@@ -3961,6 +3961,68 @@ components:
39613961 required:
39623962 - complianceRuleOptions
39633963 type: object
3964+ CloudConfigurationRulePayload:
3965+ description: The payload of a cloud configuration rule.
3966+ properties:
3967+ cases:
3968+ description: 'Description of generated findings and signals (severity and
3969+ channels to be notified in case of a signal). Must contain exactly one
3970+ item.
3971+
3972+ '
3973+ items:
3974+ $ref: '#/components/schemas/CloudConfigurationRuleCaseCreate'
3975+ type: array
3976+ complianceSignalOptions:
3977+ $ref: '#/components/schemas/CloudConfigurationRuleComplianceSignalOptions'
3978+ filters:
3979+ description: Additional queries to filter matched events before they are
3980+ processed.
3981+ items:
3982+ $ref: '#/components/schemas/SecurityMonitoringFilter'
3983+ type: array
3984+ isEnabled:
3985+ description: Whether the rule is enabled.
3986+ example: true
3987+ type: boolean
3988+ message:
3989+ description: Message in markdown format for generated findings and signals.
3990+ example: '#Description
3991+
3992+ Explanation of the rule.
3993+
3994+
3995+ #Remediation
3996+
3997+ How to fix the security issue.
3998+
3999+ '
4000+ type: string
4001+ name:
4002+ description: The name of the rule.
4003+ example: My security monitoring rule.
4004+ type: string
4005+ options:
4006+ $ref: '#/components/schemas/CloudConfigurationRuleOptions'
4007+ tags:
4008+ description: Tags for generated findings and signals.
4009+ example:
4010+ - env:prod
4011+ - team:security
4012+ items:
4013+ description: Tag.
4014+ type: string
4015+ type: array
4016+ type:
4017+ $ref: '#/components/schemas/CloudConfigurationRuleType'
4018+ required:
4019+ - name
4020+ - isEnabled
4021+ - options
4022+ - complianceSignalOptions
4023+ - cases
4024+ - message
4025+ type: object
39644026 CloudConfigurationRuleType:
39654027 description: The rule type.
39664028 enum:
@@ -17469,11 +17531,16 @@ components:
1746917531 - MEDIUM
1747017532 - HIGH
1747117533 - CRITICAL
17534+ SecurityMonitoringRuleTestPayload:
17535+ description: Test a rule.
17536+ oneOf:
17537+ - $ref: '#/components/schemas/SecurityMonitoringStandardRuleTestPayload'
1747217538 SecurityMonitoringRuleTestRequest:
17473- description: Test the rule queries of a rule.
17539+ description: Test the rule queries of a rule (rule property is ignored when
17540+ applied to an existing rule)
1747417541 properties:
1747517542 rule:
17476- $ref: '#/components/schemas/SecurityMonitoringRuleCreatePayload '
17543+ $ref: '#/components/schemas/SecurityMonitoringRuleTestPayload '
1747717544 ruleQueryPayloads:
1747817545 description: Data payloads used to test rules query with the expected result.
1747917546 items:
@@ -17544,6 +17611,13 @@ components:
1754417611 - WORKLOAD_SECURITY
1754517612 - CLOUD_CONFIGURATION
1754617613 - APPLICATION_SECURITY
17614+ SecurityMonitoringRuleTypeTest:
17615+ description: The rule type.
17616+ enum:
17617+ - log_detection
17618+ type: string
17619+ x-enum-varnames:
17620+ - LOG_DETECTION
1754717621 SecurityMonitoringRuleUpdatePayload:
1754817622 description: Update an existing rule.
1754917623 properties:
@@ -17589,8 +17663,8 @@ components:
1758917663 type: string
1759017664 type: array
1759117665 thirdPartyCases:
17592- description: Cases for generating signals from third party rules. Only available
17593- for third party rules.
17666+ description: Cases for generating signals from third- party rules. Only available
17667+ for third- party rules.
1759417668 example: []
1759517669 items:
1759617670 $ref: '#/components/schemas/SecurityMonitoringThirdPartyRuleCase'
@@ -17602,6 +17676,12 @@ components:
1760217676 maximum: 2147483647
1760317677 type: integer
1760417678 type: object
17679+ SecurityMonitoringRuleValidatePayload:
17680+ description: Validate a rule.
17681+ oneOf:
17682+ - $ref: '#/components/schemas/SecurityMonitoringStandardRulePayload'
17683+ - $ref: '#/components/schemas/SecurityMonitoringSignalRulePayload'
17684+ - $ref: '#/components/schemas/CloudConfigurationRulePayload'
1760517685 SecurityMonitoringSignal:
1760617686 description: Object description of a security signal.
1760717687 properties:
@@ -17854,6 +17934,66 @@ components:
1785417934 - cases
1785517935 - message
1785617936 type: object
17937+ SecurityMonitoringSignalRulePayload:
17938+ description: The payload of a signal correlation rule.
17939+ properties:
17940+ cases:
17941+ description: Cases for generating signals.
17942+ example: []
17943+ items:
17944+ $ref: '#/components/schemas/SecurityMonitoringRuleCaseCreate'
17945+ type: array
17946+ filters:
17947+ description: Additional queries to filter matched events before they are
17948+ processed. This field is deprecated for log detection, signal correlation,
17949+ and workload security rules.
17950+ items:
17951+ $ref: '#/components/schemas/SecurityMonitoringFilter'
17952+ type: array
17953+ hasExtendedTitle:
17954+ description: Whether the notifications include the triggering group-by values
17955+ in their title.
17956+ example: true
17957+ type: boolean
17958+ isEnabled:
17959+ description: Whether the rule is enabled.
17960+ example: true
17961+ type: boolean
17962+ message:
17963+ description: Message for generated signals.
17964+ example: ''
17965+ type: string
17966+ name:
17967+ description: The name of the rule.
17968+ example: My security monitoring rule.
17969+ type: string
17970+ options:
17971+ $ref: '#/components/schemas/SecurityMonitoringRuleOptions'
17972+ queries:
17973+ description: Queries for selecting signals which are part of the rule.
17974+ example: []
17975+ items:
17976+ $ref: '#/components/schemas/SecurityMonitoringSignalRuleQuery'
17977+ type: array
17978+ tags:
17979+ description: Tags for generated signals.
17980+ example:
17981+ - env:prod
17982+ - team:security
17983+ items:
17984+ description: Tag.
17985+ type: string
17986+ type: array
17987+ type:
17988+ $ref: '#/components/schemas/SecurityMonitoringSignalRuleType'
17989+ required:
17990+ - name
17991+ - isEnabled
17992+ - queries
17993+ - options
17994+ - cases
17995+ - message
17996+ type: object
1785717997 SecurityMonitoringSignalRuleQuery:
1785817998 description: Query for matching rule on signals.
1785917999 properties:
@@ -18228,8 +18368,75 @@ components:
1822818368 type: string
1822918369 type: array
1823018370 thirdPartyCases:
18231- description: Cases for generating signals from third party rules. Only available
18232- for third party rules.
18371+ description: Cases for generating signals from third-party rules. Only available
18372+ for third-party rules.
18373+ example: []
18374+ items:
18375+ $ref: '#/components/schemas/SecurityMonitoringThirdPartyRuleCaseCreate'
18376+ type: array
18377+ type:
18378+ $ref: '#/components/schemas/SecurityMonitoringRuleTypeCreate'
18379+ required:
18380+ - name
18381+ - isEnabled
18382+ - queries
18383+ - options
18384+ - cases
18385+ - message
18386+ type: object
18387+ SecurityMonitoringStandardRulePayload:
18388+ description: The payload of a rule.
18389+ properties:
18390+ cases:
18391+ description: Cases for generating signals.
18392+ example: []
18393+ items:
18394+ $ref: '#/components/schemas/SecurityMonitoringRuleCaseCreate'
18395+ type: array
18396+ filters:
18397+ description: Additional queries to filter matched events before they are
18398+ processed. This field is deprecated for log detection, signal correlation,
18399+ and workload security rules.
18400+ items:
18401+ $ref: '#/components/schemas/SecurityMonitoringFilter'
18402+ type: array
18403+ hasExtendedTitle:
18404+ description: Whether the notifications include the triggering group-by values
18405+ in their title.
18406+ example: true
18407+ type: boolean
18408+ isEnabled:
18409+ description: Whether the rule is enabled.
18410+ example: true
18411+ type: boolean
18412+ message:
18413+ description: Message for generated signals.
18414+ example: ''
18415+ type: string
18416+ name:
18417+ description: The name of the rule.
18418+ example: My security monitoring rule.
18419+ type: string
18420+ options:
18421+ $ref: '#/components/schemas/SecurityMonitoringRuleOptions'
18422+ queries:
18423+ description: Queries for selecting logs which are part of the rule.
18424+ example: []
18425+ items:
18426+ $ref: '#/components/schemas/SecurityMonitoringStandardRuleQuery'
18427+ type: array
18428+ tags:
18429+ description: Tags for generated signals.
18430+ example:
18431+ - env:prod
18432+ - team:security
18433+ items:
18434+ description: Tag.
18435+ type: string
18436+ type: array
18437+ thirdPartyCases:
18438+ description: Cases for generating signals from third-party rules. Only available
18439+ for third-party rules.
1823318440 example: []
1823418441 items:
1823518442 $ref: '#/components/schemas/SecurityMonitoringThirdPartyRuleCaseCreate'
@@ -18365,8 +18572,8 @@ components:
1836518572 type: string
1836618573 type: array
1836718574 thirdPartyCases:
18368- description: Cases for generating signals from third party rules. Only available
18369- for third party rules.
18575+ description: Cases for generating signals from third- party rules. Only available
18576+ for third- party rules.
1837018577 example: []
1837118578 items:
1837218579 $ref: '#/components/schemas/SecurityMonitoringThirdPartyRuleCase'
@@ -18381,6 +18588,73 @@ components:
1838118588 description: The version of the rule.
1838218589 format: int64
1838318590 type: integer
18591+ SecurityMonitoringStandardRuleTestPayload:
18592+ description: The payload of a rule to test
18593+ properties:
18594+ cases:
18595+ description: Cases for generating signals.
18596+ example: []
18597+ items:
18598+ $ref: '#/components/schemas/SecurityMonitoringRuleCaseCreate'
18599+ type: array
18600+ filters:
18601+ description: Additional queries to filter matched events before they are
18602+ processed. This field is deprecated for log detection, signal correlation,
18603+ and workload security rules.
18604+ items:
18605+ $ref: '#/components/schemas/SecurityMonitoringFilter'
18606+ type: array
18607+ hasExtendedTitle:
18608+ description: Whether the notifications include the triggering group-by values
18609+ in their title.
18610+ example: true
18611+ type: boolean
18612+ isEnabled:
18613+ description: Whether the rule is enabled.
18614+ example: true
18615+ type: boolean
18616+ message:
18617+ description: Message for generated signals.
18618+ example: ''
18619+ type: string
18620+ name:
18621+ description: The name of the rule.
18622+ example: My security monitoring rule.
18623+ type: string
18624+ options:
18625+ $ref: '#/components/schemas/SecurityMonitoringRuleOptions'
18626+ queries:
18627+ description: Queries for selecting logs which are part of the rule.
18628+ example: []
18629+ items:
18630+ $ref: '#/components/schemas/SecurityMonitoringStandardRuleQuery'
18631+ type: array
18632+ tags:
18633+ description: Tags for generated signals.
18634+ example:
18635+ - env:prod
18636+ - team:security
18637+ items:
18638+ description: Tag.
18639+ type: string
18640+ type: array
18641+ thirdPartyCases:
18642+ description: Cases for generating signals from third-party rules. Only available
18643+ for third-party rules.
18644+ example: []
18645+ items:
18646+ $ref: '#/components/schemas/SecurityMonitoringThirdPartyRuleCaseCreate'
18647+ type: array
18648+ type:
18649+ $ref: '#/components/schemas/SecurityMonitoringRuleTypeTest'
18650+ required:
18651+ - name
18652+ - isEnabled
18653+ - queries
18654+ - options
18655+ - cases
18656+ - message
18657+ type: object
1838418658 SecurityMonitoringSuppression:
1838518659 description: The suppression rule's properties.
1838618660 properties:
@@ -32660,7 +32934,7 @@ paths:
3266032934 content:
3266132935 application/json:
3266232936 schema:
32663- $ref: '#/components/schemas/SecurityMonitoringRuleCreatePayload '
32937+ $ref: '#/components/schemas/SecurityMonitoringRuleValidatePayload '
3266432938 required: true
3266532939 responses:
3266632940 '204':
![api-clients-generation-pipeline[bot]](https://avatars.githubusercontent.com/u/365230?v=4&size=40){kind=avatar}
0 commit comments