Sha256: 0cc427ef4eb236b474cc0cf180b1c3633f32f811ea1d0219a02e054a4b285384
Contents?: true
Size: 1.52 KB
Versions: 8
Compression:
Stored size: 1.52 KB
Contents
# Validate a detection rule returns "OK" response
require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
body = DatadogAPIClient::V2::SecurityMonitoringStandardRulePayload.new({
cases: [
DatadogAPIClient::V2::SecurityMonitoringRuleCaseCreate.new({
name: "",
status: DatadogAPIClient::V2::SecurityMonitoringRuleSeverity::INFO,
notifications: [],
condition: "a > 0",
}),
],
has_extended_title: true,
is_enabled: true,
message: "My security monitoring rule",
name: "My security monitoring rule",
options: DatadogAPIClient::V2::SecurityMonitoringRuleOptions.new({
evaluation_window: DatadogAPIClient::V2::SecurityMonitoringRuleEvaluationWindow::THIRTY_MINUTES,
keep_alive: DatadogAPIClient::V2::SecurityMonitoringRuleKeepAlive::THIRTY_MINUTES,
max_signal_duration: DatadogAPIClient::V2::SecurityMonitoringRuleMaxSignalDuration::THIRTY_MINUTES,
detection_method: DatadogAPIClient::V2::SecurityMonitoringRuleDetectionMethod::THRESHOLD,
}),
queries: [
DatadogAPIClient::V2::SecurityMonitoringStandardRuleQuery.new({
query: "source:source_here",
group_by_fields: [
"@userIdentity.assumed_role",
],
distinct_fields: [],
aggregation: DatadogAPIClient::V2::SecurityMonitoringRuleQueryAggregation::COUNT,
name: "",
}),
],
tags: [
"env:prod",
"team:security",
],
type: DatadogAPIClient::V2::SecurityMonitoringRuleTypeCreate::LOG_DETECTION,
})
api_instance.validate_security_monitoring_rule(body)
Version data entries
8 entries across 8 versions & 1 rubygems