Sha256: d324e5188f56c7ed1a047b86f98d501c7785e22068127ed71893b76f2a80e8b0
Contents?: true
Size: 1.9 KB
Versions: 8
Compression:
Stored size: 1.9 KB
Contents
# Create a detection rule with type 'signal_correlation' returns "OK" response
require "datadog_api_client"
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
# there is a valid "security_rule" in the system
SECURITY_RULE_ID = ENV["SECURITY_RULE_ID"]
# there is a valid "security_rule_bis" in the system
SECURITY_RULE_BIS_ID = ENV["SECURITY_RULE_BIS_ID"]
body = DatadogAPIClient::V2::SecurityMonitoringSignalRuleCreatePayload.new({
name: "Example-Create_a_detection_rule_with_type_signal_correlation_returns_OK_response_signal_rule",
queries: [
DatadogAPIClient::V2::SecurityMonitoringSignalRuleQuery.new({
rule_id: SECURITY_RULE_ID,
aggregation: DatadogAPIClient::V2::SecurityMonitoringRuleQueryAggregation::EVENT_COUNT,
correlated_by_fields: [
"host",
],
correlated_query_index: 1,
}),
DatadogAPIClient::V2::SecurityMonitoringSignalRuleQuery.new({
rule_id: SECURITY_RULE_BIS_ID,
aggregation: DatadogAPIClient::V2::SecurityMonitoringRuleQueryAggregation::EVENT_COUNT,
correlated_by_fields: [
"host",
],
}),
],
filters: [],
cases: [
DatadogAPIClient::V2::SecurityMonitoringRuleCaseCreate.new({
name: "",
status: DatadogAPIClient::V2::SecurityMonitoringRuleSeverity::INFO,
condition: "a > 0 && b > 0",
notifications: [],
}),
],
options: DatadogAPIClient::V2::SecurityMonitoringRuleOptions.new({
evaluation_window: DatadogAPIClient::V2::SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES,
keep_alive: DatadogAPIClient::V2::SecurityMonitoringRuleKeepAlive::ONE_HOUR,
max_signal_duration: DatadogAPIClient::V2::SecurityMonitoringRuleMaxSignalDuration::ONE_DAY,
}),
message: "Test signal correlation rule",
tags: [],
is_enabled: true,
type: DatadogAPIClient::V2::SecurityMonitoringSignalRuleType::SIGNAL_CORRELATION,
})
p api_instance.create_security_monitoring_rule(body)
Version data entries
8 entries across 8 versions & 1 rubygems