From 6e57a5711de27ce2c5071f891e828cd840bc924b Mon Sep 17 00:00:00 2001 From: "ci.datadog-api-spec" Date: Mon, 16 Feb 2026 14:12:59 +0000 Subject: [PATCH] Regenerate client from commit d8ad8fe of spec repo --- .generator/schemas/v2/openapi.yaml | 460 ++++++++++++++ features/v2/security_monitoring.feature | 52 ++ features/v2/undo.json | 18 + .../src/support/scenarios_model_mapping.ts | 41 ++ .../src/v2/SecurityMonitoringApi.ts | 569 ++++++++++++++++++ services/security_monitoring/src/v2/index.ts | 18 + .../src/v2/models/CycloneDXAdvisory.ts | 44 ++ .../src/v2/models/CycloneDXAffect.ts | 45 ++ .../src/v2/models/CycloneDXAssetComponent.ts | 61 ++ .../src/v2/models/CycloneDXBOM.ts | 95 +++ .../src/v2/models/CycloneDXComponent.ts | 82 +++ .../src/v2/models/CycloneDXComponentType.ts | 13 + .../src/v2/models/CycloneDXMetadata.ts | 57 ++ .../src/v2/models/CycloneDXRating.ts | 61 ++ .../src/v2/models/CycloneDXReference.ts | 54 ++ .../src/v2/models/CycloneDXReferenceSource.ts | 44 ++ .../src/v2/models/CycloneDXToolComponent.ts | 53 ++ .../src/v2/models/CycloneDXTools.ts | 47 ++ .../src/v2/models/CycloneDXVulnerability.ts | 108 ++++ .../src/v2/models/SecurityFindingType.ts | 11 + .../src/v2/models/ThreatIntelIndicatorType.ts | 13 + .../src/v2/models/TypingInfo.ts | 27 + 22 files changed, 1973 insertions(+) create mode 100644 services/security_monitoring/src/v2/models/CycloneDXAdvisory.ts create mode 100644 services/security_monitoring/src/v2/models/CycloneDXAffect.ts create mode 100644 services/security_monitoring/src/v2/models/CycloneDXAssetComponent.ts create mode 100644 services/security_monitoring/src/v2/models/CycloneDXBOM.ts create mode 100644 services/security_monitoring/src/v2/models/CycloneDXComponent.ts create mode 100644 services/security_monitoring/src/v2/models/CycloneDXComponentType.ts create mode 100644 services/security_monitoring/src/v2/models/CycloneDXMetadata.ts create mode 100644 services/security_monitoring/src/v2/models/CycloneDXRating.ts create mode 100644 services/security_monitoring/src/v2/models/CycloneDXReference.ts create mode 100644 services/security_monitoring/src/v2/models/CycloneDXReferenceSource.ts create mode 100644 services/security_monitoring/src/v2/models/CycloneDXToolComponent.ts create mode 100644 services/security_monitoring/src/v2/models/CycloneDXTools.ts create mode 100644 services/security_monitoring/src/v2/models/CycloneDXVulnerability.ts create mode 100644 services/security_monitoring/src/v2/models/SecurityFindingType.ts create mode 100644 services/security_monitoring/src/v2/models/ThreatIntelIndicatorType.ts diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 07cf64fab0e1..2053789b98de 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -17581,6 +17581,244 @@ components: required: - data type: object + CycloneDXAdvisory: + description: Advisory reference for a vulnerability. + properties: + url: + description: URL to the advisory. + example: https://example.com/advisory/CVE-2021-1234 + type: string + type: object + CycloneDXAffect: + description: Reference to a component affected by a vulnerability. + properties: + ref: + description: Reference to a component's bom-ref. + example: a3390fca-c315-41ae-ae05-af5e7859cdee + type: string + required: + - ref + type: object + CycloneDXAssetComponent: + description: The asset component represents the system or host being scanned. + properties: + bom-ref: + description: Optional reference to a component in the components list. + example: asset-ref-123 + type: string + name: + description: The name of the asset. + example: i-12345 + type: string + type: + description: The type of the asset component. + example: operating-system + type: string + required: + - name + type: object + CycloneDXBOM: + description: CycloneDX 1.5 Bill of Materials (BOM) for importing vulnerabilities. + properties: + bomFormat: + description: The format of the BOM. Must be "CycloneDX". + example: CycloneDX + type: string + components: + description: List of components (libraries, applications, or operating systems) + that are affected by vulnerabilities. + items: + $ref: '#/components/schemas/CycloneDXComponent' + type: array + metadata: + $ref: '#/components/schemas/CycloneDXMetadata' + specVersion: + description: The version of the CycloneDX specification. Must be "1.5". + example: '1.5' + type: string + version: + description: The version of the BOM. + example: 1 + format: int64 + type: integer + vulnerabilities: + description: List of vulnerabilities to be imported. + items: + $ref: '#/components/schemas/CycloneDXVulnerability' + type: array + required: + - bomFormat + - specVersion + - version + - metadata + - vulnerabilities + - components + type: object + CycloneDXComponent: + description: A component (library, application, or operating system) in the + BOM. + properties: + bom-ref: + description: Unique reference identifier for this component. + example: a3390fca-c315-41ae-ae05-af5e7859cdee + type: string + name: + description: The name of the component. + example: lodash + type: string + purl: + description: Package URL for the component. Required for library components. + example: pkg:npm/lodash@4.17.21 + type: string + type: + $ref: '#/components/schemas/CycloneDXComponentType' + version: + description: The version of the component. + example: 4.17.21 + type: string + required: + - bom-ref + - type + - name + - version + type: object + CycloneDXComponentType: + description: The type of the component. Supported types are library, application, + and operating-system. + enum: + - library + - application + - operating-system + example: library + type: string + x-enum-varnames: + - LIBRARY + - APPLICATION + - OPERATING_SYSTEM + CycloneDXMetadata: + description: Metadata for the CycloneDX BOM. + properties: + component: + $ref: '#/components/schemas/CycloneDXAssetComponent' + tools: + $ref: '#/components/schemas/CycloneDXTools' + required: + - component + - tools + type: object + CycloneDXRating: + description: Vulnerability rating information. + properties: + score: + description: The CVSS score. + example: 9.0 + format: double + type: number + severity: + description: The severity level. + example: high + type: string + vector: + description: The CVSS vector string. + example: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N + type: string + type: object + CycloneDXReference: + description: External reference for a vulnerability. + properties: + id: + description: Identifier of the reference. + example: GHSA-35m5-8cvj-8783 + type: string + source: + $ref: '#/components/schemas/CycloneDXReferenceSource' + type: object + CycloneDXReferenceSource: + description: Source information for a reference. + properties: + url: + description: URL to the source. + example: https://example.com + type: string + type: object + CycloneDXToolComponent: + description: Tool component that detected the vulnerabilities. + properties: + name: + description: The name of the tool. + example: my-scanner + type: string + type: + description: The type of the tool. + example: application + type: string + required: + - name + type: object + CycloneDXTools: + description: Tools used to generate the BOM. + properties: + components: + description: List of tool components. Only one tool is supported. + items: + $ref: '#/components/schemas/CycloneDXToolComponent' + maxItems: 1 + minItems: 1 + type: array + required: + - components + type: object + CycloneDXVulnerability: + description: A vulnerability in the CycloneDX BOM. + properties: + advisories: + description: List of advisory references. + items: + $ref: '#/components/schemas/CycloneDXAdvisory' + type: array + affects: + description: List of component references affected by this vulnerability. + items: + $ref: '#/components/schemas/CycloneDXAffect' + minItems: 1 + type: array + cwes: + description: List of CWE (Common Weakness Enumeration) identifiers. + example: + - 123 + - 345 + items: + type: integer + type: array + description: + description: Description of the vulnerability. + example: Sample vulnerability detected in the application. + type: string + detail: + description: Detailed information about the vulnerability. + example: Details about the vulnerability + type: string + id: + description: The unique identifier of the vulnerability (e.g., CVE ID). + example: CVE-2021-1234 + type: string + ratings: + description: List of vulnerability ratings. Must contain exactly one rating. + items: + $ref: '#/components/schemas/CycloneDXRating' + maxItems: 1 + minItems: 1 + type: array + references: + description: List of external references for the vulnerability. + items: + $ref: '#/components/schemas/CycloneDXReference' + type: array + required: + - id + - ratings + - affects + type: object DORACustomTags: description: A list of user-defined tags. The tags must follow the `key:value` pattern. Up to 100 may be added per event. @@ -53101,6 +53339,16 @@ components: meta: $ref: '#/components/schemas/SecurityFilterMeta' type: object + SecurityFindingType: + description: The type of security finding. + enum: + - vulnerability + - configuration_finding + example: vulnerability + type: string + x-enum-varnames: + - VULNERABILITY + - CONFIGURATION_FINDING SecurityFindingsAttributes: description: The JSON object containing all attributes of the security finding. properties: @@ -64143,6 +64391,18 @@ components: type: $ref: '#/components/schemas/ThreatHuntingJobDataType' type: object + ThreatIntelIndicatorType: + description: The type of threat indicator. + enum: + - ip_address + - domain + - sha256 + example: ip_address + type: string + x-enum-varnames: + - IP_ADDRESS + - DOMAIN + - SHA256 TimeAggregation: description: 'Time aggregation period (in seconds) is used to aggregate the results of the notification rule evaluation. @@ -93298,6 +93558,68 @@ paths: permissions: - security_monitoring_findings_read - appsec_vm_read + post: + description: 'Allows external integrations to send security findings to Datadog. + This endpoint accepts finding data in a custom format and returns an empty + response on success. + + + **Note**: This endpoint is in preview and is subject to change. + + If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' + operationId: CreateSecurityFinding + parameters: + - description: The vendor providing the security finding. Must be lowercase. + example: vendor-name + in: header + name: vendor + required: true + schema: + type: string + - description: The type of security finding. + in: header + name: finding_type + required: true + schema: + $ref: '#/components/schemas/SecurityFindingType' + requestBody: + content: + application/json: + schema: + additionalProperties: {} + description: Security finding data in a custom format. + type: object + required: true + responses: + '200': + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/JSONAPIErrorResponse' + description: Bad Request + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/JSONAPIErrorResponse' + description: Forbidden + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + security: + - apiKeyAuth: [] + appKeyAuth: [] + summary: Create security finding + tags: + - Security Monitoring + x-permission: + operator: OR + permissions: + - security_monitoring_findings_write + x-unstable: '**Note**: This endpoint is in preview and is subject to change. + + If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/security/findings/cases: delete: description: 'Detach security findings from their case. @@ -94050,6 +94372,92 @@ paths: operator: OR permissions: - security_monitoring_notification_profiles_write + /api/v2/security/threat-intel-feed: + post: + description: 'Import threat intelligence feeds with support for IP addresses, + domains, and SHA256 hashes. This endpoint requires specific headers to identify + the vendor and indicator type. + + + **Note**: This endpoint is in preview and is subject to change. + + If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' + operationId: ImportThreatIntel + parameters: + - description: The vendor providing the threat intelligence feed. + example: vendor-name + in: header + name: ti_vendor + required: true + schema: + type: string + - description: The type of threat indicator. Valid values are ip_address, domain, + or sha256. + in: header + name: ti_indicator + required: true + schema: + $ref: '#/components/schemas/ThreatIntelIndicatorType' + - description: Optional integration account identifier. + in: header + name: ti_integration_account + required: false + schema: + type: string + requestBody: + content: + application/json: + schema: + description: Threat intelligence feed data. + type: object + application/octet-stream: + schema: + description: Threat intelligence feed data in binary format. + format: binary + type: string + required: true + responses: + '200': + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/JSONAPIErrorResponse' + description: Bad Request + '401': + content: + application/json: + schema: + $ref: '#/components/schemas/JSONAPIErrorResponse' + description: Unauthorized + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + '500': + content: + application/json: + schema: + $ref: '#/components/schemas/JSONAPIErrorResponse' + description: Internal Server Error + '503': + content: + application/json: + schema: + $ref: '#/components/schemas/JSONAPIErrorResponse' + description: Service Unavailable + security: + - apiKeyAuth: [] + appKeyAuth: [] + summary: Import threat intelligence feed + tags: + - Security Monitoring + x-permission: + operator: OR + permissions: + - reference_tables_write + x-unstable: '**Note**: This endpoint is in preview and is subject to change. + + If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/security/vulnerabilities: get: description: "Get a list of vulnerabilities.\n\n### Pagination\n\nPagination @@ -94463,6 +94871,58 @@ paths: x-unstable: '**Note**: This endpoint is a private preview. If you are interested in accessing this API, [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9).' + post: + description: 'Import vulnerabilities in CycloneDX 1.5 format. This endpoint + validates the payload against the CycloneDX 1.5 schema and additional mandatory + field requirements. + + + **Note**: This endpoint is in preview and is subject to change. + + If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' + operationId: ImportSecurityVulnerabilities + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/CycloneDXBOM' + required: true + responses: + '200': + description: OK + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/JSONAPIErrorResponse' + description: Bad Request + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/JSONAPIErrorResponse' + description: Forbidden + '429': + $ref: '#/components/responses/TooManyRequestsResponse' + '500': + content: + application/json: + schema: + $ref: '#/components/schemas/JSONAPIErrorResponse' + description: Internal Server Error + security: + - apiKeyAuth: [] + appKeyAuth: [] + summary: Import vulnerabilities + tags: + - Security Monitoring + x-permission: + operator: OR + permissions: + - security_monitoring_findings_write + x-unstable: '**Note**: This endpoint is in preview and is subject to change. + + If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).' /api/v2/security/vulnerabilities/notification_rules: get: description: Returns the list of notification rules for security vulnerabilities. diff --git a/features/v2/security_monitoring.feature b/features/v2/security_monitoring.feature index 5695a7ea4a50..3ad8d5c96367 100644 --- a/features/v2/security_monitoring.feature +++ b/features/v2/security_monitoring.feature @@ -708,6 +708,24 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found + @generated @skip @team:DataDog/asm-vm + Scenario: Create security finding returns "Bad Request" response + Given operation "CreateSecurityFinding" enabled + And new "CreateSecurityFinding" request + And request contains "vendor" parameter from "REPLACE.ME" + And request contains "finding_type" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/asm-vm + Scenario: Create security finding returns "OK" response + Given operation "CreateSecurityFinding" enabled + And new "CreateSecurityFinding" request + And request contains "vendor" parameter from "REPLACE.ME" + And request contains "finding_type" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 200 OK + @generated @skip @team:DataDog/k9-cloud-security-platform Scenario: Deactivate content pack returns "Accepted" response Given operation "DeactivateContentPack" enabled @@ -1397,6 +1415,40 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 The list of notification rules. + @generated @skip @team:DataDog/asm-vm + Scenario: Import threat intelligence feed returns "Bad Request" response + Given operation "ImportThreatIntel" enabled + And new "ImportThreatIntel" request + And request contains "ti_vendor" parameter from "REPLACE.ME" + And request contains "ti_indicator" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/asm-vm + Scenario: Import threat intelligence feed returns "OK" response + Given operation "ImportThreatIntel" enabled + And new "ImportThreatIntel" request + And request contains "ti_vendor" parameter from "REPLACE.ME" + And request contains "ti_indicator" parameter from "REPLACE.ME" + When the request is sent + Then the response status is 200 OK + + @generated @skip @team:DataDog/asm-vm + Scenario: Import vulnerabilities returns "Bad Request" response + Given operation "ImportSecurityVulnerabilities" enabled + And new "ImportSecurityVulnerabilities" request + And body with value {"bomFormat": "CycloneDX", "components": [{"bom-ref": "a3390fca-c315-41ae-ae05-af5e7859cdee", "name": "lodash", "purl": "pkg:npm/lodash@4.17.21", "type": "library", "version": "4.17.21"}], "metadata": {"component": {"bom-ref": "asset-ref-123", "name": "i-12345", "type": "operating-system"}, "tools": {"components": [{"name": "my-scanner", "type": "application"}]}}, "specVersion": "1.5", "version": 1, "vulnerabilities": [{"advisories": [{"url": "https://example.com/advisory/CVE-2021-1234"}], "affects": [{"ref": "a3390fca-c315-41ae-ae05-af5e7859cdee"}], "cwes": [123, 345], "description": "Sample vulnerability detected in the application.", "detail": "Details about the vulnerability", "id": "CVE-2021-1234", "ratings": [{"score": 9.0, "severity": "high", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"}], "references": [{"id": "GHSA-35m5-8cvj-8783", "source": {"url": "https://example.com"}}]}]} + When the request is sent + Then the response status is 400 Bad Request + + @generated @skip @team:DataDog/asm-vm + Scenario: Import vulnerabilities returns "OK" response + Given operation "ImportSecurityVulnerabilities" enabled + And new "ImportSecurityVulnerabilities" request + And body with value {"bomFormat": "CycloneDX", "components": [{"bom-ref": "a3390fca-c315-41ae-ae05-af5e7859cdee", "name": "lodash", "purl": "pkg:npm/lodash@4.17.21", "type": "library", "version": "4.17.21"}], "metadata": {"component": {"bom-ref": "asset-ref-123", "name": "i-12345", "type": "operating-system"}, "tools": {"components": [{"name": "my-scanner", "type": "application"}]}}, "specVersion": "1.5", "version": 1, "vulnerabilities": [{"advisories": [{"url": "https://example.com/advisory/CVE-2021-1234"}], "affects": [{"ref": "a3390fca-c315-41ae-ae05-af5e7859cdee"}], "cwes": [123, 345], "description": "Sample vulnerability detected in the application.", "detail": "Details about the vulnerability", "id": "CVE-2021-1234", "ratings": [{"score": 9.0, "severity": "high", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"}], "references": [{"id": "GHSA-35m5-8cvj-8783", "source": {"url": "https://example.com"}}]}]} + When the request is sent + Then the response status is 200 OK + @generated @skip @team:DataDog/k9-cloud-vm Scenario: List assets SBOMs returns "Bad request: The server cannot process the request due to invalid syntax in the request." response Given new "ListAssetsSBOMs" request diff --git a/features/v2/undo.json b/features/v2/undo.json index 75d0d7f71ed7..110c6b94f87b 100644 --- a/features/v2/undo.json +++ b/features/v2/undo.json @@ -4304,6 +4304,12 @@ "type": "safe" } }, + "CreateSecurityFinding": { + "tag": "Security Monitoring", + "undo": { + "type": "unsafe" + } + }, "DetachCase": { "tag": "Security Monitoring", "undo": { @@ -4409,12 +4415,24 @@ "type": "idempotent" } }, + "ImportThreatIntel": { + "tag": "Security Monitoring", + "undo": { + "type": "unsafe" + } + }, "ListVulnerabilities": { "tag": "Security Monitoring", "undo": { "type": "safe" } }, + "ImportSecurityVulnerabilities": { + "tag": "Security Monitoring", + "undo": { + "type": "unsafe" + } + }, "GetVulnerabilityNotificationRules": { "tag": "Security Monitoring", "undo": { diff --git a/private/bdd_runner/src/support/scenarios_model_mapping.ts b/private/bdd_runner/src/support/scenarios_model_mapping.ts index 9e276b44f642..0fd52d498b62 100644 --- a/private/bdd_runner/src/support/scenarios_model_mapping.ts +++ b/private/bdd_runner/src/support/scenarios_model_mapping.ts @@ -4066,6 +4066,21 @@ export const ScenariosModelMappings: { [key: string]: OperationMapping } = { }, operationResponseType: "ListSecurityFindingsResponse", }, + "SecurityMonitoringApi.V2.CreateSecurityFinding": { + vendor: { + type: "string", + format: "", + }, + findingType: { + type: "SecurityFindingType", + format: "", + }, + body: { + type: "{ [key: string]: any; }", + format: "", + }, + operationResponseType: "{}", + }, "SecurityMonitoringApi.V2.CreateCases": { body: { type: "CreateCaseRequestArray", @@ -4228,6 +4243,25 @@ export const ScenariosModelMappings: { [key: string]: OperationMapping } = { }, operationResponseType: "NotificationRuleResponse", }, + "SecurityMonitoringApi.V2.ImportThreatIntel": { + tiVendor: { + type: "string", + format: "", + }, + tiIndicator: { + type: "ThreatIntelIndicatorType", + format: "", + }, + tiIntegrationAccount: { + type: "string", + format: "", + }, + body: { + type: "any", + format: "", + }, + operationResponseType: "{}", + }, "SecurityMonitoringApi.V2.ListVulnerabilities": { pageToken: { type: "string", @@ -4403,6 +4437,13 @@ export const ScenariosModelMappings: { [key: string]: OperationMapping } = { }, operationResponseType: "ListVulnerabilitiesResponse", }, + "SecurityMonitoringApi.V2.ImportSecurityVulnerabilities": { + body: { + type: "CycloneDXBOM", + format: "", + }, + operationResponseType: "{}", + }, "SecurityMonitoringApi.V2.GetVulnerabilityNotificationRules": { operationResponseType: "NotificationRulesList", }, diff --git a/services/security_monitoring/src/v2/SecurityMonitoringApi.ts b/services/security_monitoring/src/v2/SecurityMonitoringApi.ts index 661496470b26..44fd3eb759af 100644 --- a/services/security_monitoring/src/v2/SecurityMonitoringApi.ts +++ b/services/security_monitoring/src/v2/SecurityMonitoringApi.ts @@ -36,6 +36,7 @@ import { CreateCustomFrameworkRequest } from "./models/CreateCustomFrameworkRequ import { CreateCustomFrameworkResponse } from "./models/CreateCustomFrameworkResponse"; import { CreateJiraIssueRequestArray } from "./models/CreateJiraIssueRequestArray"; import { CreateNotificationRuleParameters } from "./models/CreateNotificationRuleParameters"; +import { CycloneDXBOM } from "./models/CycloneDXBOM"; import { DeleteCustomFrameworkResponse } from "./models/DeleteCustomFrameworkResponse"; import { DetachCaseRequest } from "./models/DetachCaseRequest"; import { Finding } from "./models/Finding"; @@ -78,6 +79,7 @@ import { SecurityFindingsSearchRequestData } from "./models/SecurityFindingsSear import { SecurityFindingsSearchRequestDataAttributes } from "./models/SecurityFindingsSearchRequestDataAttributes"; import { SecurityFindingsSearchRequestPage } from "./models/SecurityFindingsSearchRequestPage"; import { SecurityFindingsSort } from "./models/SecurityFindingsSort"; +import { SecurityFindingType } from "./models/SecurityFindingType"; import { SecurityMonitoringContentPackStatesResponse } from "./models/SecurityMonitoringContentPackStatesResponse"; import { SecurityMonitoringCriticalAssetCreateRequest } from "./models/SecurityMonitoringCriticalAssetCreateRequest"; import { SecurityMonitoringCriticalAssetResponse } from "./models/SecurityMonitoringCriticalAssetResponse"; @@ -110,6 +112,7 @@ import { SecurityMonitoringSuppressionSort } from "./models/SecurityMonitoringSu import { SecurityMonitoringSuppressionsResponse } from "./models/SecurityMonitoringSuppressionsResponse"; import { SecurityMonitoringSuppressionUpdateRequest } from "./models/SecurityMonitoringSuppressionUpdateRequest"; import { ThreatHuntingJobResponse } from "./models/ThreatHuntingJobResponse"; +import { ThreatIntelIndicatorType } from "./models/ThreatIntelIndicatorType"; import { UpdateCustomFrameworkRequest } from "./models/UpdateCustomFrameworkRequest"; import { UpdateCustomFrameworkResponse } from "./models/UpdateCustomFrameworkResponse"; import { UpdateResourceEvaluationFiltersRequest } from "./models/UpdateResourceEvaluationFiltersRequest"; @@ -779,6 +782,92 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { return requestContext; } + public async createSecurityFinding( + vendor: string, + findingType: SecurityFindingType, + body: { [key: string]: any }, + _options?: Configuration, + ): Promise { + const _config = _options || this.configuration; + + if ( + !_config.unstableOperations[ + "SecurityMonitoringApi.v2.createSecurityFinding" + ] + ) { + throw new Error( + "Unstable operation 'createSecurityFinding' is disabled. Enable it by setting `configuration.unstableOperations['SecurityMonitoringApi.v2.createSecurityFinding'] = true`", + ); + } + + // verify required parameter 'vendor' is not null or undefined + if (vendor === null || vendor === undefined) { + throw new RequiredError("vendor", "createSecurityFinding"); + } + + // verify required parameter 'findingType' is not null or undefined + if (findingType === null || findingType === undefined) { + throw new RequiredError("findingType", "createSecurityFinding"); + } + + // verify required parameter 'body' is not null or undefined + if (body === null || body === undefined) { + throw new RequiredError("body", "createSecurityFinding"); + } + + // Path Params + const localVarPath = "/api/v2/security/findings"; + + // Make Request Context + const { server, overrides } = _config.getServerAndOverrides( + "SecurityMonitoringApi.v2.createSecurityFinding", + SecurityMonitoringApi.operationServers, + ); + const requestContext = server.makeRequestContext( + localVarPath, + HttpMethod.POST, + overrides, + ); + requestContext.setHeaderParam("Accept", "*/*"); + requestContext.setHttpConfig(_config.httpConfig); + + // Set User-Agent + if (this.userAgent) { + requestContext.setHeaderParam("User-Agent", this.userAgent); + } + + // Header Params + if (vendor !== undefined) { + requestContext.setHeaderParam( + "vendor", + serialize(vendor, TypingInfo, "string", ""), + ); + } + if (findingType !== undefined) { + requestContext.setHeaderParam( + "finding_type", + serialize(findingType, TypingInfo, "SecurityFindingType", ""), + ); + } + + // Body Params + const contentType = getPreferredMediaType(["application/json"]); + requestContext.setHeaderParam("Content-Type", contentType); + const serializedBody = stringify( + serialize(body, TypingInfo, "{ [key: string]: any; }", ""), + contentType, + ); + requestContext.setBody(serializedBody); + + // Apply auth methods + applySecurityAuthentication(_config, requestContext, [ + "apiKeyAuth", + "appKeyAuth", + ]); + + return requestContext; + } + public async createSecurityMonitoringCriticalAsset( body: SecurityMonitoringCriticalAssetCreateRequest, _options?: Configuration, @@ -2974,6 +3063,160 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { return requestContext; } + public async importSecurityVulnerabilities( + body: CycloneDXBOM, + _options?: Configuration, + ): Promise { + const _config = _options || this.configuration; + + if ( + !_config.unstableOperations[ + "SecurityMonitoringApi.v2.importSecurityVulnerabilities" + ] + ) { + throw new Error( + "Unstable operation 'importSecurityVulnerabilities' is disabled. Enable it by setting `configuration.unstableOperations['SecurityMonitoringApi.v2.importSecurityVulnerabilities'] = true`", + ); + } + + // verify required parameter 'body' is not null or undefined + if (body === null || body === undefined) { + throw new RequiredError("body", "importSecurityVulnerabilities"); + } + + // Path Params + const localVarPath = "/api/v2/security/vulnerabilities"; + + // Make Request Context + const { server, overrides } = _config.getServerAndOverrides( + "SecurityMonitoringApi.v2.importSecurityVulnerabilities", + SecurityMonitoringApi.operationServers, + ); + const requestContext = server.makeRequestContext( + localVarPath, + HttpMethod.POST, + overrides, + ); + requestContext.setHeaderParam("Accept", "*/*"); + requestContext.setHttpConfig(_config.httpConfig); + + // Set User-Agent + if (this.userAgent) { + requestContext.setHeaderParam("User-Agent", this.userAgent); + } + + // Body Params + const contentType = getPreferredMediaType(["application/json"]); + requestContext.setHeaderParam("Content-Type", contentType); + const serializedBody = stringify( + serialize(body, TypingInfo, "CycloneDXBOM", ""), + contentType, + ); + requestContext.setBody(serializedBody); + + // Apply auth methods + applySecurityAuthentication(_config, requestContext, [ + "apiKeyAuth", + "appKeyAuth", + ]); + + return requestContext; + } + + public async importThreatIntel( + tiVendor: string, + tiIndicator: ThreatIntelIndicatorType, + body: any, + tiIntegrationAccount?: string, + _options?: Configuration, + ): Promise { + const _config = _options || this.configuration; + + if ( + !_config.unstableOperations["SecurityMonitoringApi.v2.importThreatIntel"] + ) { + throw new Error( + "Unstable operation 'importThreatIntel' is disabled. Enable it by setting `configuration.unstableOperations['SecurityMonitoringApi.v2.importThreatIntel'] = true`", + ); + } + + // verify required parameter 'tiVendor' is not null or undefined + if (tiVendor === null || tiVendor === undefined) { + throw new RequiredError("tiVendor", "importThreatIntel"); + } + + // verify required parameter 'tiIndicator' is not null or undefined + if (tiIndicator === null || tiIndicator === undefined) { + throw new RequiredError("tiIndicator", "importThreatIntel"); + } + + // verify required parameter 'body' is not null or undefined + if (body === null || body === undefined) { + throw new RequiredError("body", "importThreatIntel"); + } + + // Path Params + const localVarPath = "/api/v2/security/threat-intel-feed"; + + // Make Request Context + const { server, overrides } = _config.getServerAndOverrides( + "SecurityMonitoringApi.v2.importThreatIntel", + SecurityMonitoringApi.operationServers, + ); + const requestContext = server.makeRequestContext( + localVarPath, + HttpMethod.POST, + overrides, + ); + requestContext.setHeaderParam("Accept", "*/*"); + requestContext.setHttpConfig(_config.httpConfig); + + // Set User-Agent + if (this.userAgent) { + requestContext.setHeaderParam("User-Agent", this.userAgent); + } + + // Header Params + if (tiVendor !== undefined) { + requestContext.setHeaderParam( + "ti_vendor", + serialize(tiVendor, TypingInfo, "string", ""), + ); + } + if (tiIndicator !== undefined) { + requestContext.setHeaderParam( + "ti_indicator", + serialize(tiIndicator, TypingInfo, "ThreatIntelIndicatorType", ""), + ); + } + if (tiIntegrationAccount !== undefined) { + requestContext.setHeaderParam( + "ti_integration_account", + serialize(tiIntegrationAccount, TypingInfo, "string", ""), + ); + } + + // Body Params + const contentType = getPreferredMediaType([ + "application/json", + "application/octet-stream", + ]); + requestContext.setHeaderParam("Content-Type", contentType); + const serializedBody = stringify( + serialize(body, TypingInfo, "any", ""), + contentType, + ); + requestContext.setBody(serializedBody); + + // Apply auth methods + applySecurityAuthentication(_config, requestContext, [ + "apiKeyAuth", + "appKeyAuth", + ]); + + return requestContext; + } + public async listAssetsSBOMs( pageToken?: string, pageNumber?: number, @@ -6262,6 +6505,70 @@ export class SecurityMonitoringApiResponseProcessor { ); } + /** + * Unwraps the actual response sent by the server from the response context and deserializes the response content + * to the expected objects + * + * @params response Response returned by the server for a request to createSecurityFinding + * @throws ApiException if the response code was not in [200, 299] + */ + public async createSecurityFinding(response: ResponseContext): Promise { + const contentType = normalizeMediaType(response.headers["content-type"]); + if (response.httpStatusCode === 200) { + return; + } + if (response.httpStatusCode === 400 || response.httpStatusCode === 403) { + const bodyText = parse(await response.body.text(), contentType); + let body: JSONAPIErrorResponse; + try { + body = deserialize( + bodyText, + TypingInfo, + "JSONAPIErrorResponse", + ) as JSONAPIErrorResponse; + } catch (error) { + logger.debug(`Got error deserializing error: ${error}`); + throw new ApiException( + response.httpStatusCode, + bodyText, + ); + } + throw new ApiException( + response.httpStatusCode, + body, + ); + } + if (response.httpStatusCode === 429) { + const bodyText = parse(await response.body.text(), contentType); + let body: APIErrorResponse; + try { + body = deserialize( + bodyText, + TypingInfo, + "APIErrorResponse", + ) as APIErrorResponse; + } catch (error) { + logger.debug(`Got error deserializing error: ${error}`); + throw new ApiException( + response.httpStatusCode, + bodyText, + ); + } + throw new ApiException(response.httpStatusCode, body); + } + + // Work around for missing responses in specification, e.g. for petstore.yaml + if (response.httpStatusCode >= 200 && response.httpStatusCode <= 299) { + return; + } + + const body = (await response.body.text()) || ""; + throw new ApiException( + response.httpStatusCode, + 'Unknown API Status Code!\nBody: "' + body + '"', + ); + } + /** * Unwraps the actual response sent by the server from the response context and deserializes the response content * to the expected objects @@ -8668,6 +8975,145 @@ export class SecurityMonitoringApiResponseProcessor { ); } + /** + * Unwraps the actual response sent by the server from the response context and deserializes the response content + * to the expected objects + * + * @params response Response returned by the server for a request to importSecurityVulnerabilities + * @throws ApiException if the response code was not in [200, 299] + */ + public async importSecurityVulnerabilities( + response: ResponseContext, + ): Promise { + const contentType = normalizeMediaType(response.headers["content-type"]); + if (response.httpStatusCode === 200) { + return; + } + if ( + response.httpStatusCode === 400 || + response.httpStatusCode === 403 || + response.httpStatusCode === 500 + ) { + const bodyText = parse(await response.body.text(), contentType); + let body: JSONAPIErrorResponse; + try { + body = deserialize( + bodyText, + TypingInfo, + "JSONAPIErrorResponse", + ) as JSONAPIErrorResponse; + } catch (error) { + logger.debug(`Got error deserializing error: ${error}`); + throw new ApiException( + response.httpStatusCode, + bodyText, + ); + } + throw new ApiException( + response.httpStatusCode, + body, + ); + } + if (response.httpStatusCode === 429) { + const bodyText = parse(await response.body.text(), contentType); + let body: APIErrorResponse; + try { + body = deserialize( + bodyText, + TypingInfo, + "APIErrorResponse", + ) as APIErrorResponse; + } catch (error) { + logger.debug(`Got error deserializing error: ${error}`); + throw new ApiException( + response.httpStatusCode, + bodyText, + ); + } + throw new ApiException(response.httpStatusCode, body); + } + + // Work around for missing responses in specification, e.g. for petstore.yaml + if (response.httpStatusCode >= 200 && response.httpStatusCode <= 299) { + return; + } + + const body = (await response.body.text()) || ""; + throw new ApiException( + response.httpStatusCode, + 'Unknown API Status Code!\nBody: "' + body + '"', + ); + } + + /** + * Unwraps the actual response sent by the server from the response context and deserializes the response content + * to the expected objects + * + * @params response Response returned by the server for a request to importThreatIntel + * @throws ApiException if the response code was not in [200, 299] + */ + public async importThreatIntel(response: ResponseContext): Promise { + const contentType = normalizeMediaType(response.headers["content-type"]); + if (response.httpStatusCode === 200) { + return; + } + if ( + response.httpStatusCode === 400 || + response.httpStatusCode === 401 || + response.httpStatusCode === 500 || + response.httpStatusCode === 503 + ) { + const bodyText = parse(await response.body.text(), contentType); + let body: JSONAPIErrorResponse; + try { + body = deserialize( + bodyText, + TypingInfo, + "JSONAPIErrorResponse", + ) as JSONAPIErrorResponse; + } catch (error) { + logger.debug(`Got error deserializing error: ${error}`); + throw new ApiException( + response.httpStatusCode, + bodyText, + ); + } + throw new ApiException( + response.httpStatusCode, + body, + ); + } + if (response.httpStatusCode === 429) { + const bodyText = parse(await response.body.text(), contentType); + let body: APIErrorResponse; + try { + body = deserialize( + bodyText, + TypingInfo, + "APIErrorResponse", + ) as APIErrorResponse; + } catch (error) { + logger.debug(`Got error deserializing error: ${error}`); + throw new ApiException( + response.httpStatusCode, + bodyText, + ); + } + throw new ApiException(response.httpStatusCode, body); + } + + // Work around for missing responses in specification, e.g. for petstore.yaml + if (response.httpStatusCode >= 200 && response.httpStatusCode <= 299) { + return; + } + + const body = (await response.body.text()) || ""; + throw new ApiException( + response.httpStatusCode, + 'Unknown API Status Code!\nBody: "' + body + '"', + ); + } + /** * Unwraps the actual response sent by the server from the response context and deserializes the response content * to the expected objects @@ -10733,6 +11179,23 @@ export interface SecurityMonitoringApiCreateSecurityFilterRequest { body: SecurityFilterCreateRequest; } +export interface SecurityMonitoringApiCreateSecurityFindingRequest { + /** + * The vendor providing the security finding. Must be lowercase. + * @type string + */ + vendor: string; + /** + * The type of security finding. + * @type SecurityFindingType + */ + findingType: SecurityFindingType; + /** + * @type { [key: string]: any; } + */ + body: { [key: string]: any }; +} + export interface SecurityMonitoringApiCreateSecurityMonitoringCriticalAssetRequest { /** * The definition of the new critical asset. @@ -11133,6 +11596,35 @@ export interface SecurityMonitoringApiGetVulnerabilityNotificationRuleRequest { id: string; } +export interface SecurityMonitoringApiImportSecurityVulnerabilitiesRequest { + /** + * @type CycloneDXBOM + */ + body: CycloneDXBOM; +} + +export interface SecurityMonitoringApiImportThreatIntelRequest { + /** + * The vendor providing the threat intelligence feed. + * @type string + */ + tiVendor: string; + /** + * The type of threat indicator. Valid values are ip_address, domain, or sha256. + * @type ThreatIntelIndicatorType + */ + tiIndicator: ThreatIntelIndicatorType; + /** + * @type any + */ + body: any; + /** + * Optional integration account identifier. + * @type string + */ + tiIntegrationAccount?: string; +} + export interface SecurityMonitoringApiListAssetsSBOMsRequest { /** * Its value must come from the `links` section of the response of the first request. Do not manually edit it. @@ -12245,6 +12737,32 @@ export class SecurityMonitoringApi { }); } + /** + * Allows external integrations to send security findings to Datadog. This endpoint accepts finding data in a custom format and returns an empty response on success. + * + * **Note**: This endpoint is in preview and is subject to change. + * If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). + * @param param The request object + */ + public createSecurityFinding( + param: SecurityMonitoringApiCreateSecurityFindingRequest, + options?: Configuration, + ): Promise { + const requestContextPromise = this.requestFactory.createSecurityFinding( + param.vendor, + param.findingType, + param.body, + options, + ); + return requestContextPromise.then((requestContext) => { + return this.configuration.httpApi + .send(requestContext) + .then((responseContext) => { + return this.responseProcessor.createSecurityFinding(responseContext); + }); + }); + } + /** * Create a new critical asset. * @param param The request object @@ -13175,6 +13693,57 @@ export class SecurityMonitoringApi { }); } + /** + * Import vulnerabilities in CycloneDX 1.5 format. This endpoint validates the payload against the CycloneDX 1.5 schema and additional mandatory field requirements. + * + * **Note**: This endpoint is in preview and is subject to change. + * If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). + * @param param The request object + */ + public importSecurityVulnerabilities( + param: SecurityMonitoringApiImportSecurityVulnerabilitiesRequest, + options?: Configuration, + ): Promise { + const requestContextPromise = + this.requestFactory.importSecurityVulnerabilities(param.body, options); + return requestContextPromise.then((requestContext) => { + return this.configuration.httpApi + .send(requestContext) + .then((responseContext) => { + return this.responseProcessor.importSecurityVulnerabilities( + responseContext, + ); + }); + }); + } + + /** + * Import threat intelligence feeds with support for IP addresses, domains, and SHA256 hashes. This endpoint requires specific headers to identify the vendor and indicator type. + * + * **Note**: This endpoint is in preview and is subject to change. + * If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). + * @param param The request object + */ + public importThreatIntel( + param: SecurityMonitoringApiImportThreatIntelRequest, + options?: Configuration, + ): Promise { + const requestContextPromise = this.requestFactory.importThreatIntel( + param.tiVendor, + param.tiIndicator, + param.body, + param.tiIntegrationAccount, + options, + ); + return requestContextPromise.then((requestContext) => { + return this.configuration.httpApi + .send(requestContext) + .then((responseContext) => { + return this.responseProcessor.importThreatIntel(responseContext); + }); + }); + } + /** * Get a list of assets SBOMs for an organization. * diff --git a/services/security_monitoring/src/v2/index.ts b/services/security_monitoring/src/v2/index.ts index cb4fd390cd24..890eb84ce9f8 100644 --- a/services/security_monitoring/src/v2/index.ts +++ b/services/security_monitoring/src/v2/index.ts @@ -11,6 +11,7 @@ export { SecurityMonitoringApiCreateCustomFrameworkRequest, SecurityMonitoringApiCreateJiraIssuesRequest, SecurityMonitoringApiCreateSecurityFilterRequest, + SecurityMonitoringApiCreateSecurityFindingRequest, SecurityMonitoringApiCreateSecurityMonitoringCriticalAssetRequest, SecurityMonitoringApiCreateSecurityMonitoringRuleRequest, SecurityMonitoringApiCreateSecurityMonitoringSuppressionRequest, @@ -48,6 +49,8 @@ export { SecurityMonitoringApiGetSuppressionsAffectingRuleRequest, SecurityMonitoringApiGetThreatHuntingJobRequest, SecurityMonitoringApiGetVulnerabilityNotificationRuleRequest, + SecurityMonitoringApiImportSecurityVulnerabilitiesRequest, + SecurityMonitoringApiImportThreatIntelRequest, SecurityMonitoringApiListAssetsSBOMsRequest, SecurityMonitoringApiListFindingsRequest, SecurityMonitoringApiListMultipleRulesetsRequest, @@ -148,6 +151,19 @@ export { CustomFrameworkRequirement } from "./models/CustomFrameworkRequirement" export { CustomFrameworkType } from "./models/CustomFrameworkType"; export { CustomFrameworkWithoutRequirements } from "./models/CustomFrameworkWithoutRequirements"; export { CVSS } from "./models/CVSS"; +export { CycloneDXAdvisory } from "./models/CycloneDXAdvisory"; +export { CycloneDXAffect } from "./models/CycloneDXAffect"; +export { CycloneDXAssetComponent } from "./models/CycloneDXAssetComponent"; +export { CycloneDXBOM } from "./models/CycloneDXBOM"; +export { CycloneDXComponent } from "./models/CycloneDXComponent"; +export { CycloneDXComponentType } from "./models/CycloneDXComponentType"; +export { CycloneDXMetadata } from "./models/CycloneDXMetadata"; +export { CycloneDXRating } from "./models/CycloneDXRating"; +export { CycloneDXReference } from "./models/CycloneDXReference"; +export { CycloneDXReferenceSource } from "./models/CycloneDXReferenceSource"; +export { CycloneDXToolComponent } from "./models/CycloneDXToolComponent"; +export { CycloneDXTools } from "./models/CycloneDXTools"; +export { CycloneDXVulnerability } from "./models/CycloneDXVulnerability"; export { DeleteCustomFrameworkResponse } from "./models/DeleteCustomFrameworkResponse"; export { DependencyLocation } from "./models/DependencyLocation"; export { DetachCaseRequest } from "./models/DetachCaseRequest"; @@ -303,6 +319,7 @@ export { SecurityFindingsSearchRequestDataAttributes } from "./models/SecurityFi export { SecurityFindingsSearchRequestPage } from "./models/SecurityFindingsSearchRequestPage"; export { SecurityFindingsSort } from "./models/SecurityFindingsSort"; export { SecurityFindingsStatus } from "./models/SecurityFindingsStatus"; +export { SecurityFindingType } from "./models/SecurityFindingType"; export { SecurityMonitoringContentPackActivation } from "./models/SecurityMonitoringContentPackActivation"; export { SecurityMonitoringContentPackIntegrationStatus } from "./models/SecurityMonitoringContentPackIntegrationStatus"; export { SecurityMonitoringContentPackStateAttributes } from "./models/SecurityMonitoringContentPackStateAttributes"; @@ -447,6 +464,7 @@ export { ThreatHuntingJobQuery } from "./models/ThreatHuntingJobQuery"; export { ThreatHuntingJobResponse } from "./models/ThreatHuntingJobResponse"; export { ThreatHuntingJobResponseAttributes } from "./models/ThreatHuntingJobResponseAttributes"; export { ThreatHuntingJobResponseData } from "./models/ThreatHuntingJobResponseData"; +export { ThreatIntelIndicatorType } from "./models/ThreatIntelIndicatorType"; export { TriggerSource } from "./models/TriggerSource"; export { UpdateCustomFrameworkRequest } from "./models/UpdateCustomFrameworkRequest"; export { UpdateCustomFrameworkResponse } from "./models/UpdateCustomFrameworkResponse"; diff --git a/services/security_monitoring/src/v2/models/CycloneDXAdvisory.ts b/services/security_monitoring/src/v2/models/CycloneDXAdvisory.ts new file mode 100644 index 000000000000..5113007a1fd0 --- /dev/null +++ b/services/security_monitoring/src/v2/models/CycloneDXAdvisory.ts @@ -0,0 +1,44 @@ +import { AttributeTypeMap } from "@datadog/datadog-api-client"; + +/** + * Advisory reference for a vulnerability. + */ +export class CycloneDXAdvisory { + /** + * URL to the advisory. + */ + "url"?: string; + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + url: { + baseName: "url", + type: "string", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return CycloneDXAdvisory.attributeTypeMap; + } + + public constructor() {} +} diff --git a/services/security_monitoring/src/v2/models/CycloneDXAffect.ts b/services/security_monitoring/src/v2/models/CycloneDXAffect.ts new file mode 100644 index 000000000000..3a340918d3b6 --- /dev/null +++ b/services/security_monitoring/src/v2/models/CycloneDXAffect.ts @@ -0,0 +1,45 @@ +import { AttributeTypeMap } from "@datadog/datadog-api-client"; + +/** + * Reference to a component affected by a vulnerability. + */ +export class CycloneDXAffect { + /** + * Reference to a component's bom-ref. + */ + "ref": string; + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + ref: { + baseName: "ref", + type: "string", + required: true, + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return CycloneDXAffect.attributeTypeMap; + } + + public constructor() {} +} diff --git a/services/security_monitoring/src/v2/models/CycloneDXAssetComponent.ts b/services/security_monitoring/src/v2/models/CycloneDXAssetComponent.ts new file mode 100644 index 000000000000..62ca0302afea --- /dev/null +++ b/services/security_monitoring/src/v2/models/CycloneDXAssetComponent.ts @@ -0,0 +1,61 @@ +import { AttributeTypeMap } from "@datadog/datadog-api-client"; + +/** + * The asset component represents the system or host being scanned. + */ +export class CycloneDXAssetComponent { + /** + * Optional reference to a component in the components list. + */ + "bomRef"?: string; + /** + * The name of the asset. + */ + "name": string; + /** + * The type of the asset component. + */ + "type"?: string; + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + bomRef: { + baseName: "bom-ref", + type: "string", + }, + name: { + baseName: "name", + type: "string", + required: true, + }, + type: { + baseName: "type", + type: "string", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return CycloneDXAssetComponent.attributeTypeMap; + } + + public constructor() {} +} diff --git a/services/security_monitoring/src/v2/models/CycloneDXBOM.ts b/services/security_monitoring/src/v2/models/CycloneDXBOM.ts new file mode 100644 index 000000000000..eb6daa9ec5a7 --- /dev/null +++ b/services/security_monitoring/src/v2/models/CycloneDXBOM.ts @@ -0,0 +1,95 @@ +import { AttributeTypeMap } from "@datadog/datadog-api-client"; + +import { CycloneDXComponent } from "./CycloneDXComponent"; +import { CycloneDXMetadata } from "./CycloneDXMetadata"; +import { CycloneDXVulnerability } from "./CycloneDXVulnerability"; + +/** + * CycloneDX 1.5 Bill of Materials (BOM) for importing vulnerabilities. + */ +export class CycloneDXBOM { + /** + * The format of the BOM. Must be "CycloneDX". + */ + "bomFormat": string; + /** + * List of components (libraries, applications, or operating systems) that are affected by vulnerabilities. + */ + "components": Array; + /** + * Metadata for the CycloneDX BOM. + */ + "metadata": CycloneDXMetadata; + /** + * The version of the CycloneDX specification. Must be "1.5". + */ + "specVersion": string; + /** + * The version of the BOM. + */ + "version": number; + /** + * List of vulnerabilities to be imported. + */ + "vulnerabilities": Array; + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + bomFormat: { + baseName: "bomFormat", + type: "string", + required: true, + }, + components: { + baseName: "components", + type: "Array", + required: true, + }, + metadata: { + baseName: "metadata", + type: "CycloneDXMetadata", + required: true, + }, + specVersion: { + baseName: "specVersion", + type: "string", + required: true, + }, + version: { + baseName: "version", + type: "number", + required: true, + format: "int64", + }, + vulnerabilities: { + baseName: "vulnerabilities", + type: "Array", + required: true, + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return CycloneDXBOM.attributeTypeMap; + } + + public constructor() {} +} diff --git a/services/security_monitoring/src/v2/models/CycloneDXComponent.ts b/services/security_monitoring/src/v2/models/CycloneDXComponent.ts new file mode 100644 index 000000000000..be96e320d32e --- /dev/null +++ b/services/security_monitoring/src/v2/models/CycloneDXComponent.ts @@ -0,0 +1,82 @@ +import { AttributeTypeMap } from "@datadog/datadog-api-client"; + +import { CycloneDXComponentType } from "./CycloneDXComponentType"; + +/** + * A component (library, application, or operating system) in the BOM. + */ +export class CycloneDXComponent { + /** + * Unique reference identifier for this component. + */ + "bomRef": string; + /** + * The name of the component. + */ + "name": string; + /** + * Package URL for the component. Required for library components. + */ + "purl"?: string; + /** + * The type of the component. Supported types are library, application, and operating-system. + */ + "type": CycloneDXComponentType; + /** + * The version of the component. + */ + "version": string; + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + bomRef: { + baseName: "bom-ref", + type: "string", + required: true, + }, + name: { + baseName: "name", + type: "string", + required: true, + }, + purl: { + baseName: "purl", + type: "string", + }, + type: { + baseName: "type", + type: "CycloneDXComponentType", + required: true, + }, + version: { + baseName: "version", + type: "string", + required: true, + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return CycloneDXComponent.attributeTypeMap; + } + + public constructor() {} +} diff --git a/services/security_monitoring/src/v2/models/CycloneDXComponentType.ts b/services/security_monitoring/src/v2/models/CycloneDXComponentType.ts new file mode 100644 index 000000000000..9b1b64d85fbc --- /dev/null +++ b/services/security_monitoring/src/v2/models/CycloneDXComponentType.ts @@ -0,0 +1,13 @@ +import { UnparsedObject } from "@datadog/datadog-api-client"; + +/** + * The type of the component. Supported types are library, application, and operating-system. + */ +export type CycloneDXComponentType = + | typeof LIBRARY + | typeof APPLICATION + | typeof OPERATING_SYSTEM + | UnparsedObject; +export const LIBRARY = "library"; +export const APPLICATION = "application"; +export const OPERATING_SYSTEM = "operating-system"; diff --git a/services/security_monitoring/src/v2/models/CycloneDXMetadata.ts b/services/security_monitoring/src/v2/models/CycloneDXMetadata.ts new file mode 100644 index 000000000000..4cb7f2f8f775 --- /dev/null +++ b/services/security_monitoring/src/v2/models/CycloneDXMetadata.ts @@ -0,0 +1,57 @@ +import { AttributeTypeMap } from "@datadog/datadog-api-client"; + +import { CycloneDXAssetComponent } from "./CycloneDXAssetComponent"; +import { CycloneDXTools } from "./CycloneDXTools"; + +/** + * Metadata for the CycloneDX BOM. + */ +export class CycloneDXMetadata { + /** + * The asset component represents the system or host being scanned. + */ + "component": CycloneDXAssetComponent; + /** + * Tools used to generate the BOM. + */ + "tools": CycloneDXTools; + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + component: { + baseName: "component", + type: "CycloneDXAssetComponent", + required: true, + }, + tools: { + baseName: "tools", + type: "CycloneDXTools", + required: true, + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return CycloneDXMetadata.attributeTypeMap; + } + + public constructor() {} +} diff --git a/services/security_monitoring/src/v2/models/CycloneDXRating.ts b/services/security_monitoring/src/v2/models/CycloneDXRating.ts new file mode 100644 index 000000000000..9c217c84e6b2 --- /dev/null +++ b/services/security_monitoring/src/v2/models/CycloneDXRating.ts @@ -0,0 +1,61 @@ +import { AttributeTypeMap } from "@datadog/datadog-api-client"; + +/** + * Vulnerability rating information. + */ +export class CycloneDXRating { + /** + * The CVSS score. + */ + "score"?: number; + /** + * The severity level. + */ + "severity"?: string; + /** + * The CVSS vector string. + */ + "vector"?: string; + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + score: { + baseName: "score", + type: "number", + format: "double", + }, + severity: { + baseName: "severity", + type: "string", + }, + vector: { + baseName: "vector", + type: "string", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return CycloneDXRating.attributeTypeMap; + } + + public constructor() {} +} diff --git a/services/security_monitoring/src/v2/models/CycloneDXReference.ts b/services/security_monitoring/src/v2/models/CycloneDXReference.ts new file mode 100644 index 000000000000..22237636fc66 --- /dev/null +++ b/services/security_monitoring/src/v2/models/CycloneDXReference.ts @@ -0,0 +1,54 @@ +import { AttributeTypeMap } from "@datadog/datadog-api-client"; + +import { CycloneDXReferenceSource } from "./CycloneDXReferenceSource"; + +/** + * External reference for a vulnerability. + */ +export class CycloneDXReference { + /** + * Identifier of the reference. + */ + "id"?: string; + /** + * Source information for a reference. + */ + "source"?: CycloneDXReferenceSource; + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + id: { + baseName: "id", + type: "string", + }, + source: { + baseName: "source", + type: "CycloneDXReferenceSource", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return CycloneDXReference.attributeTypeMap; + } + + public constructor() {} +} diff --git a/services/security_monitoring/src/v2/models/CycloneDXReferenceSource.ts b/services/security_monitoring/src/v2/models/CycloneDXReferenceSource.ts new file mode 100644 index 000000000000..050af5632d74 --- /dev/null +++ b/services/security_monitoring/src/v2/models/CycloneDXReferenceSource.ts @@ -0,0 +1,44 @@ +import { AttributeTypeMap } from "@datadog/datadog-api-client"; + +/** + * Source information for a reference. + */ +export class CycloneDXReferenceSource { + /** + * URL to the source. + */ + "url"?: string; + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + url: { + baseName: "url", + type: "string", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return CycloneDXReferenceSource.attributeTypeMap; + } + + public constructor() {} +} diff --git a/services/security_monitoring/src/v2/models/CycloneDXToolComponent.ts b/services/security_monitoring/src/v2/models/CycloneDXToolComponent.ts new file mode 100644 index 000000000000..ad58a8c21580 --- /dev/null +++ b/services/security_monitoring/src/v2/models/CycloneDXToolComponent.ts @@ -0,0 +1,53 @@ +import { AttributeTypeMap } from "@datadog/datadog-api-client"; + +/** + * Tool component that detected the vulnerabilities. + */ +export class CycloneDXToolComponent { + /** + * The name of the tool. + */ + "name": string; + /** + * The type of the tool. + */ + "type"?: string; + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + name: { + baseName: "name", + type: "string", + required: true, + }, + type: { + baseName: "type", + type: "string", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return CycloneDXToolComponent.attributeTypeMap; + } + + public constructor() {} +} diff --git a/services/security_monitoring/src/v2/models/CycloneDXTools.ts b/services/security_monitoring/src/v2/models/CycloneDXTools.ts new file mode 100644 index 000000000000..95cb34c27815 --- /dev/null +++ b/services/security_monitoring/src/v2/models/CycloneDXTools.ts @@ -0,0 +1,47 @@ +import { AttributeTypeMap } from "@datadog/datadog-api-client"; + +import { CycloneDXToolComponent } from "./CycloneDXToolComponent"; + +/** + * Tools used to generate the BOM. + */ +export class CycloneDXTools { + /** + * List of tool components. Only one tool is supported. + */ + "components": [CycloneDXToolComponent]; + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + components: { + baseName: "components", + type: "[CycloneDXToolComponent]", + required: true, + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return CycloneDXTools.attributeTypeMap; + } + + public constructor() {} +} diff --git a/services/security_monitoring/src/v2/models/CycloneDXVulnerability.ts b/services/security_monitoring/src/v2/models/CycloneDXVulnerability.ts new file mode 100644 index 000000000000..f5ab5159083d --- /dev/null +++ b/services/security_monitoring/src/v2/models/CycloneDXVulnerability.ts @@ -0,0 +1,108 @@ +import { AttributeTypeMap } from "@datadog/datadog-api-client"; + +import { CycloneDXAdvisory } from "./CycloneDXAdvisory"; +import { CycloneDXAffect } from "./CycloneDXAffect"; +import { CycloneDXRating } from "./CycloneDXRating"; +import { CycloneDXReference } from "./CycloneDXReference"; + +/** + * A vulnerability in the CycloneDX BOM. + */ +export class CycloneDXVulnerability { + /** + * List of advisory references. + */ + "advisories"?: Array; + /** + * List of component references affected by this vulnerability. + */ + "affects": Array; + /** + * List of CWE (Common Weakness Enumeration) identifiers. + */ + "cwes"?: Array; + /** + * Description of the vulnerability. + */ + "description"?: string; + /** + * Detailed information about the vulnerability. + */ + "detail"?: string; + /** + * The unique identifier of the vulnerability (e.g., CVE ID). + */ + "id": string; + /** + * List of vulnerability ratings. Must contain exactly one rating. + */ + "ratings": [CycloneDXRating]; + /** + * List of external references for the vulnerability. + */ + "references"?: Array; + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + advisories: { + baseName: "advisories", + type: "Array", + }, + affects: { + baseName: "affects", + type: "Array", + required: true, + }, + cwes: { + baseName: "cwes", + type: "Array", + }, + description: { + baseName: "description", + type: "string", + }, + detail: { + baseName: "detail", + type: "string", + }, + id: { + baseName: "id", + type: "string", + required: true, + }, + ratings: { + baseName: "ratings", + type: "[CycloneDXRating]", + required: true, + }, + references: { + baseName: "references", + type: "Array", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return CycloneDXVulnerability.attributeTypeMap; + } + + public constructor() {} +} diff --git a/services/security_monitoring/src/v2/models/SecurityFindingType.ts b/services/security_monitoring/src/v2/models/SecurityFindingType.ts new file mode 100644 index 000000000000..82c940a1c9ca --- /dev/null +++ b/services/security_monitoring/src/v2/models/SecurityFindingType.ts @@ -0,0 +1,11 @@ +import { UnparsedObject } from "@datadog/datadog-api-client"; + +/** + * The type of security finding. + */ +export type SecurityFindingType = + | typeof VULNERABILITY + | typeof CONFIGURATION_FINDING + | UnparsedObject; +export const VULNERABILITY = "vulnerability"; +export const CONFIGURATION_FINDING = "configuration_finding"; diff --git a/services/security_monitoring/src/v2/models/ThreatIntelIndicatorType.ts b/services/security_monitoring/src/v2/models/ThreatIntelIndicatorType.ts new file mode 100644 index 000000000000..e957bc39971d --- /dev/null +++ b/services/security_monitoring/src/v2/models/ThreatIntelIndicatorType.ts @@ -0,0 +1,13 @@ +import { UnparsedObject } from "@datadog/datadog-api-client"; + +/** + * The type of threat indicator. + */ +export type ThreatIntelIndicatorType = + | typeof IP_ADDRESS + | typeof DOMAIN + | typeof SHA256 + | UnparsedObject; +export const IP_ADDRESS = "ip_address"; +export const DOMAIN = "domain"; +export const SHA256 = "sha256"; diff --git a/services/security_monitoring/src/v2/models/TypingInfo.ts b/services/security_monitoring/src/v2/models/TypingInfo.ts index 8d449d0be3b4..9a5faed78190 100644 --- a/services/security_monitoring/src/v2/models/TypingInfo.ts +++ b/services/security_monitoring/src/v2/models/TypingInfo.ts @@ -58,6 +58,18 @@ import { CustomFrameworkDataHandleAndVersion } from "./CustomFrameworkDataHandle import { CustomFrameworkMetadata } from "./CustomFrameworkMetadata"; import { CustomFrameworkRequirement } from "./CustomFrameworkRequirement"; import { CustomFrameworkWithoutRequirements } from "./CustomFrameworkWithoutRequirements"; +import { CycloneDXAdvisory } from "./CycloneDXAdvisory"; +import { CycloneDXAffect } from "./CycloneDXAffect"; +import { CycloneDXAssetComponent } from "./CycloneDXAssetComponent"; +import { CycloneDXBOM } from "./CycloneDXBOM"; +import { CycloneDXComponent } from "./CycloneDXComponent"; +import { CycloneDXMetadata } from "./CycloneDXMetadata"; +import { CycloneDXRating } from "./CycloneDXRating"; +import { CycloneDXReference } from "./CycloneDXReference"; +import { CycloneDXReferenceSource } from "./CycloneDXReferenceSource"; +import { CycloneDXToolComponent } from "./CycloneDXToolComponent"; +import { CycloneDXTools } from "./CycloneDXTools"; +import { CycloneDXVulnerability } from "./CycloneDXVulnerability"; import { DeleteCustomFrameworkResponse } from "./DeleteCustomFrameworkResponse"; import { DependencyLocation } from "./DependencyLocation"; import { DetachCaseRequest } from "./DetachCaseRequest"; @@ -312,6 +324,7 @@ export const TypingInfo: ModelTypingInfo = { "historicalDetectionsJobResultSignalConversion", ], CustomFrameworkType: ["custom_framework"], + CycloneDXComponentType: ["library", "application", "operating-system"], DetailedFindingType: ["detailed_finding"], FindingDataType: ["findings"], FindingEvaluation: ["pass", "fail"], @@ -393,6 +406,7 @@ export const TypingInfo: ModelTypingInfo = { SecretRuleDataType: ["secret_rule"], SecurityFilterFilteredDataType: ["logs"], SecurityFilterType: ["security_filters"], + SecurityFindingType: ["vulnerability", "configuration_finding"], SecurityFindingsDataType: ["finding"], SecurityFindingsSort: ["@detection_changed_at", "-@detection_changed_at"], SecurityFindingsStatus: ["done", "timeout"], @@ -561,6 +575,7 @@ export const TypingInfo: ModelTypingInfo = { SecurityMonitoringSuppressionType: ["suppressions"], SpecVersion: ["1.0", "1.1", "1.2", "1.3", "1.4", "1.5"], ThreatHuntingJobDataType: ["historicalDetectionsJob"], + ThreatIntelIndicatorType: ["ip_address", "domain", "sha256"], TriggerSource: ["security_findings", "security_signals"], UsersType: ["users"], VersionHistoryUpdateType: ["create", "update", "delete"], @@ -735,6 +750,18 @@ export const TypingInfo: ModelTypingInfo = { CustomFrameworkMetadata: CustomFrameworkMetadata, CustomFrameworkRequirement: CustomFrameworkRequirement, CustomFrameworkWithoutRequirements: CustomFrameworkWithoutRequirements, + CycloneDXAdvisory: CycloneDXAdvisory, + CycloneDXAffect: CycloneDXAffect, + CycloneDXAssetComponent: CycloneDXAssetComponent, + CycloneDXBOM: CycloneDXBOM, + CycloneDXComponent: CycloneDXComponent, + CycloneDXMetadata: CycloneDXMetadata, + CycloneDXRating: CycloneDXRating, + CycloneDXReference: CycloneDXReference, + CycloneDXReferenceSource: CycloneDXReferenceSource, + CycloneDXToolComponent: CycloneDXToolComponent, + CycloneDXTools: CycloneDXTools, + CycloneDXVulnerability: CycloneDXVulnerability, DeleteCustomFrameworkResponse: DeleteCustomFrameworkResponse, DependencyLocation: DependencyLocation, DetachCaseRequest: DetachCaseRequest,