.generator/schemas/v2/openapi.yaml in datadog_api_client-2.1.0 vs .generator/schemas/v2/openapi.yaml in datadog_api_client-2.2.0
- old
+ new
@@ -143,10 +143,30 @@
in: path
name: agent_rule_id
required: true
schema:
type: string
+ IncidentAttachmentFilterQueryParameter:
+ description: Specifies which types of attachments are included in the response.
+ explode: false
+ in: query
+ name: filter[attachment_type]
+ required: false
+ schema:
+ items:
+ $ref: '#/components/schemas/IncidentAttachmentAttachmentType'
+ type: array
+ IncidentAttachmentIncludeQueryParameter:
+ description: Specifies which types of related objects are included in the response.
+ explode: false
+ in: query
+ name: include
+ required: false
+ schema:
+ items:
+ $ref: '#/components/schemas/IncidentAttachmentRelatedObject'
+ type: array
IncidentIDPathParameter:
description: The UUID of the incident.
in: path
name: incident_id
required: true
@@ -2112,10 +2132,247 @@
description: The IdP metadata XML file
format: binary
type: string
x-mimetype: application/xml
type: object
+ IncidentAttachmentAttachmentType:
+ description: The type of the incident attachment attributes.
+ enum:
+ - link
+ - postmortem
+ example: link
+ type: string
+ x-enum-varnames:
+ - LINK
+ - POSTMORTEM
+ IncidentAttachmentAttributes:
+ description: The attributes object for an attachment.
+ oneOf:
+ - $ref: '#/components/schemas/IncidentAttachmentPostmortemAttributes'
+ - $ref: '#/components/schemas/IncidentAttachmentLinkAttributes'
+ type: object
+ IncidentAttachmentData:
+ description: A single incident attachment.
+ example:
+ attributes:
+ attachment:
+ documentUrl: ''
+ title: Postmortem IR-123
+ attachment_type: postmortem
+ id: 00000000-abcd-0002-0000-000000000000
+ relationships:
+ last_modified_by_user:
+ data:
+ id: 00000000-0000-0000-cccc-000000000000
+ type: users
+ type: incident_attachments
+ properties:
+ attributes:
+ $ref: '#/components/schemas/IncidentAttachmentAttributes'
+ id:
+ description: A unique identifier that represents the incident attachment.
+ example: 00000000-abcd-0001-0000-000000000000
+ type: string
+ relationships:
+ $ref: '#/components/schemas/IncidentAttachmentRelationships'
+ type:
+ $ref: '#/components/schemas/IncidentAttachmentType'
+ required:
+ - type
+ - attributes
+ - id
+ - relationships
+ type: object
+ IncidentAttachmentLinkAttachmentType:
+ default: link
+ description: The type of link attachment attributes.
+ enum:
+ - link
+ example: link
+ type: string
+ x-enum-varnames:
+ - LINK
+ IncidentAttachmentLinkAttributes:
+ description: The attributes object for a link attachment.
+ properties:
+ attachment:
+ $ref: '#/components/schemas/IncidentAttachmentLinkAttributesAttachmentObject'
+ attachment_type:
+ $ref: '#/components/schemas/IncidentAttachmentLinkAttachmentType'
+ required:
+ - attachment_type
+ - attachment
+ type: object
+ IncidentAttachmentLinkAttributesAttachmentObject:
+ description: The link attachment.
+ properties:
+ documentUrl:
+ description: The URL of this link attachment.
+ example: https://www.example.com/webstore-failure-runbook
+ type: string
+ title:
+ description: The title of this link attachment.
+ example: Runbook for webstore service failures
+ type: string
+ required:
+ - documentUrl
+ - title
+ type: object
+ IncidentAttachmentPostmortemAttachmentType:
+ default: postmortem
+ description: The type of postmortem attachment attributes.
+ enum:
+ - postmortem
+ example: postmortem
+ type: string
+ x-enum-varnames:
+ - POSTMORTEM
+ IncidentAttachmentPostmortemAttributes:
+ description: The attributes object for a postmortem attachment.
+ properties:
+ attachment:
+ $ref: '#/components/schemas/IncidentAttachmentsPostmortemAttributesAttachmentObject'
+ attachment_type:
+ $ref: '#/components/schemas/IncidentAttachmentPostmortemAttachmentType'
+ required:
+ - attachment_type
+ - attachment
+ type: object
+ IncidentAttachmentRelatedObject:
+ description: The object related to an incident attachment.
+ enum:
+ - users
+ type: string
+ x-enum-varnames:
+ - USERS
+ IncidentAttachmentRelationships:
+ description: The incident attachment's relationships.
+ properties:
+ last_modified_by_user:
+ $ref: '#/components/schemas/RelationshipToUser'
+ type: object
+ IncidentAttachmentType:
+ default: incident_attachments
+ description: The incident attachment resource type.
+ enum:
+ - incident_attachments
+ example: incident_attachments
+ type: string
+ x-enum-varnames:
+ - INCIDENT_ATTACHMENTS
+ IncidentAttachmentUpdateAttributes:
+ description: Incident attachment attributes.
+ oneOf:
+ - $ref: '#/components/schemas/IncidentAttachmentPostmortemAttributes'
+ - $ref: '#/components/schemas/IncidentAttachmentLinkAttributes'
+ type: object
+ IncidentAttachmentUpdateData:
+ description: A single incident attachment.
+ properties:
+ attributes:
+ $ref: '#/components/schemas/IncidentAttachmentUpdateAttributes'
+ id:
+ description: A unique identifier that represents the incident attachment.
+ example: 00000000-abcd-0001-0000-000000000000
+ type: string
+ type:
+ $ref: '#/components/schemas/IncidentAttachmentType'
+ required:
+ - type
+ type: object
+ IncidentAttachmentUpdateRequest:
+ description: The update request for an incident's attachments.
+ properties:
+ data:
+ description: 'An array of incident attachments. An attachment object without
+ an "id" key indicates that you want to
+
+ create that attachment. An attachment object without an "attributes" key
+ indicates that you want to
+
+ delete that attachment. An attachment object with both the "id" key and
+ a populated "attributes" object
+
+ indicates that you want to update that attachment.'
+ example:
+ - attributes:
+ attachment:
+ documentUrl: https://app.datadoghq.com/notebook/123
+ title: Postmortem IR-123
+ attachment_type: postmortem
+ id: 00000000-abcd-0002-0000-000000000000
+ type: incident_attachments
+ - attributes:
+ attachment:
+ documentUrl: https://www.example.com/webstore-failure-runbook
+ title: Runbook for webstore service failures
+ attachment_type: link
+ type: incident_attachments
+ - id: 00000000-abcd-0003-0000-000000000000
+ type: incident_attachments
+ items:
+ $ref: '#/components/schemas/IncidentAttachmentUpdateData'
+ type: array
+ required:
+ - data
+ type: object
+ IncidentAttachmentUpdateResponse:
+ description: The response object containing the created or updated incident
+ attachments.
+ properties:
+ data:
+ description: 'An array of incident attachments. Only the attachments that
+ were created or updated by the request are
+
+ returned.'
+ items:
+ $ref: '#/components/schemas/IncidentAttachmentData'
+ type: array
+ included:
+ description: Included related resources that the user requested.
+ items:
+ $ref: '#/components/schemas/IncidentAttachmentsResponseIncludedItem'
+ type: array
+ required:
+ - data
+ type: object
+ IncidentAttachmentsPostmortemAttributesAttachmentObject:
+ description: The postmortem attachment.
+ properties:
+ documentUrl:
+ description: The URL of this notebook attachment.
+ example: https://app.datadoghq.com/notebook/123
+ type: string
+ title:
+ description: The title of this postmortem attachment.
+ example: Postmortem IR-123
+ type: string
+ required:
+ - documentUrl
+ - title
+ type: object
+ IncidentAttachmentsResponse:
+ description: The response object containing an incident's attachments.
+ properties:
+ data:
+ description: An array of incident attachments.
+ items:
+ $ref: '#/components/schemas/IncidentAttachmentData'
+ type: array
+ included:
+ description: Included related resources that the user requested.
+ items:
+ $ref: '#/components/schemas/IncidentAttachmentsResponseIncludedItem'
+ type: array
+ required:
+ - data
+ type: object
+ IncidentAttachmentsResponseIncludedItem:
+ description: An object related to an attachment that is included in the response.
+ oneOf:
+ - $ref: '#/components/schemas/User'
+ type: object
IncidentCreateAttributes:
description: The incident's attributes for a create request.
properties:
customer_impacted:
description: A flag indicating whether the incident caused customer impact.
@@ -2276,13 +2533,15 @@
- INCIDENT_POSTMORTEMS
IncidentRelatedObject:
description: Object related to an incident.
enum:
- users
+ - attachments
type: string
x-enum-varnames:
- USERS
+ - ATTACHMENTS
IncidentResponse:
description: Response with an incident.
properties:
data:
$ref: '#/components/schemas/IncidentResponseData'
@@ -2353,14 +2612,10 @@
during update.
items:
$ref: '#/components/schemas/IncidentNotificationHandle'
nullable: true
type: array
- postmortem_id:
- description: The UUID of the postmortem object attached to the incident.
- example: 00000000-0000-0000-7890-000000000000
- type: string
public_id:
description: The monotonically increasing integer ID for the incident.
example: 1
format: int64
type: integer
@@ -2421,10 +2676,11 @@
type: object
IncidentResponseIncludedItem:
description: An object related to an incident that is included in the response.
oneOf:
- $ref: '#/components/schemas/User'
+ - $ref: '#/components/schemas/IncidentAttachmentData'
type: object
IncidentResponseMeta:
description: The metadata object containing pagination metadata.
properties:
pagination:
@@ -2452,20 +2708,20 @@
type: integer
type: object
IncidentResponseRelationships:
description: The incident's relationships from a response.
properties:
+ attachments:
+ $ref: '#/components/schemas/RelationshipToIncidentAttachment'
commander_user:
$ref: '#/components/schemas/NullableRelationshipToUser'
created_by_user:
$ref: '#/components/schemas/RelationshipToUser'
integrations:
$ref: '#/components/schemas/RelationshipToIncidentIntegrationMetadatas'
last_modified_by_user:
$ref: '#/components/schemas/RelationshipToUser'
- postmortem:
- $ref: '#/components/schemas/RelationshipToIncidentPostmortem'
type: object
IncidentServiceCreateAttributes:
description: The incident service's attributes for a create request.
properties:
name:
@@ -2932,21 +3188,26 @@
customer_impact_scope: null
customer_impact_start: null
customer_impacted: false
detected: '2020-04-14T00:00:00+00:00'
modified: '2020-09-17T14:16:58.696424+00:00'
- postmortem_id: 00000000-0000-bbbb-0000-000000000000
public_id: 1
resolved: null
severity: SEV-1
time_to_detect: 0
time_to_internal_response: 0
time_to_repair: 0
time_to_resolve: 0
title: Example Incident
id: 00000000-aaaa-0000-0000-000000000000
relationships:
+ attachments:
+ data:
+ - id: 00000000-9999-0000-0000-000000000000
+ type: incident_attachments
+ - id: 00000000-1234-0000-0000-000000000000
+ type: incident_attachments
commander_user:
data:
id: 00000000-0000-0000-cccc-000000000000
type: users
created_by_user:
@@ -2961,14 +3222,10 @@
type: incident_integrations
last_modified_by_user:
data:
id: 00000000-0000-0000-cccc-000000000000
type: users
- postmortem:
- data:
- id: 00000000-9999-0000-0000-000000000000
- type: incident_postmortems
type: incidents
- attributes:
created: '2020-04-21T15:34:08.627205+00:00'
creation_idempotency_key: null
customer_impact_duration: 0
@@ -2976,21 +3233,24 @@
customer_impact_scope: null
customer_impact_start: null
customer_impacted: false
detected: '2020-04-14T00:00:00+00:00'
modified: '2020-09-17T14:16:58.696424+00:00'
- postmortem_id: 00000000-6006-0000-0000-000000000000
public_id: 2
resolved: null
severity: SEV-5
time_to_detect: 0
time_to_internal_response: 0
time_to_repair: 0
time_to_resolve: 0
title: Example Incident 2
id: 00000000-1111-0000-0000-000000000000
relationships:
+ attachments:
+ data:
+ - id: 00000000-9999-0000-0000-000000000000
+ type: incident_attachments
commander_user:
data:
id: 00000000-aaaa-0000-0000-000000000000
type: users
created_by_user:
@@ -3005,14 +3265,10 @@
type: incident_integrations
last_modified_by_user:
data:
id: 00000000-aaaa-0000-0000-000000000000
type: users
- postmortem:
- data:
- id: 00000000-6006-0000-0000-000000000000
- type: incident_postmortems
type: incidents
items:
$ref: '#/components/schemas/IncidentResponseData'
type: array
included:
@@ -4154,10 +4410,19 @@
id:
$ref: '#/components/schemas/MetricName'
type:
$ref: '#/components/schemas/MetricType'
type: object
+ MetricActiveConfigurationType:
+ default: actively_queried_configurations
+ description: The metric actively queried configuration resource type.
+ enum:
+ - actively_queried_configurations
+ example: actively_queried_configurations
+ type: string
+ x-enum-varnames:
+ - ACTIVELY_QUERIED_CONFIGURATIONS
MetricAllTags:
description: Object for a single metric's indexed tags.
properties:
attributes:
$ref: '#/components/schemas/MetricAllTagsAttributes'
@@ -4679,10 +4944,54 @@
type: string
required:
- metric
- points
type: object
+ MetricSuggestedAggregations:
+ description: List of aggregation combinations that have been actively queried.
+ example:
+ - space: sum
+ time: sum
+ - space: sum
+ time: count
+ items:
+ $ref: '#/components/schemas/MetricCustomAggregation'
+ type: array
+ MetricSuggestedTagsAndAggregations:
+ description: Object for a single metric's actively queried tags and aggregations.
+ properties:
+ attributes:
+ $ref: '#/components/schemas/MetricSuggestedTagsAttributes'
+ id:
+ $ref: '#/components/schemas/MetricName'
+ type:
+ $ref: '#/components/schemas/MetricActiveConfigurationType'
+ type: object
+ MetricSuggestedTagsAndAggregationsResponse:
+ description: Response object that includes a single metric's actively queried
+ tags and aggregations.
+ properties:
+ data:
+ $ref: '#/components/schemas/MetricSuggestedTagsAndAggregations'
+ readOnly: true
+ type: object
+ MetricSuggestedTagsAttributes:
+ description: Object containing the definition of a metric's actively queried
+ tags and aggregations.
+ properties:
+ active_aggregations:
+ $ref: '#/components/schemas/MetricSuggestedAggregations'
+ active_tags:
+ description: List of tag keys that have been actively queried.
+ example:
+ - app
+ - datacenter
+ items:
+ description: Actively queried tag keys.
+ type: string
+ type: array
+ type: object
MetricTagConfiguration:
description: Object for a single metric tag configuration.
example:
attributes:
aggregations:
@@ -6142,10 +6451,34 @@
description: A short human-readable summary of the warning.
example: One or several indexes are missing or invalid, results hold data
from the other indexes
type: string
type: object
+ RelationshipToIncidentAttachment:
+ description: A relationship reference for attachments.
+ properties:
+ data:
+ description: An array of incident attachments.
+ items:
+ $ref: '#/components/schemas/RelationshipToIncidentAttachmentData'
+ type: array
+ required:
+ - data
+ type: object
+ RelationshipToIncidentAttachmentData:
+ description: The attachment relationship data.
+ properties:
+ id:
+ description: A unique identifier that represents the attachment.
+ example: 00000000-0000-abcd-1000-000000000000
+ type: string
+ type:
+ $ref: '#/components/schemas/IncidentAttachmentType'
+ required:
+ - id
+ - type
+ type: object
RelationshipToIncidentIntegrationMetadataData:
description: A relationship reference for an integration metadata object.
example:
id: 00000000-abcd-0002-0000-000000000000
type: incident_integrations
@@ -6939,66 +7272,13 @@
required:
- status
type: object
SecurityMonitoringRuleCreatePayload:
description: Create a new rule.
- properties:
- cases:
- description: Cases for generating signals.
- example: []
- items:
- $ref: '#/components/schemas/SecurityMonitoringRuleCaseCreate'
- type: array
- filters:
- description: Additional queries to filter matched events before they are
- processed.
- items:
- $ref: '#/components/schemas/SecurityMonitoringFilter'
- type: array
- hasExtendedTitle:
- description: Whether the notifications include the triggering group-by values
- in their title.
- example: true
- type: boolean
- isEnabled:
- description: Whether the rule is enabled.
- example: true
- type: boolean
- message:
- description: Message for generated signals.
- example: ''
- type: string
- name:
- description: The name of the rule.
- example: My security monitoring rule.
- type: string
- options:
- $ref: '#/components/schemas/SecurityMonitoringRuleOptions'
- queries:
- description: Queries for selecting logs which are part of the rule.
- example: []
- items:
- $ref: '#/components/schemas/SecurityMonitoringRuleQueryCreate'
- type: array
- tags:
- description: Tags for generated signals.
- example:
- - env:prod
- - team:security
- items:
- description: Tag.
- type: string
- type: array
- type:
- $ref: '#/components/schemas/SecurityMonitoringRuleTypeCreate'
- required:
- - name
- - isEnabled
- - queries
- - options
- - cases
- - message
+ oneOf:
+ - $ref: '#/components/schemas/SecurityMonitoringStandardRuleCreatePayload'
+ - $ref: '#/components/schemas/SecurityMonitoringSignalRuleCreatePayload'
type: object
SecurityMonitoringRuleDecreaseCriticalityBasedOnEnv:
description: 'If true, signals in non-production environments have a lower severity
than what is defined by the rule case, which can reduce signal noise.
@@ -7219,167 +7499,39 @@
newValueOptions:
$ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptions'
type: object
SecurityMonitoringRuleQuery:
description: Query for matching rule.
- properties:
- aggregation:
- $ref: '#/components/schemas/SecurityMonitoringRuleQueryAggregation'
- distinctFields:
- description: Field for which the cardinality is measured. Sent as an array.
- items:
- description: Field.
- type: string
- type: array
- groupByFields:
- description: Fields to group by.
- items:
- description: Field.
- type: string
- type: array
- metric:
- description: 'The target field to aggregate over when using the sum or max
-
- aggregations.'
- type: string
- metrics:
- description: Group of target fields to aggregate over when using the new
- value aggregations.
- items:
- description: Field.
- type: string
- type: array
- name:
- description: Name of the query.
- type: string
- query:
- description: Query to run on logs.
- type: string
+ oneOf:
+ - $ref: '#/components/schemas/SecurityMonitoringStandardRuleQuery'
+ - $ref: '#/components/schemas/SecurityMonitoringSignalRuleQuery'
type: object
SecurityMonitoringRuleQueryAggregation:
description: The aggregation type.
enum:
- count
- cardinality
- sum
- max
- new_value
- geo_data
+ - event_count
type: string
x-enum-varnames:
- COUNT
- CARDINALITY
- SUM
- MAX
- NEW_VALUE
- GEO_DATA
- SecurityMonitoringRuleQueryCreate:
- description: Query for matching rule.
- properties:
- aggregation:
- $ref: '#/components/schemas/SecurityMonitoringRuleQueryAggregation'
- distinctFields:
- description: Field for which the cardinality is measured. Sent as an array.
- items:
- description: Field.
- type: string
- type: array
- groupByFields:
- description: Fields to group by.
- items:
- description: Field.
- type: string
- type: array
- metric:
- description: 'The target field to aggregate over when using the sum or max
-
- aggregations.'
- type: string
- metrics:
- description: Group of target fields to aggregate over when using the new
- value aggregations.
- items:
- description: Field.
- type: string
- type: array
- name:
- description: Name of the query.
- type: string
- query:
- description: Query to run on logs.
- example: a > 3
- type: string
- required:
- - query
- type: object
+ - EVENT_COUNT
SecurityMonitoringRuleResponse:
- description: Rule.
- properties:
- cases:
- description: Cases for generating signals.
- items:
- $ref: '#/components/schemas/SecurityMonitoringRuleCase'
- type: array
- createdAt:
- description: When the rule was created, timestamp in milliseconds.
- format: int64
- type: integer
- creationAuthorId:
- description: User ID of the user who created the rule.
- format: int64
- type: integer
- filters:
- description: Additional queries to filter matched events before they are
- processed.
- items:
- $ref: '#/components/schemas/SecurityMonitoringFilter'
- type: array
- hasExtendedTitle:
- description: Whether the notifications include the triggering group-by values
- in their title.
- type: boolean
- id:
- description: The ID of the rule.
- type: string
- isDefault:
- description: Whether the rule is included by default.
- type: boolean
- isDeleted:
- description: Whether the rule has been deleted.
- type: boolean
- isEnabled:
- description: Whether the rule is enabled.
- type: boolean
- message:
- description: Message for generated signals.
- type: string
- name:
- description: The name of the rule.
- type: string
- options:
- $ref: '#/components/schemas/SecurityMonitoringRuleOptions'
- queries:
- description: Queries for selecting logs which are part of the rule.
- items:
- $ref: '#/components/schemas/SecurityMonitoringRuleQuery'
- type: array
- tags:
- description: Tags for generated signals.
- items:
- description: Tag.
- type: string
- type: array
- type:
- $ref: '#/components/schemas/SecurityMonitoringRuleTypeRead'
- updateAuthorId:
- description: User ID of the user who updated the rule.
- format: int64
- type: integer
- version:
- description: The version of the rule.
- format: int64
- type: integer
+ description: Create a new rule.
+ oneOf:
+ - $ref: '#/components/schemas/SecurityMonitoringStandardRuleResponse'
+ - $ref: '#/components/schemas/SecurityMonitoringSignalRuleResponse'
+ type: object
SecurityMonitoringRuleSeverity:
description: Severity of the Security Signal.
enum:
- info
- low
@@ -7636,10 +7788,176 @@
example: 25
format: int32
maximum: 1000
type: integer
type: object
+ SecurityMonitoringSignalRuleCreatePayload:
+ description: Create a new signal correlation rule.
+ properties:
+ cases:
+ description: Cases for generating signals.
+ example: []
+ items:
+ $ref: '#/components/schemas/SecurityMonitoringRuleCaseCreate'
+ type: array
+ filters:
+ description: Additional queries to filter matched events before they are
+ processed.
+ items:
+ $ref: '#/components/schemas/SecurityMonitoringFilter'
+ type: array
+ hasExtendedTitle:
+ description: Whether the notifications include the triggering group-by values
+ in their title.
+ example: true
+ type: boolean
+ isEnabled:
+ description: Whether the rule is enabled.
+ example: true
+ type: boolean
+ message:
+ description: Message for generated signals.
+ example: ''
+ type: string
+ name:
+ description: The name of the rule.
+ example: My security monitoring rule.
+ type: string
+ options:
+ $ref: '#/components/schemas/SecurityMonitoringRuleOptions'
+ queries:
+ description: Queries for selecting signals which are part of the rule.
+ example: []
+ items:
+ $ref: '#/components/schemas/SecurityMonitoringSignalRuleQuery'
+ type: array
+ tags:
+ description: Tags for generated signals.
+ example:
+ - env:prod
+ - team:security
+ items:
+ description: Tag.
+ type: string
+ type: array
+ type:
+ $ref: '#/components/schemas/SecurityMonitoringSignalRuleType'
+ required:
+ - name
+ - isEnabled
+ - queries
+ - options
+ - cases
+ - message
+ type: object
+ SecurityMonitoringSignalRuleQuery:
+ description: Query for matching rule on signals
+ properties:
+ aggregation:
+ $ref: '#/components/schemas/SecurityMonitoringRuleQueryAggregation'
+ correlatedByFields:
+ description: Fields to group by.
+ items:
+ description: Field.
+ type: string
+ type: array
+ correlatedQueryIndex:
+ description: Index of the rule query used to retrieve the correlated field.
+ format: int32
+ maximum: 9
+ type: integer
+ metrics:
+ description: Group of target fields to aggregate over when using the new
+ value aggregations.
+ items:
+ description: Field.
+ type: string
+ type: array
+ name:
+ description: Name of the query.
+ type: string
+ ruleId:
+ description: Rule ID to match on signals.
+ example: d3f-ru1-e1d
+ type: string
+ required:
+ - ruleId
+ type: object
+ SecurityMonitoringSignalRuleResponse:
+ description: Rule.
+ properties:
+ cases:
+ description: Cases for generating signals.
+ items:
+ $ref: '#/components/schemas/SecurityMonitoringRuleCase'
+ type: array
+ createdAt:
+ description: When the rule was created, timestamp in milliseconds.
+ format: int64
+ type: integer
+ creationAuthorId:
+ description: User ID of the user who created the rule.
+ format: int64
+ type: integer
+ filters:
+ description: Additional queries to filter matched events before they are
+ processed.
+ items:
+ $ref: '#/components/schemas/SecurityMonitoringFilter'
+ type: array
+ hasExtendedTitle:
+ description: Whether the notifications include the triggering group-by values
+ in their title.
+ type: boolean
+ id:
+ description: The ID of the rule.
+ type: string
+ isDefault:
+ description: Whether the rule is included by default.
+ type: boolean
+ isDeleted:
+ description: Whether the rule has been deleted.
+ type: boolean
+ isEnabled:
+ description: Whether the rule is enabled.
+ type: boolean
+ message:
+ description: Message for generated signals.
+ type: string
+ name:
+ description: The name of the rule.
+ type: string
+ options:
+ $ref: '#/components/schemas/SecurityMonitoringRuleOptions'
+ queries:
+ description: Queries for selecting logs which are part of the rule.
+ items:
+ $ref: '#/components/schemas/SecurityMonitoringSignalRuleQuery'
+ type: array
+ tags:
+ description: Tags for generated signals.
+ items:
+ description: Tag.
+ type: string
+ type: array
+ type:
+ $ref: '#/components/schemas/SecurityMonitoringSignalRuleType'
+ updateAuthorId:
+ description: User ID of the user who updated the rule.
+ format: int64
+ type: integer
+ version:
+ description: The version of the rule.
+ format: int64
+ type: integer
+ SecurityMonitoringSignalRuleType:
+ description: The rule type.
+ enum:
+ - signal_correlation
+ type: string
+ x-enum-varnames:
+ - SIGNAL_CORRELATION
SecurityMonitoringSignalState:
description: The new triage state of the signal.
enum:
- open
- archived
@@ -7792,10 +8110,175 @@
- -timestamp
type: string
x-enum-varnames:
- TIMESTAMP_ASCENDING
- TIMESTAMP_DESCENDING
+ SecurityMonitoringStandardRuleCreatePayload:
+ description: Create a new rule.
+ properties:
+ cases:
+ description: Cases for generating signals.
+ example: []
+ items:
+ $ref: '#/components/schemas/SecurityMonitoringRuleCaseCreate'
+ type: array
+ filters:
+ description: Additional queries to filter matched events before they are
+ processed.
+ items:
+ $ref: '#/components/schemas/SecurityMonitoringFilter'
+ type: array
+ hasExtendedTitle:
+ description: Whether the notifications include the triggering group-by values
+ in their title.
+ example: true
+ type: boolean
+ isEnabled:
+ description: Whether the rule is enabled.
+ example: true
+ type: boolean
+ message:
+ description: Message for generated signals.
+ example: ''
+ type: string
+ name:
+ description: The name of the rule.
+ example: My security monitoring rule.
+ type: string
+ options:
+ $ref: '#/components/schemas/SecurityMonitoringRuleOptions'
+ queries:
+ description: Queries for selecting logs which are part of the rule.
+ example: []
+ items:
+ $ref: '#/components/schemas/SecurityMonitoringStandardRuleQuery'
+ type: array
+ tags:
+ description: Tags for generated signals.
+ example:
+ - env:prod
+ - team:security
+ items:
+ description: Tag.
+ type: string
+ type: array
+ type:
+ $ref: '#/components/schemas/SecurityMonitoringRuleTypeCreate'
+ required:
+ - name
+ - isEnabled
+ - queries
+ - options
+ - cases
+ - message
+ type: object
+ SecurityMonitoringStandardRuleQuery:
+ description: Query for matching rule.
+ properties:
+ aggregation:
+ $ref: '#/components/schemas/SecurityMonitoringRuleQueryAggregation'
+ distinctFields:
+ description: Field for which the cardinality is measured. Sent as an array.
+ items:
+ description: Field.
+ type: string
+ type: array
+ groupByFields:
+ description: Fields to group by.
+ items:
+ description: Field.
+ type: string
+ type: array
+ metric:
+ description: 'The target field to aggregate over when using the sum or max
+
+ aggregations.'
+ type: string
+ metrics:
+ description: Group of target fields to aggregate over when using the new
+ value aggregations.
+ items:
+ description: Field.
+ type: string
+ type: array
+ name:
+ description: Name of the query.
+ type: string
+ query:
+ description: Query to run on logs.
+ example: a > 3
+ type: string
+ required:
+ - query
+ type: object
+ SecurityMonitoringStandardRuleResponse:
+ description: Rule.
+ properties:
+ cases:
+ description: Cases for generating signals.
+ items:
+ $ref: '#/components/schemas/SecurityMonitoringRuleCase'
+ type: array
+ createdAt:
+ description: When the rule was created, timestamp in milliseconds.
+ format: int64
+ type: integer
+ creationAuthorId:
+ description: User ID of the user who created the rule.
+ format: int64
+ type: integer
+ filters:
+ description: Additional queries to filter matched events before they are
+ processed.
+ items:
+ $ref: '#/components/schemas/SecurityMonitoringFilter'
+ type: array
+ hasExtendedTitle:
+ description: Whether the notifications include the triggering group-by values
+ in their title.
+ type: boolean
+ id:
+ description: The ID of the rule.
+ type: string
+ isDefault:
+ description: Whether the rule is included by default.
+ type: boolean
+ isDeleted:
+ description: Whether the rule has been deleted.
+ type: boolean
+ isEnabled:
+ description: Whether the rule is enabled.
+ type: boolean
+ message:
+ description: Message for generated signals.
+ type: string
+ name:
+ description: The name of the rule.
+ type: string
+ options:
+ $ref: '#/components/schemas/SecurityMonitoringRuleOptions'
+ queries:
+ description: Queries for selecting logs which are part of the rule.
+ items:
+ $ref: '#/components/schemas/SecurityMonitoringStandardRuleQuery'
+ type: array
+ tags:
+ description: Tags for generated signals.
+ items:
+ description: Tag.
+ type: string
+ type: array
+ type:
+ $ref: '#/components/schemas/SecurityMonitoringRuleTypeRead'
+ updateAuthorId:
+ description: User ID of the user who updated the rule.
+ format: int64
+ type: integer
+ version:
+ description: The version of the rule.
+ format: int64
+ type: integer
SecurityMonitoringTriageUser:
description: Object representing a given user entity.
properties:
handle:
description: The handle for this user account.
@@ -9581,10 +10064,84 @@
- Incidents
x-codegen-request-body-name: body
x-unstable: '**Note**: This endpoint is in public beta.
If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
+ /api/v2/incidents/{incident_id}/attachments:
+ get:
+ description: Get all attachments for a given incident.
+ operationId: ListIncidentAttachments
+ parameters:
+ - $ref: '#/components/parameters/IncidentIDPathParameter'
+ - $ref: '#/components/parameters/IncidentAttachmentIncludeQueryParameter'
+ - $ref: '#/components/parameters/IncidentAttachmentFilterQueryParameter'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/IncidentAttachmentsResponse'
+ description: OK
+ '400':
+ $ref: '#/components/responses/BadRequestResponse'
+ '401':
+ $ref: '#/components/responses/UnauthorizedResponse'
+ '403':
+ $ref: '#/components/responses/ForbiddenResponse'
+ '404':
+ $ref: '#/components/responses/NotFoundResponse'
+ '429':
+ $ref: '#/components/responses/TooManyRequestsResponse'
+ security:
+ - apiKeyAuth: []
+ appKeyAuth: []
+ - AuthZ:
+ - incident_read
+ summary: Get a list of attachments
+ tags:
+ - Incidents
+ x-unstable: '**Note**: This endpoint is in public beta.
+
+ If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
+ patch:
+ description: The bulk update endpoint for creating, updating, and deleting attachments
+ for a given incident.
+ operationId: UpdateIncidentAttachments
+ parameters:
+ - $ref: '#/components/parameters/IncidentIDPathParameter'
+ - $ref: '#/components/parameters/IncidentAttachmentIncludeQueryParameter'
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/IncidentAttachmentUpdateRequest'
+ description: Incident Attachment Payload.
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/IncidentAttachmentUpdateResponse'
+ description: OK
+ '400':
+ $ref: '#/components/responses/BadRequestResponse'
+ '401':
+ $ref: '#/components/responses/UnauthorizedResponse'
+ '403':
+ $ref: '#/components/responses/ForbiddenResponse'
+ '404':
+ $ref: '#/components/responses/NotFoundResponse'
+ '429':
+ $ref: '#/components/responses/TooManyRequestsResponse'
+ summary: Create, update, and delete incident attachments
+ tags:
+ - Incidents
+ x-codegen-request-body-name: body
+ x-unstable: '**Note**: This endpoint is in public beta.
+
+ If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
/api/v2/integration/opsgenie/services:
get:
description: Get a list of all services from the Datadog Opsgenie integration.
operationId: ListOpsgenieServices
responses:
@@ -10613,16 +11170,14 @@
cursorPath: meta.page.after
limitParam: body.page.limit
resultsPath: data
/api/v2/metrics:
get:
- description: 'Returns all configured count/gauge/rate/distribution metric names
-
- (with additional filters if specified).'
+ description: Returns all metrics (matching additional filters if specified).
operationId: ListTagConfigurations
parameters:
- - description: Filter metrics that have configured tags.
+ - description: Filter custom metrics that have configured tags.
example: true
in: query
name: filter[configured]
required: false
schema:
@@ -10633,11 +11188,11 @@
name: filter[tags_configured]
required: false
schema:
description: Tag keys to filter by.
type: string
- - description: Filter tag configurations by metric type.
+ - description: Filter metrics by metric type.
in: query
name: filter[metric_type]
required: false
schema:
$ref: '#/components/schemas/MetricTagConfigurationMetricTypes'
@@ -10648,24 +11203,35 @@
in: query
name: filter[include_percentiles]
required: false
schema:
type: boolean
+ - description: 'Filter custom metrics that have or have not been queried in
+ the specified window[seconds].
+
+ If no window is provided or the window is less than 2 hours, a default of
+ 2 hours will be applied.'
+ example: true
+ in: query
+ name: filter[queried]
+ required: false
+ schema:
+ type: boolean
- description: 'Filter metrics that have been submitted with the given tags.
Supports boolean and wildcard expressions.
- Cannot be combined with other filters.'
+ Can only be combined with the filter[queried] filter.'
example: env IN (staging,test) AND service:web
in: query
name: filter[tags]
required: false
schema:
type: string
- description: 'The number of seconds of look back (from now) to apply to a
- filter[tag] query.
+ filter[tag] or filter[queried] query.
- Defaults value is 3600 (1 hour), maximum value is 172,800 (2 days).'
+ Defaults value is 3600 (1 hour), maximum value is 1,209,600 (2 weeks).'
example: 3600
in: query
name: window[seconds]
required: false
schema:
@@ -10699,11 +11265,11 @@
security:
- apiKeyAuth: []
appKeyAuth: []
- AuthZ:
- metrics_read
- summary: List tag configurations
+ summary: Get a list of metrics
tags:
- Metrics
/api/v2/metrics/config/bulk-tags:
delete:
description: 'Delete all custom lists of queryable tag keys for a set of existing
@@ -10815,10 +11381,67 @@
description: Too Many Requests
summary: Configure tags for multiple metrics
tags:
- Metrics
x-codegen-request-body-name: body
+ /api/v2/metrics/{metric_name}/active-configurations:
+ get:
+ description: List tags and aggregations that are actively queried on dashboards
+ and monitors for a given metric name.
+ operationId: ListActiveMetricConfigurations
+ parameters:
+ - $ref: '#/components/parameters/MetricName'
+ - description: 'The number of seconds of look back (from now).
+
+ Default value is 604,800 (1 week), minimum value is 7200 (2 hours), maximum
+ value is 2,630,000 (1 month).'
+ example: 7200
+ in: query
+ name: window[seconds]
+ required: false
+ schema:
+ format: int64
+ type: integer
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/MetricSuggestedTagsAndAggregationsResponse'
+ description: Success
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/APIErrorResponse'
+ description: Bad Request
+ '403':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/APIErrorResponse'
+ description: Forbidden
+ '404':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/APIErrorResponse'
+ description: Not Found
+ '429':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/APIErrorResponse'
+ description: Too Many Requests
+ security:
+ - apiKeyAuth: []
+ appKeyAuth: []
+ - AuthZ:
+ - metrics_read
+ summary: List active tags and aggregations
+ tags:
+ - Metrics
/api/v2/metrics/{metric_name}/all-tags:
get:
description: View indexed tag key-value pairs for a given metric name.
operationId: ListTagsByMetricName
parameters:
@@ -12742,10 +13365,35 @@
x-pagination:
cursorParam: body.page.cursor
cursorPath: meta.page.after
limitParam: body.page.limit
resultsPath: data
+ /api/v2/security_monitoring/signals/{signal_id}:
+ get:
+ description: Get a signal's details.
+ operationId: GetSecurityMonitoringSignal
+ parameters:
+ - $ref: '#/components/parameters/SignalID'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/SecurityMonitoringSignal'
+ description: OK
+ '404':
+ $ref: '#/components/responses/NotFoundResponse'
+ '429':
+ $ref: '#/components/responses/TooManyRequestsResponse'
+ security:
+ - apiKeyAuth: []
+ appKeyAuth: []
+ - AuthZ:
+ - security_monitoring_rules_read
+ summary: Get a signal's details
+ tags:
+ - Security Monitoring
/api/v2/security_monitoring/signals/{signal_id}/assignee:
patch:
description: Modify the triage assignee of a security signal.
operationId: EditSecurityMonitoringSignalAssignee
parameters:
@@ -13593,12 +14241,21 @@
summary: Get hourly usage for application security
tags:
- Usage Metering
/api/v2/usage/cost_by_org:
get:
- description: Get cost across multi-org account. Cost by org data for a given
- month becomes available no later than the 16th of the following month.
+ deprecated: true
+ description: 'Get cost across multi-org account.
+
+ Cost by org data for a given month becomes available no later than the 16th
+ of the following month.
+
+ **Note:** This endpoint has been deprecated. Please use the new endpoint
+
+ [`/historical_cost`](https://docs.datadoghq.com/api/latest/usage-metering/#get-historical-cost-across-your-account)
+
+ instead.'
operationId: GetCostByOrg
parameters:
- description: 'Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]`
for cost beginning this month.'
in: query
@@ -13651,18 +14308,20 @@
/api/v2/usage/estimated_cost:
get:
description: 'Get estimated cost across multi-org and single root-org accounts.
Estimated cost data is only available for the current month and previous month.
- To access historical costs prior to this, use the /cost_by_org endpoint.'
+
+ To access historical costs prior to this, use the `/historical_cost` endpoint.'
operationId: GetEstimatedCostByOrg
parameters:
- description: String to specify whether cost is broken down at a parent-org
- level or at the sub-org level. Currently, only the 'sub-org' view is supported.
+ level or at the sub-org level. Available views are `summary` and `sub-org`.
+ Defaults to `summary`.
in: query
name: view
- required: true
+ required: false
schema:
type: string
- description: 'Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]`
for cost beginning this month. Either start_month or start_date should be
specified, but not both. (start_month cannot go beyond two months in the
@@ -13730,13 +14389,74 @@
- AuthZ:
- usage_read
summary: Get estimated cost across your account
tags:
- Usage Metering
- x-unstable: '**Note**: This endpoint is in public beta.
+ /api/v2/usage/historical_cost:
+ get:
+ description: 'Get historical cost across multi-org and single root-org accounts.
- Only the sub-org view is available currently, the summary view will be released
- at a later date.'
+ Cost data for a given month becomes available no later than the 16th of the
+ following month.'
+ operationId: GetHistoricalCostByOrg
+ parameters:
+ - description: String to specify whether cost is broken down at a parent-org
+ level or at the sub-org level. Available views are `summary` and `sub-org`. Defaults
+ to `summary`.
+ in: query
+ name: view
+ required: false
+ schema:
+ type: string
+ - description: 'Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]`
+ for cost beginning this month.'
+ in: query
+ name: start_month
+ required: true
+ schema:
+ format: date-time
+ type: string
+ - description: 'Datetime in ISO-8601 format, UTC, precise to month: `[YYYY-MM]`
+ for cost ending this month.'
+ in: query
+ name: end_month
+ required: false
+ schema:
+ format: date-time
+ type: string
+ responses:
+ '200':
+ content:
+ application/json;datetime-format=rfc3339:
+ schema:
+ $ref: '#/components/schemas/CostByOrgResponse'
+ description: OK
+ '400':
+ content:
+ application/json;datetime-format=rfc3339:
+ schema:
+ $ref: '#/components/schemas/APIErrorResponse'
+ description: Bad Request
+ '403':
+ content:
+ application/json;datetime-format=rfc3339:
+ schema:
+ $ref: '#/components/schemas/APIErrorResponse'
+ description: Forbidden - User is not authorized
+ '429':
+ content:
+ application/json;datetime-format=rfc3339:
+ schema:
+ $ref: '#/components/schemas/APIErrorResponse'
+ description: Too many requests
+ security:
+ - apiKeyAuth: []
+ appKeyAuth: []
+ - AuthZ:
+ - usage_read
+ summary: Get historical cost across your account
+ tags:
+ - Usage Metering
/api/v2/usage/hourly_usage:
get:
description: Get hourly usage by product family
operationId: GetHourlyUsage
parameters: