Back to Collection Items
#include <C_CkHttp.h>
#include <C_CkJsonObject.h>
#include <C_CkHttpResponse.h>
#include <C_CkStringBuilder.h>
void ChilkatSample(void)
{
HCkHttp http;
BOOL success;
HCkJsonObject json;
HCkHttpResponse resp;
HCkStringBuilder sbResponseBody;
HCkJsonObject jResp;
int respStatusCode;
const char *condition;
const char *status;
int j;
int count_j;
const char *strVal;
const char *action;
const char *query;
const char *aggregation;
const char *metric;
const char *DefaultActivationStatus;
const char *UserActivationStatus;
const char *createdAt;
const char *creationAuthorId;
const char *deprecationDate;
const char *hasExtendedTitle;
const char *id;
const char *isDefault;
const char *isDeleted;
const char *isEnabled;
const char *message;
const char *name;
const char *ComplexRule;
const char *Policy;
const char *ResourceType;
const char *DecreaseCriticalityBasedOnEnv;
const char *DetectionMethod;
int EvaluationWindow;
const char *HardcodedEvaluatorType;
const char *BaselineUserLocations;
int KeepAlive;
int MaxSignalDuration;
int ForgetAfter;
int LearningDuration;
const char *LearningMethod;
int LearningThreshold;
const char *v_type;
const char *updateAuthorId;
const char *version;
int i;
int count_i;
// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
http = CkHttp_Create();
// Use this online tool to generate code from sample JSON: Generate Code to Create JSON
// The following JSON is sent in the request body.
// {
// "name": "<string>",
// "isEnabled": "<boolean>",
// "queries": [
// {
// "aggregation": "count",
// "distinctFields": [
// "<string>",
// "<string>"
// ],
// "groupByFields": [
// "<string>",
// "<string>"
// ],
// "metric": "<string>",
// "metrics": [
// "<string>",
// "<string>"
// ],
// "name": "<string>",
// "query": "<string>"
// },
// {
// "aggregation": "count",
// "distinctFields": [
// "<string>",
// "<string>"
// ],
// "groupByFields": [
// "<string>",
// "<string>"
// ],
// "metric": "<string>",
// "metrics": [
// "<string>",
// "<string>"
// ],
// "name": "<string>",
// "query": "<string>"
// }
// ],
// "options": {
// "complianceRuleOptions": {
// "complexRule": "<boolean>",
// "regoRule": {
// "policy": "<string>",
// "resourceTypes": [
// "<string>",
// "<string>"
// ]
// },
// "resourceType": "<string>",
// "incididuntfd5": {},
// "Duis_3_": {},
// "ipsum_965": {}
// },
// "decreaseCriticalityBasedOnEnv": "<boolean>",
// "detectionMethod": "impossible_travel",
// "evaluationWindow": 0,
// "hardcodedEvaluatorType": "log4shell",
// "impossibleTravelOptions": {
// "baselineUserLocations": "<boolean>"
// },
// "keepAlive": 21600,
// "maxSignalDuration": 21600,
// "newValueOptions": {
// "forgetAfter": 2,
// "learningDuration": 0,
// "learningMethod": "duration",
// "learningThreshold": 0
// }
// },
// "cases": [
// {
// "status": "critical",
// "condition": "<string>",
// "name": "<string>",
// "notifications": [
// "<string>",
// "<string>"
// ]
// },
// {
// "status": "low",
// "condition": "<string>",
// "name": "<string>",
// "notifications": [
// "<string>",
// "<string>"
// ]
// }
// ],
// "message": "<string>",
// "filters": [
// {
// "action": "suppress",
// "query": "<string>"
// },
// {
// "action": "require",
// "query": "<string>"
// }
// ],
// "hasExtendedTitle": "<boolean>",
// "tags": [
// "<string>",
// "<string>"
// ],
// "type": "workload_security"
// }
json = CkJsonObject_Create();
CkJsonObject_UpdateString(json,"name","<string>");
CkJsonObject_UpdateString(json,"isEnabled","<boolean>");
CkJsonObject_UpdateString(json,"queries[0].aggregation","count");
CkJsonObject_UpdateString(json,"queries[0].distinctFields[0]","<string>");
CkJsonObject_UpdateString(json,"queries[0].distinctFields[1]","<string>");
CkJsonObject_UpdateString(json,"queries[0].groupByFields[0]","<string>");
CkJsonObject_UpdateString(json,"queries[0].groupByFields[1]","<string>");
CkJsonObject_UpdateString(json,"queries[0].metric","<string>");
CkJsonObject_UpdateString(json,"queries[0].metrics[0]","<string>");
CkJsonObject_UpdateString(json,"queries[0].metrics[1]","<string>");
CkJsonObject_UpdateString(json,"queries[0].name","<string>");
CkJsonObject_UpdateString(json,"queries[0].query","<string>");
CkJsonObject_UpdateString(json,"queries[1].aggregation","count");
CkJsonObject_UpdateString(json,"queries[1].distinctFields[0]","<string>");
CkJsonObject_UpdateString(json,"queries[1].distinctFields[1]","<string>");
CkJsonObject_UpdateString(json,"queries[1].groupByFields[0]","<string>");
CkJsonObject_UpdateString(json,"queries[1].groupByFields[1]","<string>");
CkJsonObject_UpdateString(json,"queries[1].metric","<string>");
CkJsonObject_UpdateString(json,"queries[1].metrics[0]","<string>");
CkJsonObject_UpdateString(json,"queries[1].metrics[1]","<string>");
CkJsonObject_UpdateString(json,"queries[1].name","<string>");
CkJsonObject_UpdateString(json,"queries[1].query","<string>");
CkJsonObject_UpdateString(json,"options.complianceRuleOptions.complexRule","<boolean>");
CkJsonObject_UpdateString(json,"options.complianceRuleOptions.regoRule.policy","<string>");
CkJsonObject_UpdateString(json,"options.complianceRuleOptions.regoRule.resourceTypes[0]","<string>");
CkJsonObject_UpdateString(json,"options.complianceRuleOptions.regoRule.resourceTypes[1]","<string>");
CkJsonObject_UpdateString(json,"options.complianceRuleOptions.resourceType","<string>");
CkJsonObject_UpdateNewObject(json,"options.complianceRuleOptions.incididuntfd5");
CkJsonObject_UpdateNewObject(json,"options.complianceRuleOptions.Duis_3_");
CkJsonObject_UpdateNewObject(json,"options.complianceRuleOptions.ipsum_965");
CkJsonObject_UpdateString(json,"options.decreaseCriticalityBasedOnEnv","<boolean>");
CkJsonObject_UpdateString(json,"options.detectionMethod","impossible_travel");
CkJsonObject_UpdateInt(json,"options.evaluationWindow",0);
CkJsonObject_UpdateString(json,"options.hardcodedEvaluatorType","log4shell");
CkJsonObject_UpdateString(json,"options.impossibleTravelOptions.baselineUserLocations","<boolean>");
CkJsonObject_UpdateInt(json,"options.keepAlive",21600);
CkJsonObject_UpdateInt(json,"options.maxSignalDuration",21600);
CkJsonObject_UpdateInt(json,"options.newValueOptions.forgetAfter",2);
CkJsonObject_UpdateInt(json,"options.newValueOptions.learningDuration",0);
CkJsonObject_UpdateString(json,"options.newValueOptions.learningMethod","duration");
CkJsonObject_UpdateInt(json,"options.newValueOptions.learningThreshold",0);
CkJsonObject_UpdateString(json,"cases[0].status","critical");
CkJsonObject_UpdateString(json,"cases[0].condition","<string>");
CkJsonObject_UpdateString(json,"cases[0].name","<string>");
CkJsonObject_UpdateString(json,"cases[0].notifications[0]","<string>");
CkJsonObject_UpdateString(json,"cases[0].notifications[1]","<string>");
CkJsonObject_UpdateString(json,"cases[1].status","low");
CkJsonObject_UpdateString(json,"cases[1].condition","<string>");
CkJsonObject_UpdateString(json,"cases[1].name","<string>");
CkJsonObject_UpdateString(json,"cases[1].notifications[0]","<string>");
CkJsonObject_UpdateString(json,"cases[1].notifications[1]","<string>");
CkJsonObject_UpdateString(json,"message","<string>");
CkJsonObject_UpdateString(json,"filters[0].action","suppress");
CkJsonObject_UpdateString(json,"filters[0].query","<string>");
CkJsonObject_UpdateString(json,"filters[1].action","require");
CkJsonObject_UpdateString(json,"filters[1].query","<string>");
CkJsonObject_UpdateString(json,"hasExtendedTitle","<boolean>");
CkJsonObject_UpdateString(json,"tags[0]","<string>");
CkJsonObject_UpdateString(json,"tags[1]","<string>");
CkJsonObject_UpdateString(json,"type","workload_security");
CkHttp_SetRequestHeader(http,"Content-Type","application/json");
CkHttp_SetRequestHeader(http,"Accept","application/json");
resp = CkHttp_PostJson3(http,"https://api.app.ddog-gov.com/api/v2/security_monitoring/rules","application/json",json);
if (CkHttp_getLastMethodSuccess(http) == FALSE) {
printf("%s\n",CkHttp_lastErrorText(http));
CkHttp_Dispose(http);
CkJsonObject_Dispose(json);
return;
}
sbResponseBody = CkStringBuilder_Create();
CkHttpResponse_GetBodySb(resp,sbResponseBody);
jResp = CkJsonObject_Create();
CkJsonObject_LoadSb(jResp,sbResponseBody);
CkJsonObject_putEmitCompact(jResp,FALSE);
printf("Response Body:\n");
printf("%s\n",CkJsonObject_emit(jResp));
respStatusCode = CkHttpResponse_getStatusCode(resp);
printf("Response Status Code = %d\n",respStatusCode);
if (respStatusCode >= 400) {
printf("Response Header:\n");
printf("%s\n",CkHttpResponse_header(resp));
printf("Failed.\n");
CkHttpResponse_Dispose(resp);
CkHttp_Dispose(http);
CkJsonObject_Dispose(json);
CkStringBuilder_Dispose(sbResponseBody);
CkJsonObject_Dispose(jResp);
return;
}
CkHttpResponse_Dispose(resp);
// Sample JSON response:
// (Sample code for parsing the JSON response is shown below)
// {
// "cases": [
// {
// "condition": "<string>",
// "name": "<string>",
// "notifications": [
// "<string>",
// "<string>"
// ],
// "status": "medium"
// },
// {
// "condition": "<string>",
// "name": "<string>",
// "notifications": [
// "<string>",
// "<string>"
// ],
// "status": "critical"
// }
// ],
// "complianceSignalOptions": {
// "defaultActivationStatus": "<boolean>",
// "defaultGroupByFields": [
// "<string>",
// "<string>"
// ],
// "userActivationStatus": "<boolean>",
// "userGroupByFields": [
// "<string>",
// "<string>"
// ]
// },
// "createdAt": "<long>",
// "creationAuthorId": "<long>",
// "deprecationDate": "<long>",
// "filters": [
// {
// "action": "suppress",
// "query": "<string>"
// },
// {
// "action": "require",
// "query": "<string>"
// }
// ],
// "hasExtendedTitle": "<boolean>",
// "id": "<string>",
// "isDefault": "<boolean>",
// "isDeleted": "<boolean>",
// "isEnabled": "<boolean>",
// "message": "<string>",
// "name": "<string>",
// "options": {
// "complianceRuleOptions": {
// "complexRule": "<boolean>",
// "regoRule": {
// "policy": "<string>",
// "resourceTypes": [
// "<string>",
// "<string>"
// ]
// },
// "resourceType": "<string>"
// },
// "decreaseCriticalityBasedOnEnv": "<boolean>",
// "detectionMethod": "third_party",
// "evaluationWindow": 300,
// "hardcodedEvaluatorType": "log4shell",
// "impossibleTravelOptions": {
// "baselineUserLocations": "<boolean>"
// },
// "keepAlive": 300,
// "maxSignalDuration": 900,
// "newValueOptions": {
// "forgetAfter": 28,
// "learningDuration": 0,
// "learningMethod": "duration",
// "learningThreshold": 0
// }
// },
// "queries": [
// {
// "aggregation": "max",
// "distinctFields": [
// "<string>",
// "<string>"
// ],
// "groupByFields": [
// "<string>",
// "<string>"
// ],
// "metric": "<string>",
// "metrics": [
// "<string>",
// "<string>"
// ],
// "name": "<string>",
// "query": "<string>"
// },
// {
// "aggregation": "max",
// "distinctFields": [
// "<string>",
// "<string>"
// ],
// "groupByFields": [
// "<string>",
// "<string>"
// ],
// "metric": "<string>",
// "metrics": [
// "<string>",
// "<string>"
// ],
// "name": "<string>",
// "query": "<string>"
// }
// ],
// "tags": [
// "<string>",
// "<string>"
// ],
// "type": "application_security",
// "updateAuthorId": "<long>",
// "version": "<long>"
// }
// Sample code for parsing the JSON response...
// Use this online tool to generate parsing code from sample JSON: Generate JSON Parsing Code
// Chilkat functions returning "const char *" return a pointer to temporary internal memory owned and managed by Chilkat.
DefaultActivationStatus = CkJsonObject_stringOf(jResp,"complianceSignalOptions.defaultActivationStatus");
UserActivationStatus = CkJsonObject_stringOf(jResp,"complianceSignalOptions.userActivationStatus");
createdAt = CkJsonObject_stringOf(jResp,"createdAt");
creationAuthorId = CkJsonObject_stringOf(jResp,"creationAuthorId");
deprecationDate = CkJsonObject_stringOf(jResp,"deprecationDate");
hasExtendedTitle = CkJsonObject_stringOf(jResp,"hasExtendedTitle");
id = CkJsonObject_stringOf(jResp,"id");
isDefault = CkJsonObject_stringOf(jResp,"isDefault");
isDeleted = CkJsonObject_stringOf(jResp,"isDeleted");
isEnabled = CkJsonObject_stringOf(jResp,"isEnabled");
message = CkJsonObject_stringOf(jResp,"message");
name = CkJsonObject_stringOf(jResp,"name");
ComplexRule = CkJsonObject_stringOf(jResp,"options.complianceRuleOptions.complexRule");
Policy = CkJsonObject_stringOf(jResp,"options.complianceRuleOptions.regoRule.policy");
ResourceType = CkJsonObject_stringOf(jResp,"options.complianceRuleOptions.resourceType");
DecreaseCriticalityBasedOnEnv = CkJsonObject_stringOf(jResp,"options.decreaseCriticalityBasedOnEnv");
DetectionMethod = CkJsonObject_stringOf(jResp,"options.detectionMethod");
EvaluationWindow = CkJsonObject_IntOf(jResp,"options.evaluationWindow");
HardcodedEvaluatorType = CkJsonObject_stringOf(jResp,"options.hardcodedEvaluatorType");
BaselineUserLocations = CkJsonObject_stringOf(jResp,"options.impossibleTravelOptions.baselineUserLocations");
KeepAlive = CkJsonObject_IntOf(jResp,"options.keepAlive");
MaxSignalDuration = CkJsonObject_IntOf(jResp,"options.maxSignalDuration");
ForgetAfter = CkJsonObject_IntOf(jResp,"options.newValueOptions.forgetAfter");
LearningDuration = CkJsonObject_IntOf(jResp,"options.newValueOptions.learningDuration");
LearningMethod = CkJsonObject_stringOf(jResp,"options.newValueOptions.learningMethod");
LearningThreshold = CkJsonObject_IntOf(jResp,"options.newValueOptions.learningThreshold");
v_type = CkJsonObject_stringOf(jResp,"type");
updateAuthorId = CkJsonObject_stringOf(jResp,"updateAuthorId");
version = CkJsonObject_stringOf(jResp,"version");
i = 0;
count_i = CkJsonObject_SizeOfArray(jResp,"cases");
while (i < count_i) {
CkJsonObject_putI(jResp,i);
condition = CkJsonObject_stringOf(jResp,"cases[i].condition");
name = CkJsonObject_stringOf(jResp,"cases[i].name");
status = CkJsonObject_stringOf(jResp,"cases[i].status");
j = 0;
count_j = CkJsonObject_SizeOfArray(jResp,"cases[i].notifications");
while (j < count_j) {
CkJsonObject_putJ(jResp,j);
strVal = CkJsonObject_stringOf(jResp,"cases[i].notifications[j]");
j = j + 1;
}
i = i + 1;
}
i = 0;
count_i = CkJsonObject_SizeOfArray(jResp,"complianceSignalOptions.defaultGroupByFields");
while (i < count_i) {
CkJsonObject_putI(jResp,i);
strVal = CkJsonObject_stringOf(jResp,"complianceSignalOptions.defaultGroupByFields[i]");
i = i + 1;
}
i = 0;
count_i = CkJsonObject_SizeOfArray(jResp,"complianceSignalOptions.userGroupByFields");
while (i < count_i) {
CkJsonObject_putI(jResp,i);
strVal = CkJsonObject_stringOf(jResp,"complianceSignalOptions.userGroupByFields[i]");
i = i + 1;
}
i = 0;
count_i = CkJsonObject_SizeOfArray(jResp,"filters");
while (i < count_i) {
CkJsonObject_putI(jResp,i);
action = CkJsonObject_stringOf(jResp,"filters[i].action");
query = CkJsonObject_stringOf(jResp,"filters[i].query");
i = i + 1;
}
i = 0;
count_i = CkJsonObject_SizeOfArray(jResp,"options.complianceRuleOptions.regoRule.resourceTypes");
while (i < count_i) {
CkJsonObject_putI(jResp,i);
strVal = CkJsonObject_stringOf(jResp,"options.complianceRuleOptions.regoRule.resourceTypes[i]");
i = i + 1;
}
i = 0;
count_i = CkJsonObject_SizeOfArray(jResp,"queries");
while (i < count_i) {
CkJsonObject_putI(jResp,i);
aggregation = CkJsonObject_stringOf(jResp,"queries[i].aggregation");
metric = CkJsonObject_stringOf(jResp,"queries[i].metric");
name = CkJsonObject_stringOf(jResp,"queries[i].name");
query = CkJsonObject_stringOf(jResp,"queries[i].query");
j = 0;
count_j = CkJsonObject_SizeOfArray(jResp,"queries[i].distinctFields");
while (j < count_j) {
CkJsonObject_putJ(jResp,j);
strVal = CkJsonObject_stringOf(jResp,"queries[i].distinctFields[j]");
j = j + 1;
}
j = 0;
count_j = CkJsonObject_SizeOfArray(jResp,"queries[i].groupByFields");
while (j < count_j) {
CkJsonObject_putJ(jResp,j);
strVal = CkJsonObject_stringOf(jResp,"queries[i].groupByFields[j]");
j = j + 1;
}
j = 0;
count_j = CkJsonObject_SizeOfArray(jResp,"queries[i].metrics");
while (j < count_j) {
CkJsonObject_putJ(jResp,j);
strVal = CkJsonObject_stringOf(jResp,"queries[i].metrics[j]");
j = j + 1;
}
i = i + 1;
}
i = 0;
count_i = CkJsonObject_SizeOfArray(jResp,"tags");
while (i < count_i) {
CkJsonObject_putI(jResp,i);
strVal = CkJsonObject_stringOf(jResp,"tags[i]");
i = i + 1;
}
CkHttp_Dispose(http);
CkJsonObject_Dispose(json);
CkStringBuilder_Dispose(sbResponseBody);
CkJsonObject_Dispose(jResp);
}
Curl Command
curl -X POST
-H "Content-Type: application/json"
-H "Accept: application/json"
-d '{
"name": "<string>",
"isEnabled": "<boolean>",
"queries": [
{
"aggregation": "count",
"distinctFields": [
"<string>",
"<string>"
],
"groupByFields": [
"<string>",
"<string>"
],
"metric": "<string>",
"metrics": [
"<string>",
"<string>"
],
"name": "<string>",
"query": "<string>"
},
{
"aggregation": "count",
"distinctFields": [
"<string>",
"<string>"
],
"groupByFields": [
"<string>",
"<string>"
],
"metric": "<string>",
"metrics": [
"<string>",
"<string>"
],
"name": "<string>",
"query": "<string>"
}
],
"options": {
"complianceRuleOptions": {
"complexRule": "<boolean>",
"regoRule": {
"policy": "<string>",
"resourceTypes": [
"<string>",
"<string>"
]
},
"resourceType": "<string>",
"incididuntfd5": {},
"Duis_3_": {},
"ipsum_965": {}
},
"decreaseCriticalityBasedOnEnv": "<boolean>",
"detectionMethod": "impossible_travel",
"evaluationWindow": 0,
"hardcodedEvaluatorType": "log4shell",
"impossibleTravelOptions": {
"baselineUserLocations": "<boolean>"
},
"keepAlive": 21600,
"maxSignalDuration": 21600,
"newValueOptions": {
"forgetAfter": 2,
"learningDuration": 0,
"learningMethod": "duration",
"learningThreshold": 0
}
},
"cases": [
{
"status": "critical",
"condition": "<string>",
"name": "<string>",
"notifications": [
"<string>",
"<string>"
]
},
{
"status": "low",
"condition": "<string>",
"name": "<string>",
"notifications": [
"<string>",
"<string>"
]
}
],
"message": "<string>",
"filters": [
{
"action": "suppress",
"query": "<string>"
},
{
"action": "require",
"query": "<string>"
}
],
"hasExtendedTitle": "<boolean>",
"tags": [
"<string>",
"<string>"
],
"type": "workload_security"
}'
https://api.app.ddog-gov.com/api/v2/security_monitoring/rules
Postman Collection Item JSON
{
"name": "Create a detection rule",
"request": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"name\": \"<string>\",\n \"isEnabled\": \"<boolean>\",\n \"queries\": [\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\",\n \"incididuntfd5\": {},\n \"Duis_3_\": {},\n \"ipsum_965\": {}\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"impossible_travel\",\n \"evaluationWindow\": 0,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 21600,\n \"maxSignalDuration\": 21600,\n \"newValueOptions\": {\n \"forgetAfter\": 2,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"cases\": [\n {\n \"status\": \"critical\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n {\n \"status\": \"low\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n }\n ],\n \"message\": \"<string>\",\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"require\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"type\": \"workload_security\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules"
]
},
"description": "Create a detection rule."
},
"response": [
{
"name": "OK",
"originalRequest": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"name\": \"<string>\",\n \"isEnabled\": \"<boolean>\",\n \"queries\": [\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\",\n \"incididuntfd5\": {},\n \"Duis_3_\": {},\n \"ipsum_965\": {}\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"impossible_travel\",\n \"evaluationWindow\": 0,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 21600,\n \"maxSignalDuration\": 21600,\n \"newValueOptions\": {\n \"forgetAfter\": 2,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"cases\": [\n {\n \"status\": \"critical\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n {\n \"status\": \"low\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n }\n ],\n \"message\": \"<string>\",\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"require\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"type\": \"workload_security\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules"
]
}
},
"status": "OK",
"code": 200,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"cases\": [\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"medium\"\n },\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n }\n ],\n \"complianceSignalOptions\": {\n \"defaultActivationStatus\": \"<boolean>\",\n \"defaultGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"userActivationStatus\": \"<boolean>\",\n \"userGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"createdAt\": \"<long>\",\n \"creationAuthorId\": \"<long>\",\n \"deprecationDate\": \"<long>\",\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"require\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"id\": \"<string>\",\n \"isDefault\": \"<boolean>\",\n \"isDeleted\": \"<boolean>\",\n \"isEnabled\": \"<boolean>\",\n \"message\": \"<string>\",\n \"name\": \"<string>\",\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\"\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"third_party\",\n \"evaluationWindow\": 300,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 300,\n \"maxSignalDuration\": 900,\n \"newValueOptions\": {\n \"forgetAfter\": 28,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"queries\": [\n {\n \"aggregation\": \"max\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"max\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"type\": \"application_security\",\n \"updateAuthorId\": \"<long>\",\n \"version\": \"<long>\"\n}"
},
{
"name": "Bad Request",
"originalRequest": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"name\": \"<string>\",\n \"isEnabled\": \"<boolean>\",\n \"queries\": [\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\",\n \"incididuntfd5\": {},\n \"Duis_3_\": {},\n \"ipsum_965\": {}\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"impossible_travel\",\n \"evaluationWindow\": 0,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 21600,\n \"maxSignalDuration\": 21600,\n \"newValueOptions\": {\n \"forgetAfter\": 2,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"cases\": [\n {\n \"status\": \"critical\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n {\n \"status\": \"low\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n }\n ],\n \"message\": \"<string>\",\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"require\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"type\": \"workload_security\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules"
]
}
},
"status": "Bad Request",
"code": 400,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
},
{
"name": "Not Authorized",
"originalRequest": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"name\": \"<string>\",\n \"isEnabled\": \"<boolean>\",\n \"queries\": [\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\",\n \"incididuntfd5\": {},\n \"Duis_3_\": {},\n \"ipsum_965\": {}\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"impossible_travel\",\n \"evaluationWindow\": 0,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 21600,\n \"maxSignalDuration\": 21600,\n \"newValueOptions\": {\n \"forgetAfter\": 2,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"cases\": [\n {\n \"status\": \"critical\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n {\n \"status\": \"low\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n }\n ],\n \"message\": \"<string>\",\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"require\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"type\": \"workload_security\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules"
]
}
},
"status": "Forbidden",
"code": 403,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
},
{
"name": "Too many requests",
"originalRequest": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"name\": \"<string>\",\n \"isEnabled\": \"<boolean>\",\n \"queries\": [\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\",\n \"incididuntfd5\": {},\n \"Duis_3_\": {},\n \"ipsum_965\": {}\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"impossible_travel\",\n \"evaluationWindow\": 0,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 21600,\n \"maxSignalDuration\": 21600,\n \"newValueOptions\": {\n \"forgetAfter\": 2,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"cases\": [\n {\n \"status\": \"critical\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n {\n \"status\": \"low\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n }\n ],\n \"message\": \"<string>\",\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"require\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"type\": \"workload_security\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules"
]
}
},
"status": "Too Many Requests",
"code": 429,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
}
]
}
