Back to Collection Items
IncludeFile "CkJsonObject.pb"
IncludeFile "CkStringBuilder.pb"
IncludeFile "CkHttp.pb"
IncludeFile "CkHttpResponse.pb"
Procedure ChilkatExample()
; This example assumes the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.
http.i = CkHttp::ckCreate()
If http.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
success.i
; Use this online tool to generate code from sample JSON: Generate Code to Create JSON
; The following JSON is sent in the request body.
; {
; "name": "<string>",
; "isEnabled": "<boolean>",
; "queries": [
; {
; "aggregation": "count",
; "distinctFields": [
; "<string>",
; "<string>"
; ],
; "groupByFields": [
; "<string>",
; "<string>"
; ],
; "metric": "<string>",
; "metrics": [
; "<string>",
; "<string>"
; ],
; "name": "<string>",
; "query": "<string>"
; },
; {
; "aggregation": "count",
; "distinctFields": [
; "<string>",
; "<string>"
; ],
; "groupByFields": [
; "<string>",
; "<string>"
; ],
; "metric": "<string>",
; "metrics": [
; "<string>",
; "<string>"
; ],
; "name": "<string>",
; "query": "<string>"
; }
; ],
; "options": {
; "complianceRuleOptions": {
; "complexRule": "<boolean>",
; "regoRule": {
; "policy": "<string>",
; "resourceTypes": [
; "<string>",
; "<string>"
; ]
; },
; "resourceType": "<string>",
; "incididuntfd5": {},
; "Duis_3_": {},
; "ipsum_965": {}
; },
; "decreaseCriticalityBasedOnEnv": "<boolean>",
; "detectionMethod": "impossible_travel",
; "evaluationWindow": 0,
; "hardcodedEvaluatorType": "log4shell",
; "impossibleTravelOptions": {
; "baselineUserLocations": "<boolean>"
; },
; "keepAlive": 21600,
; "maxSignalDuration": 21600,
; "newValueOptions": {
; "forgetAfter": 2,
; "learningDuration": 0,
; "learningMethod": "duration",
; "learningThreshold": 0
; }
; },
; "cases": [
; {
; "status": "critical",
; "condition": "<string>",
; "name": "<string>",
; "notifications": [
; "<string>",
; "<string>"
; ]
; },
; {
; "status": "low",
; "condition": "<string>",
; "name": "<string>",
; "notifications": [
; "<string>",
; "<string>"
; ]
; }
; ],
; "message": "<string>",
; "filters": [
; {
; "action": "suppress",
; "query": "<string>"
; },
; {
; "action": "require",
; "query": "<string>"
; }
; ],
; "hasExtendedTitle": "<boolean>",
; "tags": [
; "<string>",
; "<string>"
; ],
; "type": "workload_security"
; }
json.i = CkJsonObject::ckCreate()
If json.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
CkJsonObject::ckUpdateString(json,"name","<string>")
CkJsonObject::ckUpdateString(json,"isEnabled","<boolean>")
CkJsonObject::ckUpdateString(json,"queries[0].aggregation","count")
CkJsonObject::ckUpdateString(json,"queries[0].distinctFields[0]","<string>")
CkJsonObject::ckUpdateString(json,"queries[0].distinctFields[1]","<string>")
CkJsonObject::ckUpdateString(json,"queries[0].groupByFields[0]","<string>")
CkJsonObject::ckUpdateString(json,"queries[0].groupByFields[1]","<string>")
CkJsonObject::ckUpdateString(json,"queries[0].metric","<string>")
CkJsonObject::ckUpdateString(json,"queries[0].metrics[0]","<string>")
CkJsonObject::ckUpdateString(json,"queries[0].metrics[1]","<string>")
CkJsonObject::ckUpdateString(json,"queries[0].name","<string>")
CkJsonObject::ckUpdateString(json,"queries[0].query","<string>")
CkJsonObject::ckUpdateString(json,"queries[1].aggregation","count")
CkJsonObject::ckUpdateString(json,"queries[1].distinctFields[0]","<string>")
CkJsonObject::ckUpdateString(json,"queries[1].distinctFields[1]","<string>")
CkJsonObject::ckUpdateString(json,"queries[1].groupByFields[0]","<string>")
CkJsonObject::ckUpdateString(json,"queries[1].groupByFields[1]","<string>")
CkJsonObject::ckUpdateString(json,"queries[1].metric","<string>")
CkJsonObject::ckUpdateString(json,"queries[1].metrics[0]","<string>")
CkJsonObject::ckUpdateString(json,"queries[1].metrics[1]","<string>")
CkJsonObject::ckUpdateString(json,"queries[1].name","<string>")
CkJsonObject::ckUpdateString(json,"queries[1].query","<string>")
CkJsonObject::ckUpdateString(json,"options.complianceRuleOptions.complexRule","<boolean>")
CkJsonObject::ckUpdateString(json,"options.complianceRuleOptions.regoRule.policy","<string>")
CkJsonObject::ckUpdateString(json,"options.complianceRuleOptions.regoRule.resourceTypes[0]","<string>")
CkJsonObject::ckUpdateString(json,"options.complianceRuleOptions.regoRule.resourceTypes[1]","<string>")
CkJsonObject::ckUpdateString(json,"options.complianceRuleOptions.resourceType","<string>")
CkJsonObject::ckUpdateNewObject(json,"options.complianceRuleOptions.incididuntfd5")
CkJsonObject::ckUpdateNewObject(json,"options.complianceRuleOptions.Duis_3_")
CkJsonObject::ckUpdateNewObject(json,"options.complianceRuleOptions.ipsum_965")
CkJsonObject::ckUpdateString(json,"options.decreaseCriticalityBasedOnEnv","<boolean>")
CkJsonObject::ckUpdateString(json,"options.detectionMethod","impossible_travel")
CkJsonObject::ckUpdateInt(json,"options.evaluationWindow",0)
CkJsonObject::ckUpdateString(json,"options.hardcodedEvaluatorType","log4shell")
CkJsonObject::ckUpdateString(json,"options.impossibleTravelOptions.baselineUserLocations","<boolean>")
CkJsonObject::ckUpdateInt(json,"options.keepAlive",21600)
CkJsonObject::ckUpdateInt(json,"options.maxSignalDuration",21600)
CkJsonObject::ckUpdateInt(json,"options.newValueOptions.forgetAfter",2)
CkJsonObject::ckUpdateInt(json,"options.newValueOptions.learningDuration",0)
CkJsonObject::ckUpdateString(json,"options.newValueOptions.learningMethod","duration")
CkJsonObject::ckUpdateInt(json,"options.newValueOptions.learningThreshold",0)
CkJsonObject::ckUpdateString(json,"cases[0].status","critical")
CkJsonObject::ckUpdateString(json,"cases[0].condition","<string>")
CkJsonObject::ckUpdateString(json,"cases[0].name","<string>")
CkJsonObject::ckUpdateString(json,"cases[0].notifications[0]","<string>")
CkJsonObject::ckUpdateString(json,"cases[0].notifications[1]","<string>")
CkJsonObject::ckUpdateString(json,"cases[1].status","low")
CkJsonObject::ckUpdateString(json,"cases[1].condition","<string>")
CkJsonObject::ckUpdateString(json,"cases[1].name","<string>")
CkJsonObject::ckUpdateString(json,"cases[1].notifications[0]","<string>")
CkJsonObject::ckUpdateString(json,"cases[1].notifications[1]","<string>")
CkJsonObject::ckUpdateString(json,"message","<string>")
CkJsonObject::ckUpdateString(json,"filters[0].action","suppress")
CkJsonObject::ckUpdateString(json,"filters[0].query","<string>")
CkJsonObject::ckUpdateString(json,"filters[1].action","require")
CkJsonObject::ckUpdateString(json,"filters[1].query","<string>")
CkJsonObject::ckUpdateString(json,"hasExtendedTitle","<boolean>")
CkJsonObject::ckUpdateString(json,"tags[0]","<string>")
CkJsonObject::ckUpdateString(json,"tags[1]","<string>")
CkJsonObject::ckUpdateString(json,"type","workload_security")
CkHttp::ckSetRequestHeader(http,"Content-Type","application/json")
CkHttp::ckSetRequestHeader(http,"Accept","application/json")
resp.i = CkHttp::ckPostJson3(http,"https://api.app.ddog-gov.com/api/v2/security_monitoring/rules","application/json",json)
If CkHttp::ckLastMethodSuccess(http) = 0
Debug CkHttp::ckLastErrorText(http)
CkHttp::ckDispose(http)
CkJsonObject::ckDispose(json)
ProcedureReturn
EndIf
sbResponseBody.i = CkStringBuilder::ckCreate()
If sbResponseBody.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
CkHttpResponse::ckGetBodySb(resp,sbResponseBody)
jResp.i = CkJsonObject::ckCreate()
If jResp.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
CkJsonObject::ckLoadSb(jResp,sbResponseBody)
CkJsonObject::setCkEmitCompact(jResp, 0)
Debug "Response Body:"
Debug CkJsonObject::ckEmit(jResp)
respStatusCode.i = CkHttpResponse::ckStatusCode(resp)
Debug "Response Status Code = " + Str(respStatusCode)
If respStatusCode >= 400
Debug "Response Header:"
Debug CkHttpResponse::ckHeader(resp)
Debug "Failed."
CkHttpResponse::ckDispose(resp)
CkHttp::ckDispose(http)
CkJsonObject::ckDispose(json)
CkStringBuilder::ckDispose(sbResponseBody)
CkJsonObject::ckDispose(jResp)
ProcedureReturn
EndIf
CkHttpResponse::ckDispose(resp)
; Sample JSON response:
; (Sample code for parsing the JSON response is shown below)
; {
; "cases": [
; {
; "condition": "<string>",
; "name": "<string>",
; "notifications": [
; "<string>",
; "<string>"
; ],
; "status": "medium"
; },
; {
; "condition": "<string>",
; "name": "<string>",
; "notifications": [
; "<string>",
; "<string>"
; ],
; "status": "critical"
; }
; ],
; "complianceSignalOptions": {
; "defaultActivationStatus": "<boolean>",
; "defaultGroupByFields": [
; "<string>",
; "<string>"
; ],
; "userActivationStatus": "<boolean>",
; "userGroupByFields": [
; "<string>",
; "<string>"
; ]
; },
; "createdAt": "<long>",
; "creationAuthorId": "<long>",
; "deprecationDate": "<long>",
; "filters": [
; {
; "action": "suppress",
; "query": "<string>"
; },
; {
; "action": "require",
; "query": "<string>"
; }
; ],
; "hasExtendedTitle": "<boolean>",
; "id": "<string>",
; "isDefault": "<boolean>",
; "isDeleted": "<boolean>",
; "isEnabled": "<boolean>",
; "message": "<string>",
; "name": "<string>",
; "options": {
; "complianceRuleOptions": {
; "complexRule": "<boolean>",
; "regoRule": {
; "policy": "<string>",
; "resourceTypes": [
; "<string>",
; "<string>"
; ]
; },
; "resourceType": "<string>"
; },
; "decreaseCriticalityBasedOnEnv": "<boolean>",
; "detectionMethod": "third_party",
; "evaluationWindow": 300,
; "hardcodedEvaluatorType": "log4shell",
; "impossibleTravelOptions": {
; "baselineUserLocations": "<boolean>"
; },
; "keepAlive": 300,
; "maxSignalDuration": 900,
; "newValueOptions": {
; "forgetAfter": 28,
; "learningDuration": 0,
; "learningMethod": "duration",
; "learningThreshold": 0
; }
; },
; "queries": [
; {
; "aggregation": "max",
; "distinctFields": [
; "<string>",
; "<string>"
; ],
; "groupByFields": [
; "<string>",
; "<string>"
; ],
; "metric": "<string>",
; "metrics": [
; "<string>",
; "<string>"
; ],
; "name": "<string>",
; "query": "<string>"
; },
; {
; "aggregation": "max",
; "distinctFields": [
; "<string>",
; "<string>"
; ],
; "groupByFields": [
; "<string>",
; "<string>"
; ],
; "metric": "<string>",
; "metrics": [
; "<string>",
; "<string>"
; ],
; "name": "<string>",
; "query": "<string>"
; }
; ],
; "tags": [
; "<string>",
; "<string>"
; ],
; "type": "application_security",
; "updateAuthorId": "<long>",
; "version": "<long>"
; }
; Sample code for parsing the JSON response...
; Use this online tool to generate parsing code from sample JSON: Generate JSON Parsing Code
condition.s
status.s
j.i
count_j.i
strVal.s
action.s
query.s
aggregation.s
metric.s
DefaultActivationStatus.s = CkJsonObject::ckStringOf(jResp,"complianceSignalOptions.defaultActivationStatus")
UserActivationStatus.s = CkJsonObject::ckStringOf(jResp,"complianceSignalOptions.userActivationStatus")
createdAt.s = CkJsonObject::ckStringOf(jResp,"createdAt")
creationAuthorId.s = CkJsonObject::ckStringOf(jResp,"creationAuthorId")
deprecationDate.s = CkJsonObject::ckStringOf(jResp,"deprecationDate")
hasExtendedTitle.s = CkJsonObject::ckStringOf(jResp,"hasExtendedTitle")
id.s = CkJsonObject::ckStringOf(jResp,"id")
isDefault.s = CkJsonObject::ckStringOf(jResp,"isDefault")
isDeleted.s = CkJsonObject::ckStringOf(jResp,"isDeleted")
isEnabled.s = CkJsonObject::ckStringOf(jResp,"isEnabled")
message.s = CkJsonObject::ckStringOf(jResp,"message")
name.s = CkJsonObject::ckStringOf(jResp,"name")
ComplexRule.s = CkJsonObject::ckStringOf(jResp,"options.complianceRuleOptions.complexRule")
Policy.s = CkJsonObject::ckStringOf(jResp,"options.complianceRuleOptions.regoRule.policy")
ResourceType.s = CkJsonObject::ckStringOf(jResp,"options.complianceRuleOptions.resourceType")
DecreaseCriticalityBasedOnEnv.s = CkJsonObject::ckStringOf(jResp,"options.decreaseCriticalityBasedOnEnv")
DetectionMethod.s = CkJsonObject::ckStringOf(jResp,"options.detectionMethod")
EvaluationWindow.i = CkJsonObject::ckIntOf(jResp,"options.evaluationWindow")
HardcodedEvaluatorType.s = CkJsonObject::ckStringOf(jResp,"options.hardcodedEvaluatorType")
BaselineUserLocations.s = CkJsonObject::ckStringOf(jResp,"options.impossibleTravelOptions.baselineUserLocations")
KeepAlive.i = CkJsonObject::ckIntOf(jResp,"options.keepAlive")
MaxSignalDuration.i = CkJsonObject::ckIntOf(jResp,"options.maxSignalDuration")
ForgetAfter.i = CkJsonObject::ckIntOf(jResp,"options.newValueOptions.forgetAfter")
LearningDuration.i = CkJsonObject::ckIntOf(jResp,"options.newValueOptions.learningDuration")
LearningMethod.s = CkJsonObject::ckStringOf(jResp,"options.newValueOptions.learningMethod")
LearningThreshold.i = CkJsonObject::ckIntOf(jResp,"options.newValueOptions.learningThreshold")
v_type.s = CkJsonObject::ckStringOf(jResp,"type")
updateAuthorId.s = CkJsonObject::ckStringOf(jResp,"updateAuthorId")
version.s = CkJsonObject::ckStringOf(jResp,"version")
i.i = 0
count_i.i = CkJsonObject::ckSizeOfArray(jResp,"cases")
While i < count_i
CkJsonObject::setCkI(jResp, i)
condition = CkJsonObject::ckStringOf(jResp,"cases[i].condition")
name = CkJsonObject::ckStringOf(jResp,"cases[i].name")
status = CkJsonObject::ckStringOf(jResp,"cases[i].status")
j = 0
count_j = CkJsonObject::ckSizeOfArray(jResp,"cases[i].notifications")
While j < count_j
CkJsonObject::setCkJ(jResp, j)
strVal = CkJsonObject::ckStringOf(jResp,"cases[i].notifications[j]")
j = j + 1
Wend
i = i + 1
Wend
i = 0
count_i = CkJsonObject::ckSizeOfArray(jResp,"complianceSignalOptions.defaultGroupByFields")
While i < count_i
CkJsonObject::setCkI(jResp, i)
strVal = CkJsonObject::ckStringOf(jResp,"complianceSignalOptions.defaultGroupByFields[i]")
i = i + 1
Wend
i = 0
count_i = CkJsonObject::ckSizeOfArray(jResp,"complianceSignalOptions.userGroupByFields")
While i < count_i
CkJsonObject::setCkI(jResp, i)
strVal = CkJsonObject::ckStringOf(jResp,"complianceSignalOptions.userGroupByFields[i]")
i = i + 1
Wend
i = 0
count_i = CkJsonObject::ckSizeOfArray(jResp,"filters")
While i < count_i
CkJsonObject::setCkI(jResp, i)
action = CkJsonObject::ckStringOf(jResp,"filters[i].action")
query = CkJsonObject::ckStringOf(jResp,"filters[i].query")
i = i + 1
Wend
i = 0
count_i = CkJsonObject::ckSizeOfArray(jResp,"options.complianceRuleOptions.regoRule.resourceTypes")
While i < count_i
CkJsonObject::setCkI(jResp, i)
strVal = CkJsonObject::ckStringOf(jResp,"options.complianceRuleOptions.regoRule.resourceTypes[i]")
i = i + 1
Wend
i = 0
count_i = CkJsonObject::ckSizeOfArray(jResp,"queries")
While i < count_i
CkJsonObject::setCkI(jResp, i)
aggregation = CkJsonObject::ckStringOf(jResp,"queries[i].aggregation")
metric = CkJsonObject::ckStringOf(jResp,"queries[i].metric")
name = CkJsonObject::ckStringOf(jResp,"queries[i].name")
query = CkJsonObject::ckStringOf(jResp,"queries[i].query")
j = 0
count_j = CkJsonObject::ckSizeOfArray(jResp,"queries[i].distinctFields")
While j < count_j
CkJsonObject::setCkJ(jResp, j)
strVal = CkJsonObject::ckStringOf(jResp,"queries[i].distinctFields[j]")
j = j + 1
Wend
j = 0
count_j = CkJsonObject::ckSizeOfArray(jResp,"queries[i].groupByFields")
While j < count_j
CkJsonObject::setCkJ(jResp, j)
strVal = CkJsonObject::ckStringOf(jResp,"queries[i].groupByFields[j]")
j = j + 1
Wend
j = 0
count_j = CkJsonObject::ckSizeOfArray(jResp,"queries[i].metrics")
While j < count_j
CkJsonObject::setCkJ(jResp, j)
strVal = CkJsonObject::ckStringOf(jResp,"queries[i].metrics[j]")
j = j + 1
Wend
i = i + 1
Wend
i = 0
count_i = CkJsonObject::ckSizeOfArray(jResp,"tags")
While i < count_i
CkJsonObject::setCkI(jResp, i)
strVal = CkJsonObject::ckStringOf(jResp,"tags[i]")
i = i + 1
Wend
CkHttp::ckDispose(http)
CkJsonObject::ckDispose(json)
CkStringBuilder::ckDispose(sbResponseBody)
CkJsonObject::ckDispose(jResp)
ProcedureReturn
EndProcedure
Curl Command
curl -X POST
-H "Content-Type: application/json"
-H "Accept: application/json"
-d '{
"name": "<string>",
"isEnabled": "<boolean>",
"queries": [
{
"aggregation": "count",
"distinctFields": [
"<string>",
"<string>"
],
"groupByFields": [
"<string>",
"<string>"
],
"metric": "<string>",
"metrics": [
"<string>",
"<string>"
],
"name": "<string>",
"query": "<string>"
},
{
"aggregation": "count",
"distinctFields": [
"<string>",
"<string>"
],
"groupByFields": [
"<string>",
"<string>"
],
"metric": "<string>",
"metrics": [
"<string>",
"<string>"
],
"name": "<string>",
"query": "<string>"
}
],
"options": {
"complianceRuleOptions": {
"complexRule": "<boolean>",
"regoRule": {
"policy": "<string>",
"resourceTypes": [
"<string>",
"<string>"
]
},
"resourceType": "<string>",
"incididuntfd5": {},
"Duis_3_": {},
"ipsum_965": {}
},
"decreaseCriticalityBasedOnEnv": "<boolean>",
"detectionMethod": "impossible_travel",
"evaluationWindow": 0,
"hardcodedEvaluatorType": "log4shell",
"impossibleTravelOptions": {
"baselineUserLocations": "<boolean>"
},
"keepAlive": 21600,
"maxSignalDuration": 21600,
"newValueOptions": {
"forgetAfter": 2,
"learningDuration": 0,
"learningMethod": "duration",
"learningThreshold": 0
}
},
"cases": [
{
"status": "critical",
"condition": "<string>",
"name": "<string>",
"notifications": [
"<string>",
"<string>"
]
},
{
"status": "low",
"condition": "<string>",
"name": "<string>",
"notifications": [
"<string>",
"<string>"
]
}
],
"message": "<string>",
"filters": [
{
"action": "suppress",
"query": "<string>"
},
{
"action": "require",
"query": "<string>"
}
],
"hasExtendedTitle": "<boolean>",
"tags": [
"<string>",
"<string>"
],
"type": "workload_security"
}'
https://api.app.ddog-gov.com/api/v2/security_monitoring/rules
Postman Collection Item JSON
{
"name": "Create a detection rule",
"request": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"name\": \"<string>\",\n \"isEnabled\": \"<boolean>\",\n \"queries\": [\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\",\n \"incididuntfd5\": {},\n \"Duis_3_\": {},\n \"ipsum_965\": {}\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"impossible_travel\",\n \"evaluationWindow\": 0,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 21600,\n \"maxSignalDuration\": 21600,\n \"newValueOptions\": {\n \"forgetAfter\": 2,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"cases\": [\n {\n \"status\": \"critical\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n {\n \"status\": \"low\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n }\n ],\n \"message\": \"<string>\",\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"require\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"type\": \"workload_security\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules"
]
},
"description": "Create a detection rule."
},
"response": [
{
"name": "OK",
"originalRequest": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"name\": \"<string>\",\n \"isEnabled\": \"<boolean>\",\n \"queries\": [\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\",\n \"incididuntfd5\": {},\n \"Duis_3_\": {},\n \"ipsum_965\": {}\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"impossible_travel\",\n \"evaluationWindow\": 0,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 21600,\n \"maxSignalDuration\": 21600,\n \"newValueOptions\": {\n \"forgetAfter\": 2,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"cases\": [\n {\n \"status\": \"critical\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n {\n \"status\": \"low\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n }\n ],\n \"message\": \"<string>\",\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"require\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"type\": \"workload_security\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules"
]
}
},
"status": "OK",
"code": 200,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"cases\": [\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"medium\"\n },\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n }\n ],\n \"complianceSignalOptions\": {\n \"defaultActivationStatus\": \"<boolean>\",\n \"defaultGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"userActivationStatus\": \"<boolean>\",\n \"userGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"createdAt\": \"<long>\",\n \"creationAuthorId\": \"<long>\",\n \"deprecationDate\": \"<long>\",\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"require\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"id\": \"<string>\",\n \"isDefault\": \"<boolean>\",\n \"isDeleted\": \"<boolean>\",\n \"isEnabled\": \"<boolean>\",\n \"message\": \"<string>\",\n \"name\": \"<string>\",\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\"\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"third_party\",\n \"evaluationWindow\": 300,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 300,\n \"maxSignalDuration\": 900,\n \"newValueOptions\": {\n \"forgetAfter\": 28,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"queries\": [\n {\n \"aggregation\": \"max\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"max\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"type\": \"application_security\",\n \"updateAuthorId\": \"<long>\",\n \"version\": \"<long>\"\n}"
},
{
"name": "Bad Request",
"originalRequest": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"name\": \"<string>\",\n \"isEnabled\": \"<boolean>\",\n \"queries\": [\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\",\n \"incididuntfd5\": {},\n \"Duis_3_\": {},\n \"ipsum_965\": {}\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"impossible_travel\",\n \"evaluationWindow\": 0,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 21600,\n \"maxSignalDuration\": 21600,\n \"newValueOptions\": {\n \"forgetAfter\": 2,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"cases\": [\n {\n \"status\": \"critical\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n {\n \"status\": \"low\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n }\n ],\n \"message\": \"<string>\",\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"require\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"type\": \"workload_security\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules"
]
}
},
"status": "Bad Request",
"code": 400,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
},
{
"name": "Not Authorized",
"originalRequest": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"name\": \"<string>\",\n \"isEnabled\": \"<boolean>\",\n \"queries\": [\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\",\n \"incididuntfd5\": {},\n \"Duis_3_\": {},\n \"ipsum_965\": {}\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"impossible_travel\",\n \"evaluationWindow\": 0,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 21600,\n \"maxSignalDuration\": 21600,\n \"newValueOptions\": {\n \"forgetAfter\": 2,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"cases\": [\n {\n \"status\": \"critical\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n {\n \"status\": \"low\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n }\n ],\n \"message\": \"<string>\",\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"require\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"type\": \"workload_security\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules"
]
}
},
"status": "Forbidden",
"code": 403,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
},
{
"name": "Too many requests",
"originalRequest": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"name\": \"<string>\",\n \"isEnabled\": \"<boolean>\",\n \"queries\": [\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\",\n \"incididuntfd5\": {},\n \"Duis_3_\": {},\n \"ipsum_965\": {}\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"impossible_travel\",\n \"evaluationWindow\": 0,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 21600,\n \"maxSignalDuration\": 21600,\n \"newValueOptions\": {\n \"forgetAfter\": 2,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"cases\": [\n {\n \"status\": \"critical\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n {\n \"status\": \"low\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n }\n ],\n \"message\": \"<string>\",\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"require\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"type\": \"workload_security\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules"
]
}
},
"status": "Too Many Requests",
"code": 429,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
}
]
}