"; +import { RunThreatHuntingJobRequestAttributes } from "./RunThreatHuntingJobRequestAttributes"; +import { RunThreatHuntingJobRequestDataType } from "./RunThreatHuntingJobRequestDataType"; /** - * Data for running a historical job request. + * Data for running a threat hunting job request. */ -export class RunHistoricalJobRequestData { +export class RunThreatHuntingJobRequestData { /** - * Run a historical job request. + * Run a threat hunting job request. */ - "attributes"?: RunHistoricalJobRequestAttributes; + "attributes"?: RunThreatHuntingJobRequestAttributes; /** * Type of data. */ - "type"?: RunHistoricalJobRequestDataType; + "type"?: RunThreatHuntingJobRequestDataType; /** * A container for additional, undeclared properties. * This is a holder for any undeclared properties as specified with @@ -32,11 +32,11 @@ export class RunHistoricalJobRequestData { static readonly attributeTypeMap: AttributeTypeMap = { attributes: { baseName: "attributes", - type: "RunHistoricalJobRequestAttributes", + type: "RunThreatHuntingJobRequestAttributes", }, type: { baseName: "type", - type: "RunHistoricalJobRequestDataType", + type: "RunThreatHuntingJobRequestDataType", }, additionalProperties: { baseName: "additionalProperties", @@ -48,7 +48,7 @@ export class RunHistoricalJobRequestData { * @ignore */ static getAttributeTypeMap(): AttributeTypeMap { - return RunHistoricalJobRequestData.attributeTypeMap; + return RunThreatHuntingJobRequestData.attributeTypeMap; } public constructor() {} diff --git a/services/security_monitoring/src/v2/models/RunHistoricalJobRequestDataType.ts b/services/security_monitoring/src/v2/models/RunThreatHuntingJobRequestDataType.ts similarity index 82% rename from services/security_monitoring/src/v2/models/RunHistoricalJobRequestDataType.ts rename to services/security_monitoring/src/v2/models/RunThreatHuntingJobRequestDataType.ts index 60f2fdc110fb..78b58aae0776 100644 --- a/services/security_monitoring/src/v2/models/RunHistoricalJobRequestDataType.ts +++ b/services/security_monitoring/src/v2/models/RunThreatHuntingJobRequestDataType.ts @@ -3,7 +3,7 @@ import { UnparsedObject } from "@datadog/datadog-api-client"; /** * Type of data. */ -export type RunHistoricalJobRequestDataType = +export type RunThreatHuntingJobRequestDataType = | typeof HISTORICALDETECTIONSJOBCREATE | UnparsedObject; export const HISTORICALDETECTIONSJOBCREATE = "historicalDetectionsJobCreate"; diff --git a/services/security_monitoring/src/v2/models/HistoricalJobDataType.ts b/services/security_monitoring/src/v2/models/ThreatHuntingJobDataType.ts similarity index 84% rename from services/security_monitoring/src/v2/models/HistoricalJobDataType.ts rename to services/security_monitoring/src/v2/models/ThreatHuntingJobDataType.ts index b4b3c03bca72..9544f1f9fa18 100644 --- a/services/security_monitoring/src/v2/models/HistoricalJobDataType.ts +++ b/services/security_monitoring/src/v2/models/ThreatHuntingJobDataType.ts @@ -3,7 +3,7 @@ import { UnparsedObject } from "@datadog/datadog-api-client"; /** * Type of payload. */ -export type HistoricalJobDataType = +export type ThreatHuntingJobDataType = | typeof HISTORICALDETECTIONSJOB | UnparsedObject; export const HISTORICALDETECTIONSJOB = "historicalDetectionsJob"; diff --git a/services/security_monitoring/src/v2/models/HistoricalJobListMeta.ts b/services/security_monitoring/src/v2/models/ThreatHuntingJobListMeta.ts similarity index 90% rename from services/security_monitoring/src/v2/models/HistoricalJobListMeta.ts rename to services/security_monitoring/src/v2/models/ThreatHuntingJobListMeta.ts index c55a4ee62874..2a05f8b38498 100644 --- a/services/security_monitoring/src/v2/models/HistoricalJobListMeta.ts +++ b/services/security_monitoring/src/v2/models/ThreatHuntingJobListMeta.ts @@ -3,7 +3,7 @@ import { AttributeTypeMap } from "@datadog/datadog-api-client"; /** * Metadata about the list of jobs. */ -export class HistoricalJobListMeta { +export class ThreatHuntingJobListMeta { /** * Number of jobs in the list. */ @@ -38,7 +38,7 @@ export class HistoricalJobListMeta { * @ignore */ static getAttributeTypeMap(): AttributeTypeMap { - return HistoricalJobListMeta.attributeTypeMap; + return ThreatHuntingJobListMeta.attributeTypeMap; } public constructor() {} diff --git a/services/security_monitoring/src/v2/models/HistoricalJobOptions.ts b/services/security_monitoring/src/v2/models/ThreatHuntingJobOptions.ts similarity index 97% rename from services/security_monitoring/src/v2/models/HistoricalJobOptions.ts rename to services/security_monitoring/src/v2/models/ThreatHuntingJobOptions.ts index 439a9469f7ab..a656337a0cc6 100644 --- a/services/security_monitoring/src/v2/models/HistoricalJobOptions.ts +++ b/services/security_monitoring/src/v2/models/ThreatHuntingJobOptions.ts @@ -12,7 +12,7 @@ import { SecurityMonitoringRuleThirdPartyOptions } from "./SecurityMonitoringRul /** * Job options. */ -export class HistoricalJobOptions { +export class ThreatHuntingJobOptions { /** * The detection method. */ @@ -108,7 +108,7 @@ export class HistoricalJobOptions { * @ignore */ static getAttributeTypeMap(): AttributeTypeMap { - return HistoricalJobOptions.attributeTypeMap; + return ThreatHuntingJobOptions.attributeTypeMap; } public constructor() {} diff --git a/services/security_monitoring/src/v2/models/HistoricalJobQuery.ts b/services/security_monitoring/src/v2/models/ThreatHuntingJobQuery.ts similarity index 94% rename from services/security_monitoring/src/v2/models/HistoricalJobQuery.ts rename to services/security_monitoring/src/v2/models/ThreatHuntingJobQuery.ts index 8ec92f7c9f69..6b413166015f 100644 --- a/services/security_monitoring/src/v2/models/HistoricalJobQuery.ts +++ b/services/security_monitoring/src/v2/models/ThreatHuntingJobQuery.ts @@ -4,9 +4,9 @@ import { SecurityMonitoringRuleQueryAggregation } from "./SecurityMonitoringRule import { SecurityMonitoringStandardDataSource } from "./SecurityMonitoringStandardDataSource"; /** - * Query for selecting logs analyzed by the historical job. + * Query for selecting logs analyzed by the threat hunting job. */ -export class HistoricalJobQuery { +export class ThreatHuntingJobQuery { /** * The aggregation type. */ @@ -96,7 +96,7 @@ export class HistoricalJobQuery { * @ignore */ static getAttributeTypeMap(): AttributeTypeMap { - return HistoricalJobQuery.attributeTypeMap; + return ThreatHuntingJobQuery.attributeTypeMap; } public constructor() {} diff --git a/services/security_monitoring/src/v2/models/HistoricalJobResponse.ts b/services/security_monitoring/src/v2/models/ThreatHuntingJobResponse.ts similarity index 69% rename from services/security_monitoring/src/v2/models/HistoricalJobResponse.ts rename to services/security_monitoring/src/v2/models/ThreatHuntingJobResponse.ts index bcb4b044f6f1..371e0cfdf9f6 100644 --- a/services/security_monitoring/src/v2/models/HistoricalJobResponse.ts +++ b/services/security_monitoring/src/v2/models/ThreatHuntingJobResponse.ts @@ -1,15 +1,15 @@ import { AttributeTypeMap } from "@datadog/datadog-api-client"; -import { HistoricalJobResponseData } from "./HistoricalJobResponseData"; +import { ThreatHuntingJobResponseData } from "./ThreatHuntingJobResponseData"; /** - * Historical job response. + * Threat hunting job response. */ -export class HistoricalJobResponse { +export class ThreatHuntingJobResponse { /** - * Historical job response data. + * Threat hunting job response data. */ - "data"?: HistoricalJobResponseData; + "data"?: ThreatHuntingJobResponseData; /** * A container for additional, undeclared properties. * This is a holder for any undeclared properties as specified with @@ -27,7 +27,7 @@ export class HistoricalJobResponse { static readonly attributeTypeMap: AttributeTypeMap = { data: { baseName: "data", - type: "HistoricalJobResponseData", + type: "ThreatHuntingJobResponseData", }, additionalProperties: { baseName: "additionalProperties", @@ -39,7 +39,7 @@ export class HistoricalJobResponse { * @ignore */ static getAttributeTypeMap(): AttributeTypeMap { - return HistoricalJobResponse.attributeTypeMap; + return ThreatHuntingJobResponse.attributeTypeMap; } public constructor() {} diff --git a/services/security_monitoring/src/v2/models/HistoricalJobResponseAttributes.ts b/services/security_monitoring/src/v2/models/ThreatHuntingJobResponseAttributes.ts similarity index 91% rename from services/security_monitoring/src/v2/models/HistoricalJobResponseAttributes.ts rename to services/security_monitoring/src/v2/models/ThreatHuntingJobResponseAttributes.ts index 632f96a6d5b5..1e071728ebd4 100644 --- a/services/security_monitoring/src/v2/models/HistoricalJobResponseAttributes.ts +++ b/services/security_monitoring/src/v2/models/ThreatHuntingJobResponseAttributes.ts @@ -3,9 +3,9 @@ import { AttributeTypeMap } from "@datadog/datadog-api-client"; import { JobDefinition } from "./JobDefinition"; /** - * Historical job attributes. + * Threat hunting job attributes. */ -export class HistoricalJobResponseAttributes { +export class ThreatHuntingJobResponseAttributes { /** * Time when the job was created. */ @@ -23,7 +23,7 @@ export class HistoricalJobResponseAttributes { */ "createdFromRuleId"?: string; /** - * Definition of a historical job. + * Definition of a threat hunting job. */ "jobDefinition"?: JobDefinition; /** @@ -95,7 +95,7 @@ export class HistoricalJobResponseAttributes { * @ignore */ static getAttributeTypeMap(): AttributeTypeMap { - return HistoricalJobResponseAttributes.attributeTypeMap; + return ThreatHuntingJobResponseAttributes.attributeTypeMap; } public constructor() {} diff --git a/services/security_monitoring/src/v2/models/HistoricalJobResponseData.ts b/services/security_monitoring/src/v2/models/ThreatHuntingJobResponseData.ts similarity index 64% rename from services/security_monitoring/src/v2/models/HistoricalJobResponseData.ts rename to services/security_monitoring/src/v2/models/ThreatHuntingJobResponseData.ts index d59f6ea3a1fb..a89356628455 100644 --- a/services/security_monitoring/src/v2/models/HistoricalJobResponseData.ts +++ b/services/security_monitoring/src/v2/models/ThreatHuntingJobResponseData.ts @@ -1,16 +1,16 @@ import { AttributeTypeMap } from "@datadog/datadog-api-client"; -import { HistoricalJobDataType } from "./HistoricalJobDataType"; -import { HistoricalJobResponseAttributes } from "./HistoricalJobResponseAttributes"; +import { ThreatHuntingJobDataType } from "./ThreatHuntingJobDataType"; +import { ThreatHuntingJobResponseAttributes } from "./ThreatHuntingJobResponseAttributes"; /** - * Historical job response data. + * Threat hunting job response data. */ -export class HistoricalJobResponseData { +export class ThreatHuntingJobResponseData { /** - * Historical job attributes. + * Threat hunting job attributes. */ - "attributes"?: HistoricalJobResponseAttributes; + "attributes"?: ThreatHuntingJobResponseAttributes; /** * ID of the job. */ @@ -18,7 +18,7 @@ export class HistoricalJobResponseData { /** * Type of payload. */ - "type"?: HistoricalJobDataType; + "type"?: ThreatHuntingJobDataType; /** * A container for additional, undeclared properties. * This is a holder for any undeclared properties as specified with @@ -36,7 +36,7 @@ export class HistoricalJobResponseData { static readonly attributeTypeMap: AttributeTypeMap = { attributes: { baseName: "attributes", - type: "HistoricalJobResponseAttributes", + type: "ThreatHuntingJobResponseAttributes", }, id: { baseName: "id", @@ -44,7 +44,7 @@ export class HistoricalJobResponseData { }, type: { baseName: "type", - type: "HistoricalJobDataType", + type: "ThreatHuntingJobDataType", }, additionalProperties: { baseName: "additionalProperties", @@ -56,7 +56,7 @@ export class HistoricalJobResponseData { * @ignore */ static getAttributeTypeMap(): AttributeTypeMap { - return HistoricalJobResponseData.attributeTypeMap; + return ThreatHuntingJobResponseData.attributeTypeMap; } public constructor() {} diff --git a/services/security_monitoring/src/v2/models/TypingInfo.ts b/services/security_monitoring/src/v2/models/TypingInfo.ts index f39b9ed91b5a..822e802e2971 100644 --- a/services/security_monitoring/src/v2/models/TypingInfo.ts +++ b/services/security_monitoring/src/v2/models/TypingInfo.ts @@ -59,12 +59,6 @@ import { GetResourceEvaluationFiltersResponseData } from "./GetResourceEvaluatio import { GetRuleVersionHistoryData } from "./GetRuleVersionHistoryData"; import { GetRuleVersionHistoryResponse } from "./GetRuleVersionHistoryResponse"; import { GetSBOMResponse } from "./GetSBOMResponse"; -import { HistoricalJobListMeta } from "./HistoricalJobListMeta"; -import { HistoricalJobOptions } from "./HistoricalJobOptions"; -import { HistoricalJobQuery } from "./HistoricalJobQuery"; -import { HistoricalJobResponse } from "./HistoricalJobResponse"; -import { HistoricalJobResponseAttributes } from "./HistoricalJobResponseAttributes"; -import { HistoricalJobResponseData } from "./HistoricalJobResponseData"; import { JSONAPIErrorItem } from "./JSONAPIErrorItem"; import { JSONAPIErrorItemSource } from "./JSONAPIErrorItemSource"; import { JSONAPIErrorResponse } from "./JSONAPIErrorResponse"; @@ -78,7 +72,7 @@ import { ListAssetsSBOMsResponse } from "./ListAssetsSBOMsResponse"; import { ListFindingsMeta } from "./ListFindingsMeta"; import { ListFindingsPage } from "./ListFindingsPage"; import { ListFindingsResponse } from "./ListFindingsResponse"; -import { ListHistoricalJobsResponse } from "./ListHistoricalJobsResponse"; +import { ListThreatHuntingJobsResponse } from "./ListThreatHuntingJobsResponse"; import { ListVulnerabilitiesResponse } from "./ListVulnerabilitiesResponse"; import { ListVulnerableAssetsResponse } from "./ListVulnerableAssetsResponse"; import { Metadata } from "./Metadata"; @@ -97,9 +91,9 @@ import { RuleUser } from "./RuleUser"; import { RuleVersionHistory } from "./RuleVersionHistory"; import { RuleVersionUpdate } from "./RuleVersionUpdate"; import { RuleVersions } from "./RuleVersions"; -import { RunHistoricalJobRequest } from "./RunHistoricalJobRequest"; -import { RunHistoricalJobRequestAttributes } from "./RunHistoricalJobRequestAttributes"; -import { RunHistoricalJobRequestData } from "./RunHistoricalJobRequestData"; +import { RunThreatHuntingJobRequest } from "./RunThreatHuntingJobRequest"; +import { RunThreatHuntingJobRequestAttributes } from "./RunThreatHuntingJobRequestAttributes"; +import { RunThreatHuntingJobRequestData } from "./RunThreatHuntingJobRequestData"; import { SBOM } from "./SBOM"; import { SBOMAttributes } from "./SBOMAttributes"; import { SBOMComponent } from "./SBOMComponent"; @@ -198,6 +192,12 @@ import { SecurityMonitoringThirdPartyRuleCaseCreate } from "./SecurityMonitoring import { SecurityMonitoringTriageUser } from "./SecurityMonitoringTriageUser"; import { SecurityMonitoringUser } from "./SecurityMonitoringUser"; import { Selectors } from "./Selectors"; +import { ThreatHuntingJobListMeta } from "./ThreatHuntingJobListMeta"; +import { ThreatHuntingJobOptions } from "./ThreatHuntingJobOptions"; +import { ThreatHuntingJobQuery } from "./ThreatHuntingJobQuery"; +import { ThreatHuntingJobResponse } from "./ThreatHuntingJobResponse"; +import { ThreatHuntingJobResponseAttributes } from "./ThreatHuntingJobResponseAttributes"; +import { ThreatHuntingJobResponseData } from "./ThreatHuntingJobResponseData"; import { UpdateCustomFrameworkRequest } from "./UpdateCustomFrameworkRequest"; import { UpdateCustomFrameworkResponse } from "./UpdateCustomFrameworkResponse"; import { UpdateResourceEvaluationFiltersRequest } from "./UpdateResourceEvaluationFiltersRequest"; @@ -244,7 +244,6 @@ export const TypingInfo: ModelTypingInfo = { "api_security", ], GetRuleVersionHistoryDataType: ["GetRuleVersionHistoryResponse"], - HistoricalJobDataType: ["historicalDetectionsJob"], NotificationRulesType: ["notification_rules"], ResourceFilterRequestType: ["csm_resource_filter"], RuleSeverity: ["critical", "high", "medium", "low", "unknown", "info"], @@ -266,7 +265,7 @@ export const TypingInfo: ModelTypingInfo = { "iac_misconfiguration", ], RuleVersionUpdateType: ["create", "update", "delete"], - RunHistoricalJobRequestDataType: ["historicalDetectionsJobCreate"], + RunThreatHuntingJobRequestDataType: ["historicalDetectionsJobCreate"], SBOMComponentLicenseType: [ "network_strong_copyleft", "non_standard_copyleft", @@ -388,6 +387,7 @@ export const TypingInfo: ModelTypingInfo = { ], SecurityMonitoringSuppressionType: ["suppressions"], SpecVersion: ["1.0", "1.1", "1.2", "1.3", "1.4", "1.5"], + ThreatHuntingJobDataType: ["historicalDetectionsJob"], TriggerSource: ["security_findings", "security_signals"], VulnerabilitiesType: ["vulnerabilities"], VulnerabilityEcosystem: [ @@ -556,12 +556,6 @@ export const TypingInfo: ModelTypingInfo = { GetRuleVersionHistoryData: GetRuleVersionHistoryData, GetRuleVersionHistoryResponse: GetRuleVersionHistoryResponse, GetSBOMResponse: GetSBOMResponse, - HistoricalJobListMeta: HistoricalJobListMeta, - HistoricalJobOptions: HistoricalJobOptions, - HistoricalJobQuery: HistoricalJobQuery, - HistoricalJobResponse: HistoricalJobResponse, - HistoricalJobResponseAttributes: HistoricalJobResponseAttributes, - HistoricalJobResponseData: HistoricalJobResponseData, JSONAPIErrorItem: JSONAPIErrorItem, JSONAPIErrorItemSource: JSONAPIErrorItemSource, JSONAPIErrorResponse: JSONAPIErrorResponse, @@ -575,7 +569,7 @@ export const TypingInfo: ModelTypingInfo = { ListFindingsMeta: ListFindingsMeta, ListFindingsPage: ListFindingsPage, ListFindingsResponse: ListFindingsResponse, - ListHistoricalJobsResponse: ListHistoricalJobsResponse, + ListThreatHuntingJobsResponse: ListThreatHuntingJobsResponse, ListVulnerabilitiesResponse: ListVulnerabilitiesResponse, ListVulnerableAssetsResponse: ListVulnerableAssetsResponse, Metadata: Metadata, @@ -595,9 +589,9 @@ export const TypingInfo: ModelTypingInfo = { RuleVersionHistory: RuleVersionHistory, RuleVersionUpdate: RuleVersionUpdate, RuleVersions: RuleVersions, - RunHistoricalJobRequest: RunHistoricalJobRequest, - RunHistoricalJobRequestAttributes: RunHistoricalJobRequestAttributes, - RunHistoricalJobRequestData: RunHistoricalJobRequestData, + RunThreatHuntingJobRequest: RunThreatHuntingJobRequest, + RunThreatHuntingJobRequestAttributes: RunThreatHuntingJobRequestAttributes, + RunThreatHuntingJobRequestData: RunThreatHuntingJobRequestData, SBOM: SBOM, SBOMAttributes: SBOMAttributes, SBOMComponent: SBOMComponent, @@ -741,6 +735,12 @@ export const TypingInfo: ModelTypingInfo = { SecurityMonitoringTriageUser: SecurityMonitoringTriageUser, SecurityMonitoringUser: SecurityMonitoringUser, Selectors: Selectors, + ThreatHuntingJobListMeta: ThreatHuntingJobListMeta, + ThreatHuntingJobOptions: ThreatHuntingJobOptions, + ThreatHuntingJobQuery: ThreatHuntingJobQuery, + ThreatHuntingJobResponse: ThreatHuntingJobResponse, + ThreatHuntingJobResponseAttributes: ThreatHuntingJobResponseAttributes, + ThreatHuntingJobResponseData: ThreatHuntingJobResponseData, UpdateCustomFrameworkRequest: UpdateCustomFrameworkRequest, UpdateCustomFrameworkResponse: UpdateCustomFrameworkResponse, UpdateResourceEvaluationFiltersRequest: