Chilkat Online Tools

Foxpro / Datadog API Collection / Create a detection rule

Back to Collection Items

LOCAL loHttp
LOCAL lnSuccess
LOCAL loJson
LOCAL loResp
LOCAL loSbResponseBody
LOCAL loJResp
LOCAL lnRespStatusCode
LOCAL lcCondition
LOCAL lcStatus
LOCAL j
LOCAL lnCount_j
LOCAL lcStrVal
LOCAL lcAction
LOCAL lcQuery
LOCAL lcAggregation
LOCAL lcMetric
LOCAL lcDefaultActivationStatus
LOCAL lcUserActivationStatus
LOCAL lcCreatedAt
LOCAL lcCreationAuthorId
LOCAL lcDeprecationDate
LOCAL lcHasExtendedTitle
LOCAL lcId
LOCAL lcIsDefault
LOCAL lcIsDeleted
LOCAL lcIsEnabled
LOCAL lcMessage
LOCAL lcName
LOCAL lcComplexRule
LOCAL lcPolicy
LOCAL lcResourceType
LOCAL lcDecreaseCriticalityBasedOnEnv
LOCAL lcDetectionMethod
LOCAL lnEvaluationWindow
LOCAL lcHardcodedEvaluatorType
LOCAL lcBaselineUserLocations
LOCAL lnKeepAlive
LOCAL lnMaxSignalDuration
LOCAL lnForgetAfter
LOCAL lnLearningDuration
LOCAL lcLearningMethod
LOCAL lnLearningThreshold
LOCAL lcV_type
LOCAL lcUpdateAuthorId
LOCAL lcVersion
LOCAL i
LOCAL lnCount_i

* This example assumes the Chilkat API to have been previously unlocked.
* See Global Unlock Sample for sample code.

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.Http')
loHttp = CreateObject('Chilkat.Http')

* Use this online tool to generate code from sample JSON: Generate Code to Create JSON

* The following JSON is sent in the request body.

* {
*   "name": "<string>",
*   "isEnabled": "<boolean>",
*   "queries": [
*     {
*       "aggregation": "count",
*       "distinctFields": [
*         "<string>",
*         "<string>"
*       ],
*       "groupByFields": [
*         "<string>",
*         "<string>"
*       ],
*       "metric": "<string>",
*       "metrics": [
*         "<string>",
*         "<string>"
*       ],
*       "name": "<string>",
*       "query": "<string>"
*     },
*     {
*       "aggregation": "count",
*       "distinctFields": [
*         "<string>",
*         "<string>"
*       ],
*       "groupByFields": [
*         "<string>",
*         "<string>"
*       ],
*       "metric": "<string>",
*       "metrics": [
*         "<string>",
*         "<string>"
*       ],
*       "name": "<string>",
*       "query": "<string>"
*     }
*   ],
*   "options": {
*     "complianceRuleOptions": {
*       "complexRule": "<boolean>",
*       "regoRule": {
*         "policy": "<string>",
*         "resourceTypes": [
*           "<string>",
*           "<string>"
*         ]
*       },
*       "resourceType": "<string>",
*       "incididuntfd5": {},
*       "Duis_3_": {},
*       "ipsum_965": {}
*     },
*     "decreaseCriticalityBasedOnEnv": "<boolean>",
*     "detectionMethod": "impossible_travel",
*     "evaluationWindow": 0,
*     "hardcodedEvaluatorType": "log4shell",
*     "impossibleTravelOptions": {
*       "baselineUserLocations": "<boolean>"
*     },
*     "keepAlive": 21600,
*     "maxSignalDuration": 21600,
*     "newValueOptions": {
*       "forgetAfter": 2,
*       "learningDuration": 0,
*       "learningMethod": "duration",
*       "learningThreshold": 0
*     }
*   },
*   "cases": [
*     {
*       "status": "critical",
*       "condition": "<string>",
*       "name": "<string>",
*       "notifications": [
*         "<string>",
*         "<string>"
*       ]
*     },
*     {
*       "status": "low",
*       "condition": "<string>",
*       "name": "<string>",
*       "notifications": [
*         "<string>",
*         "<string>"
*       ]
*     }
*   ],
*   "message": "<string>",
*   "filters": [
*     {
*       "action": "suppress",
*       "query": "<string>"
*     },
*     {
*       "action": "require",
*       "query": "<string>"
*     }
*   ],
*   "hasExtendedTitle": "<boolean>",
*   "tags": [
*     "<string>",
*     "<string>"
*   ],
*   "type": "workload_security"
* }

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.JsonObject')
loJson = CreateObject('Chilkat.JsonObject')
loJson.UpdateString("name","<string>")
loJson.UpdateString("isEnabled","<boolean>")
loJson.UpdateString("queries[0].aggregation","count")
loJson.UpdateString("queries[0].distinctFields[0]","<string>")
loJson.UpdateString("queries[0].distinctFields[1]","<string>")
loJson.UpdateString("queries[0].groupByFields[0]","<string>")
loJson.UpdateString("queries[0].groupByFields[1]","<string>")
loJson.UpdateString("queries[0].metric","<string>")
loJson.UpdateString("queries[0].metrics[0]","<string>")
loJson.UpdateString("queries[0].metrics[1]","<string>")
loJson.UpdateString("queries[0].name","<string>")
loJson.UpdateString("queries[0].query","<string>")
loJson.UpdateString("queries[1].aggregation","count")
loJson.UpdateString("queries[1].distinctFields[0]","<string>")
loJson.UpdateString("queries[1].distinctFields[1]","<string>")
loJson.UpdateString("queries[1].groupByFields[0]","<string>")
loJson.UpdateString("queries[1].groupByFields[1]","<string>")
loJson.UpdateString("queries[1].metric","<string>")
loJson.UpdateString("queries[1].metrics[0]","<string>")
loJson.UpdateString("queries[1].metrics[1]","<string>")
loJson.UpdateString("queries[1].name","<string>")
loJson.UpdateString("queries[1].query","<string>")
loJson.UpdateString("options.complianceRuleOptions.complexRule","<boolean>")
loJson.UpdateString("options.complianceRuleOptions.regoRule.policy","<string>")
loJson.UpdateString("options.complianceRuleOptions.regoRule.resourceTypes[0]","<string>")
loJson.UpdateString("options.complianceRuleOptions.regoRule.resourceTypes[1]","<string>")
loJson.UpdateString("options.complianceRuleOptions.resourceType","<string>")
loJson.UpdateNewObject("options.complianceRuleOptions.incididuntfd5")
loJson.UpdateNewObject("options.complianceRuleOptions.Duis_3_")
loJson.UpdateNewObject("options.complianceRuleOptions.ipsum_965")
loJson.UpdateString("options.decreaseCriticalityBasedOnEnv","<boolean>")
loJson.UpdateString("options.detectionMethod","impossible_travel")
loJson.UpdateInt("options.evaluationWindow",0)
loJson.UpdateString("options.hardcodedEvaluatorType","log4shell")
loJson.UpdateString("options.impossibleTravelOptions.baselineUserLocations","<boolean>")
loJson.UpdateInt("options.keepAlive",21600)
loJson.UpdateInt("options.maxSignalDuration",21600)
loJson.UpdateInt("options.newValueOptions.forgetAfter",2)
loJson.UpdateInt("options.newValueOptions.learningDuration",0)
loJson.UpdateString("options.newValueOptions.learningMethod","duration")
loJson.UpdateInt("options.newValueOptions.learningThreshold",0)
loJson.UpdateString("cases[0].status","critical")
loJson.UpdateString("cases[0].condition","<string>")
loJson.UpdateString("cases[0].name","<string>")
loJson.UpdateString("cases[0].notifications[0]","<string>")
loJson.UpdateString("cases[0].notifications[1]","<string>")
loJson.UpdateString("cases[1].status","low")
loJson.UpdateString("cases[1].condition","<string>")
loJson.UpdateString("cases[1].name","<string>")
loJson.UpdateString("cases[1].notifications[0]","<string>")
loJson.UpdateString("cases[1].notifications[1]","<string>")
loJson.UpdateString("message","<string>")
loJson.UpdateString("filters[0].action","suppress")
loJson.UpdateString("filters[0].query","<string>")
loJson.UpdateString("filters[1].action","require")
loJson.UpdateString("filters[1].query","<string>")
loJson.UpdateString("hasExtendedTitle","<boolean>")
loJson.UpdateString("tags[0]","<string>")
loJson.UpdateString("tags[1]","<string>")
loJson.UpdateString("type","workload_security")

loHttp.SetRequestHeader("Content-Type","application/json")
loHttp.SetRequestHeader("Accept","application/json")

loResp = loHttp.PostJson3("https://api.app.ddog-gov.com/api/v2/security_monitoring/rules","application/json",loJson)
IF (loHttp.LastMethodSuccess = 0) THEN
    ? loHttp.LastErrorText
    RELEASE loHttp
    RELEASE loJson
    CANCEL
ENDIF

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.StringBuilder')
loSbResponseBody = CreateObject('Chilkat.StringBuilder')
loResp.GetBodySb(loSbResponseBody)

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.JsonObject')
loJResp = CreateObject('Chilkat.JsonObject')
loJResp.LoadSb(loSbResponseBody)
loJResp.EmitCompact = 0

? "Response Body:"
? loJResp.Emit()

lnRespStatusCode = loResp.StatusCode
? "Response Status Code = " + STR(lnRespStatusCode)
IF (lnRespStatusCode >= 400) THEN
    ? "Response Header:"
    ? loResp.Header
    ? "Failed."
    RELEASE loResp
    RELEASE loHttp
    RELEASE loJson
    RELEASE loSbResponseBody
    RELEASE loJResp
    CANCEL
ENDIF

RELEASE loResp

* Sample JSON response:
* (Sample code for parsing the JSON response is shown below)

* {
*   "cases": [
*     {
*       "condition": "<string>",
*       "name": "<string>",
*       "notifications": [
*         "<string>",
*         "<string>"
*       ],
*       "status": "medium"
*     },
*     {
*       "condition": "<string>",
*       "name": "<string>",
*       "notifications": [
*         "<string>",
*         "<string>"
*       ],
*       "status": "critical"
*     }
*   ],
*   "complianceSignalOptions": {
*     "defaultActivationStatus": "<boolean>",
*     "defaultGroupByFields": [
*       "<string>",
*       "<string>"
*     ],
*     "userActivationStatus": "<boolean>",
*     "userGroupByFields": [
*       "<string>",
*       "<string>"
*     ]
*   },
*   "createdAt": "<long>",
*   "creationAuthorId": "<long>",
*   "deprecationDate": "<long>",
*   "filters": [
*     {
*       "action": "suppress",
*       "query": "<string>"
*     },
*     {
*       "action": "require",
*       "query": "<string>"
*     }
*   ],
*   "hasExtendedTitle": "<boolean>",
*   "id": "<string>",
*   "isDefault": "<boolean>",
*   "isDeleted": "<boolean>",
*   "isEnabled": "<boolean>",
*   "message": "<string>",
*   "name": "<string>",
*   "options": {
*     "complianceRuleOptions": {
*       "complexRule": "<boolean>",
*       "regoRule": {
*         "policy": "<string>",
*         "resourceTypes": [
*           "<string>",
*           "<string>"
*         ]
*       },
*       "resourceType": "<string>"
*     },
*     "decreaseCriticalityBasedOnEnv": "<boolean>",
*     "detectionMethod": "third_party",
*     "evaluationWindow": 300,
*     "hardcodedEvaluatorType": "log4shell",
*     "impossibleTravelOptions": {
*       "baselineUserLocations": "<boolean>"
*     },
*     "keepAlive": 300,
*     "maxSignalDuration": 900,
*     "newValueOptions": {
*       "forgetAfter": 28,
*       "learningDuration": 0,
*       "learningMethod": "duration",
*       "learningThreshold": 0
*     }
*   },
*   "queries": [
*     {
*       "aggregation": "max",
*       "distinctFields": [
*         "<string>",
*         "<string>"
*       ],
*       "groupByFields": [
*         "<string>",
*         "<string>"
*       ],
*       "metric": "<string>",
*       "metrics": [
*         "<string>",
*         "<string>"
*       ],
*       "name": "<string>",
*       "query": "<string>"
*     },
*     {
*       "aggregation": "max",
*       "distinctFields": [
*         "<string>",
*         "<string>"
*       ],
*       "groupByFields": [
*         "<string>",
*         "<string>"
*       ],
*       "metric": "<string>",
*       "metrics": [
*         "<string>",
*         "<string>"
*       ],
*       "name": "<string>",
*       "query": "<string>"
*     }
*   ],
*   "tags": [
*     "<string>",
*     "<string>"
*   ],
*   "type": "application_security",
*   "updateAuthorId": "<long>",
*   "version": "<long>"
* }

* Sample code for parsing the JSON response...
* Use this online tool to generate parsing code from sample JSON: Generate JSON Parsing Code

lcDefaultActivationStatus = loJResp.StringOf("complianceSignalOptions.defaultActivationStatus")
lcUserActivationStatus = loJResp.StringOf("complianceSignalOptions.userActivationStatus")
lcCreatedAt = loJResp.StringOf("createdAt")
lcCreationAuthorId = loJResp.StringOf("creationAuthorId")
lcDeprecationDate = loJResp.StringOf("deprecationDate")
lcHasExtendedTitle = loJResp.StringOf("hasExtendedTitle")
lcId = loJResp.StringOf("id")
lcIsDefault = loJResp.StringOf("isDefault")
lcIsDeleted = loJResp.StringOf("isDeleted")
lcIsEnabled = loJResp.StringOf("isEnabled")
lcMessage = loJResp.StringOf("message")
lcName = loJResp.StringOf("name")
lcComplexRule = loJResp.StringOf("options.complianceRuleOptions.complexRule")
lcPolicy = loJResp.StringOf("options.complianceRuleOptions.regoRule.policy")
lcResourceType = loJResp.StringOf("options.complianceRuleOptions.resourceType")
lcDecreaseCriticalityBasedOnEnv = loJResp.StringOf("options.decreaseCriticalityBasedOnEnv")
lcDetectionMethod = loJResp.StringOf("options.detectionMethod")
lnEvaluationWindow = loJResp.IntOf("options.evaluationWindow")
lcHardcodedEvaluatorType = loJResp.StringOf("options.hardcodedEvaluatorType")
lcBaselineUserLocations = loJResp.StringOf("options.impossibleTravelOptions.baselineUserLocations")
lnKeepAlive = loJResp.IntOf("options.keepAlive")
lnMaxSignalDuration = loJResp.IntOf("options.maxSignalDuration")
lnForgetAfter = loJResp.IntOf("options.newValueOptions.forgetAfter")
lnLearningDuration = loJResp.IntOf("options.newValueOptions.learningDuration")
lcLearningMethod = loJResp.StringOf("options.newValueOptions.learningMethod")
lnLearningThreshold = loJResp.IntOf("options.newValueOptions.learningThreshold")
lcV_type = loJResp.StringOf("type")
lcUpdateAuthorId = loJResp.StringOf("updateAuthorId")
lcVersion = loJResp.StringOf("version")
i = 0
lnCount_i = loJResp.SizeOfArray("cases")
DO WHILE i < lnCount_i
    loJResp.I = i
    lcCondition = loJResp.StringOf("cases[i].condition")
    lcName = loJResp.StringOf("cases[i].name")
    lcStatus = loJResp.StringOf("cases[i].status")
    j = 0
    lnCount_j = loJResp.SizeOfArray("cases[i].notifications")
    DO WHILE j < lnCount_j
        loJResp.J = j
        lcStrVal = loJResp.StringOf("cases[i].notifications[j]")
        j = j + 1
    ENDDO
    i = i + 1
ENDDO
i = 0
lnCount_i = loJResp.SizeOfArray("complianceSignalOptions.defaultGroupByFields")
DO WHILE i < lnCount_i
    loJResp.I = i
    lcStrVal = loJResp.StringOf("complianceSignalOptions.defaultGroupByFields[i]")
    i = i + 1
ENDDO
i = 0
lnCount_i = loJResp.SizeOfArray("complianceSignalOptions.userGroupByFields")
DO WHILE i < lnCount_i
    loJResp.I = i
    lcStrVal = loJResp.StringOf("complianceSignalOptions.userGroupByFields[i]")
    i = i + 1
ENDDO
i = 0
lnCount_i = loJResp.SizeOfArray("filters")
DO WHILE i < lnCount_i
    loJResp.I = i
    lcAction = loJResp.StringOf("filters[i].action")
    lcQuery = loJResp.StringOf("filters[i].query")
    i = i + 1
ENDDO
i = 0
lnCount_i = loJResp.SizeOfArray("options.complianceRuleOptions.regoRule.resourceTypes")
DO WHILE i < lnCount_i
    loJResp.I = i
    lcStrVal = loJResp.StringOf("options.complianceRuleOptions.regoRule.resourceTypes[i]")
    i = i + 1
ENDDO
i = 0
lnCount_i = loJResp.SizeOfArray("queries")
DO WHILE i < lnCount_i
    loJResp.I = i
    lcAggregation = loJResp.StringOf("queries[i].aggregation")
    lcMetric = loJResp.StringOf("queries[i].metric")
    lcName = loJResp.StringOf("queries[i].name")
    lcQuery = loJResp.StringOf("queries[i].query")
    j = 0
    lnCount_j = loJResp.SizeOfArray("queries[i].distinctFields")
    DO WHILE j < lnCount_j
        loJResp.J = j
        lcStrVal = loJResp.StringOf("queries[i].distinctFields[j]")
        j = j + 1
    ENDDO
    j = 0
    lnCount_j = loJResp.SizeOfArray("queries[i].groupByFields")
    DO WHILE j < lnCount_j
        loJResp.J = j
        lcStrVal = loJResp.StringOf("queries[i].groupByFields[j]")
        j = j + 1
    ENDDO
    j = 0
    lnCount_j = loJResp.SizeOfArray("queries[i].metrics")
    DO WHILE j < lnCount_j
        loJResp.J = j
        lcStrVal = loJResp.StringOf("queries[i].metrics[j]")
        j = j + 1
    ENDDO
    i = i + 1
ENDDO
i = 0
lnCount_i = loJResp.SizeOfArray("tags")
DO WHILE i < lnCount_i
    loJResp.I = i
    lcStrVal = loJResp.StringOf("tags[i]")
    i = i + 1
ENDDO

RELEASE loHttp
RELEASE loJson
RELEASE loSbResponseBody
RELEASE loJResp

Curl Command

curl -X POST
	-H "Content-Type: application/json"
	-H "Accept: application/json"
	-d '{
  "name": "<string>",
  "isEnabled": "<boolean>",
  "queries": [
    {
      "aggregation": "count",
      "distinctFields": [
        "<string>",
        "<string>"
      ],
      "groupByFields": [
        "<string>",
        "<string>"
      ],
      "metric": "<string>",
      "metrics": [
        "<string>",
        "<string>"
      ],
      "name": "<string>",
      "query": "<string>"
    },
    {
      "aggregation": "count",
      "distinctFields": [
        "<string>",
        "<string>"
      ],
      "groupByFields": [
        "<string>",
        "<string>"
      ],
      "metric": "<string>",
      "metrics": [
        "<string>",
        "<string>"
      ],
      "name": "<string>",
      "query": "<string>"
    }
  ],
  "options": {
    "complianceRuleOptions": {
      "complexRule": "<boolean>",
      "regoRule": {
        "policy": "<string>",
        "resourceTypes": [
          "<string>",
          "<string>"
        ]
      },
      "resourceType": "<string>",
      "incididuntfd5": {},
      "Duis_3_": {},
      "ipsum_965": {}
    },
    "decreaseCriticalityBasedOnEnv": "<boolean>",
    "detectionMethod": "impossible_travel",
    "evaluationWindow": 0,
    "hardcodedEvaluatorType": "log4shell",
    "impossibleTravelOptions": {
      "baselineUserLocations": "<boolean>"
    },
    "keepAlive": 21600,
    "maxSignalDuration": 21600,
    "newValueOptions": {
      "forgetAfter": 2,
      "learningDuration": 0,
      "learningMethod": "duration",
      "learningThreshold": 0
    }
  },
  "cases": [
    {
      "status": "critical",
      "condition": "<string>",
      "name": "<string>",
      "notifications": [
        "<string>",
        "<string>"
      ]
    },
    {
      "status": "low",
      "condition": "<string>",
      "name": "<string>",
      "notifications": [
        "<string>",
        "<string>"
      ]
    }
  ],
  "message": "<string>",
  "filters": [
    {
      "action": "suppress",
      "query": "<string>"
    },
    {
      "action": "require",
      "query": "<string>"
    }
  ],
  "hasExtendedTitle": "<boolean>",
  "tags": [
    "<string>",
    "<string>"
  ],
  "type": "workload_security"
}'
https://api.app.ddog-gov.com/api/v2/security_monitoring/rules

Postman Collection Item JSON

{
  "name": "Create a detection rule",
  "request": {
    "method": "POST",
    "header": [
      {
        "key": "Content-Type",
        "value": "application/json"
      },
      {
        "key": "Accept",
        "value": "application/json"
      }
    ],
    "body": {
      "mode": "raw",
      "raw": "{\n  \"name\": \"<string>\",\n  \"isEnabled\": \"<boolean>\",\n  \"queries\": [\n    {\n      \"aggregation\": \"count\",\n      \"distinctFields\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"groupByFields\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"metric\": \"<string>\",\n      \"metrics\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"name\": \"<string>\",\n      \"query\": \"<string>\"\n    },\n    {\n      \"aggregation\": \"count\",\n      \"distinctFields\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"groupByFields\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"metric\": \"<string>\",\n      \"metrics\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"name\": \"<string>\",\n      \"query\": \"<string>\"\n    }\n  ],\n  \"options\": {\n    \"complianceRuleOptions\": {\n      \"complexRule\": \"<boolean>\",\n      \"regoRule\": {\n        \"policy\": \"<string>\",\n        \"resourceTypes\": [\n          \"<string>\",\n          \"<string>\"\n        ]\n      },\n      \"resourceType\": \"<string>\",\n      \"incididuntfd5\": {},\n      \"Duis_3_\": {},\n      \"ipsum_965\": {}\n    },\n    \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n    \"detectionMethod\": \"impossible_travel\",\n    \"evaluationWindow\": 0,\n    \"hardcodedEvaluatorType\": \"log4shell\",\n    \"impossibleTravelOptions\": {\n      \"baselineUserLocations\": \"<boolean>\"\n    },\n    \"keepAlive\": 21600,\n    \"maxSignalDuration\": 21600,\n    \"newValueOptions\": {\n      \"forgetAfter\": 2,\n      \"learningDuration\": 0,\n      \"learningMethod\": \"duration\",\n      \"learningThreshold\": 0\n    }\n  },\n  \"cases\": [\n    {\n      \"status\": \"critical\",\n      \"condition\": \"<string>\",\n      \"name\": \"<string>\",\n      \"notifications\": [\n        \"<string>\",\n        \"<string>\"\n      ]\n    },\n    {\n      \"status\": \"low\",\n      \"condition\": \"<string>\",\n      \"name\": \"<string>\",\n      \"notifications\": [\n        \"<string>\",\n        \"<string>\"\n      ]\n    }\n  ],\n  \"message\": \"<string>\",\n  \"filters\": [\n    {\n      \"action\": \"suppress\",\n      \"query\": \"<string>\"\n    },\n    {\n      \"action\": \"require\",\n      \"query\": \"<string>\"\n    }\n  ],\n  \"hasExtendedTitle\": \"<boolean>\",\n  \"tags\": [\n    \"<string>\",\n    \"<string>\"\n  ],\n  \"type\": \"workload_security\"\n}",
      "options": {
        "raw": {
          "headerFamily": "json",
          "language": "json"
        }
      }
    },
    "url": {
      "raw": "{{baseUrl}}/api/v2/security_monitoring/rules",
      "host": [
        "{{baseUrl}}"
      ],
      "path": [
        "api",
        "v2",
        "security_monitoring",
        "rules"
      ]
    },
    "description": "Create a detection rule."
  },
  "response": [
    {
      "name": "OK",
      "originalRequest": {
        "method": "POST",
        "header": [
          {
            "key": "Content-Type",
            "value": "application/json"
          },
          {
            "key": "Accept",
            "value": "application/json"
          },
          {
            "description": "Added as a part of security scheme: apikey",
            "key": "DD-API-KEY",
            "value": "<API Key>"
          }
        ],
        "body": {
          "mode": "raw",
          "raw": "{\n  \"name\": \"<string>\",\n  \"isEnabled\": \"<boolean>\",\n  \"queries\": [\n    {\n      \"aggregation\": \"count\",\n      \"distinctFields\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"groupByFields\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"metric\": \"<string>\",\n      \"metrics\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"name\": \"<string>\",\n      \"query\": \"<string>\"\n    },\n    {\n      \"aggregation\": \"count\",\n      \"distinctFields\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"groupByFields\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"metric\": \"<string>\",\n      \"metrics\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"name\": \"<string>\",\n      \"query\": \"<string>\"\n    }\n  ],\n  \"options\": {\n    \"complianceRuleOptions\": {\n      \"complexRule\": \"<boolean>\",\n      \"regoRule\": {\n        \"policy\": \"<string>\",\n        \"resourceTypes\": [\n          \"<string>\",\n          \"<string>\"\n        ]\n      },\n      \"resourceType\": \"<string>\",\n      \"incididuntfd5\": {},\n      \"Duis_3_\": {},\n      \"ipsum_965\": {}\n    },\n    \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n    \"detectionMethod\": \"impossible_travel\",\n    \"evaluationWindow\": 0,\n    \"hardcodedEvaluatorType\": \"log4shell\",\n    \"impossibleTravelOptions\": {\n      \"baselineUserLocations\": \"<boolean>\"\n    },\n    \"keepAlive\": 21600,\n    \"maxSignalDuration\": 21600,\n    \"newValueOptions\": {\n      \"forgetAfter\": 2,\n      \"learningDuration\": 0,\n      \"learningMethod\": \"duration\",\n      \"learningThreshold\": 0\n    }\n  },\n  \"cases\": [\n    {\n      \"status\": \"critical\",\n      \"condition\": \"<string>\",\n      \"name\": \"<string>\",\n      \"notifications\": [\n        \"<string>\",\n        \"<string>\"\n      ]\n    },\n    {\n      \"status\": \"low\",\n      \"condition\": \"<string>\",\n      \"name\": \"<string>\",\n      \"notifications\": [\n        \"<string>\",\n        \"<string>\"\n      ]\n    }\n  ],\n  \"message\": \"<string>\",\n  \"filters\": [\n    {\n      \"action\": \"suppress\",\n      \"query\": \"<string>\"\n    },\n    {\n      \"action\": \"require\",\n      \"query\": \"<string>\"\n    }\n  ],\n  \"hasExtendedTitle\": \"<boolean>\",\n  \"tags\": [\n    \"<string>\",\n    \"<string>\"\n  ],\n  \"type\": \"workload_security\"\n}",
          "options": {
            "raw": {
              "headerFamily": "json",
              "language": "json"
            }
          }
        },
        "url": {
          "raw": "{{baseUrl}}/api/v2/security_monitoring/rules",
          "host": [
            "{{baseUrl}}"
          ],
          "path": [
            "api",
            "v2",
            "security_monitoring",
            "rules"
          ]
        }
      },
      "status": "OK",
      "code": 200,
      "_postman_previewlanguage": "json",
      "header": [
        {
          "key": "Content-Type",
          "value": "application/json"
        }
      ],
      "cookie": [
      ],
      "body": "{\n  \"cases\": [\n    {\n      \"condition\": \"<string>\",\n      \"name\": \"<string>\",\n      \"notifications\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"status\": \"medium\"\n    },\n    {\n      \"condition\": \"<string>\",\n      \"name\": \"<string>\",\n      \"notifications\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"status\": \"critical\"\n    }\n  ],\n  \"complianceSignalOptions\": {\n    \"defaultActivationStatus\": \"<boolean>\",\n    \"defaultGroupByFields\": [\n      \"<string>\",\n      \"<string>\"\n    ],\n    \"userActivationStatus\": \"<boolean>\",\n    \"userGroupByFields\": [\n      \"<string>\",\n      \"<string>\"\n    ]\n  },\n  \"createdAt\": \"<long>\",\n  \"creationAuthorId\": \"<long>\",\n  \"deprecationDate\": \"<long>\",\n  \"filters\": [\n    {\n      \"action\": \"suppress\",\n      \"query\": \"<string>\"\n    },\n    {\n      \"action\": \"require\",\n      \"query\": \"<string>\"\n    }\n  ],\n  \"hasExtendedTitle\": \"<boolean>\",\n  \"id\": \"<string>\",\n  \"isDefault\": \"<boolean>\",\n  \"isDeleted\": \"<boolean>\",\n  \"isEnabled\": \"<boolean>\",\n  \"message\": \"<string>\",\n  \"name\": \"<string>\",\n  \"options\": {\n    \"complianceRuleOptions\": {\n      \"complexRule\": \"<boolean>\",\n      \"regoRule\": {\n        \"policy\": \"<string>\",\n        \"resourceTypes\": [\n          \"<string>\",\n          \"<string>\"\n        ]\n      },\n      \"resourceType\": \"<string>\"\n    },\n    \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n    \"detectionMethod\": \"third_party\",\n    \"evaluationWindow\": 300,\n    \"hardcodedEvaluatorType\": \"log4shell\",\n    \"impossibleTravelOptions\": {\n      \"baselineUserLocations\": \"<boolean>\"\n    },\n    \"keepAlive\": 300,\n    \"maxSignalDuration\": 900,\n    \"newValueOptions\": {\n      \"forgetAfter\": 28,\n      \"learningDuration\": 0,\n      \"learningMethod\": \"duration\",\n      \"learningThreshold\": 0\n    }\n  },\n  \"queries\": [\n    {\n      \"aggregation\": \"max\",\n      \"distinctFields\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"groupByFields\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"metric\": \"<string>\",\n      \"metrics\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"name\": \"<string>\",\n      \"query\": \"<string>\"\n    },\n    {\n      \"aggregation\": \"max\",\n      \"distinctFields\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"groupByFields\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"metric\": \"<string>\",\n      \"metrics\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"name\": \"<string>\",\n      \"query\": \"<string>\"\n    }\n  ],\n  \"tags\": [\n    \"<string>\",\n    \"<string>\"\n  ],\n  \"type\": \"application_security\",\n  \"updateAuthorId\": \"<long>\",\n  \"version\": \"<long>\"\n}"
    },
    {
      "name": "Bad Request",
      "originalRequest": {
        "method": "POST",
        "header": [
          {
            "key": "Content-Type",
            "value": "application/json"
          },
          {
            "key": "Accept",
            "value": "application/json"
          },
          {
            "description": "Added as a part of security scheme: apikey",
            "key": "DD-API-KEY",
            "value": "<API Key>"
          }
        ],
        "body": {
          "mode": "raw",
          "raw": "{\n  \"name\": \"<string>\",\n  \"isEnabled\": \"<boolean>\",\n  \"queries\": [\n    {\n      \"aggregation\": \"count\",\n      \"distinctFields\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"groupByFields\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"metric\": \"<string>\",\n      \"metrics\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"name\": \"<string>\",\n      \"query\": \"<string>\"\n    },\n    {\n      \"aggregation\": \"count\",\n      \"distinctFields\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"groupByFields\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"metric\": \"<string>\",\n      \"metrics\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"name\": \"<string>\",\n      \"query\": \"<string>\"\n    }\n  ],\n  \"options\": {\n    \"complianceRuleOptions\": {\n      \"complexRule\": \"<boolean>\",\n      \"regoRule\": {\n        \"policy\": \"<string>\",\n        \"resourceTypes\": [\n          \"<string>\",\n          \"<string>\"\n        ]\n      },\n      \"resourceType\": \"<string>\",\n      \"incididuntfd5\": {},\n      \"Duis_3_\": {},\n      \"ipsum_965\": {}\n    },\n    \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n    \"detectionMethod\": \"impossible_travel\",\n    \"evaluationWindow\": 0,\n    \"hardcodedEvaluatorType\": \"log4shell\",\n    \"impossibleTravelOptions\": {\n      \"baselineUserLocations\": \"<boolean>\"\n    },\n    \"keepAlive\": 21600,\n    \"maxSignalDuration\": 21600,\n    \"newValueOptions\": {\n      \"forgetAfter\": 2,\n      \"learningDuration\": 0,\n      \"learningMethod\": \"duration\",\n      \"learningThreshold\": 0\n    }\n  },\n  \"cases\": [\n    {\n      \"status\": \"critical\",\n      \"condition\": \"<string>\",\n      \"name\": \"<string>\",\n      \"notifications\": [\n        \"<string>\",\n        \"<string>\"\n      ]\n    },\n    {\n      \"status\": \"low\",\n      \"condition\": \"<string>\",\n      \"name\": \"<string>\",\n      \"notifications\": [\n        \"<string>\",\n        \"<string>\"\n      ]\n    }\n  ],\n  \"message\": \"<string>\",\n  \"filters\": [\n    {\n      \"action\": \"suppress\",\n      \"query\": \"<string>\"\n    },\n    {\n      \"action\": \"require\",\n      \"query\": \"<string>\"\n    }\n  ],\n  \"hasExtendedTitle\": \"<boolean>\",\n  \"tags\": [\n    \"<string>\",\n    \"<string>\"\n  ],\n  \"type\": \"workload_security\"\n}",
          "options": {
            "raw": {
              "headerFamily": "json",
              "language": "json"
            }
          }
        },
        "url": {
          "raw": "{{baseUrl}}/api/v2/security_monitoring/rules",
          "host": [
            "{{baseUrl}}"
          ],
          "path": [
            "api",
            "v2",
            "security_monitoring",
            "rules"
          ]
        }
      },
      "status": "Bad Request",
      "code": 400,
      "_postman_previewlanguage": "json",
      "header": [
        {
          "key": "Content-Type",
          "value": "application/json"
        }
      ],
      "cookie": [
      ],
      "body": "{\n  \"errors\": [\n    \"<string>\",\n    \"<string>\"\n  ]\n}"
    },
    {
      "name": "Not Authorized",
      "originalRequest": {
        "method": "POST",
        "header": [
          {
            "key": "Content-Type",
            "value": "application/json"
          },
          {
            "key": "Accept",
            "value": "application/json"
          },
          {
            "description": "Added as a part of security scheme: apikey",
            "key": "DD-API-KEY",
            "value": "<API Key>"
          }
        ],
        "body": {
          "mode": "raw",
          "raw": "{\n  \"name\": \"<string>\",\n  \"isEnabled\": \"<boolean>\",\n  \"queries\": [\n    {\n      \"aggregation\": \"count\",\n      \"distinctFields\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"groupByFields\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"metric\": \"<string>\",\n      \"metrics\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"name\": \"<string>\",\n      \"query\": \"<string>\"\n    },\n    {\n      \"aggregation\": \"count\",\n      \"distinctFields\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"groupByFields\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"metric\": \"<string>\",\n      \"metrics\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"name\": \"<string>\",\n      \"query\": \"<string>\"\n    }\n  ],\n  \"options\": {\n    \"complianceRuleOptions\": {\n      \"complexRule\": \"<boolean>\",\n      \"regoRule\": {\n        \"policy\": \"<string>\",\n        \"resourceTypes\": [\n          \"<string>\",\n          \"<string>\"\n        ]\n      },\n      \"resourceType\": \"<string>\",\n      \"incididuntfd5\": {},\n      \"Duis_3_\": {},\n      \"ipsum_965\": {}\n    },\n    \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n    \"detectionMethod\": \"impossible_travel\",\n    \"evaluationWindow\": 0,\n    \"hardcodedEvaluatorType\": \"log4shell\",\n    \"impossibleTravelOptions\": {\n      \"baselineUserLocations\": \"<boolean>\"\n    },\n    \"keepAlive\": 21600,\n    \"maxSignalDuration\": 21600,\n    \"newValueOptions\": {\n      \"forgetAfter\": 2,\n      \"learningDuration\": 0,\n      \"learningMethod\": \"duration\",\n      \"learningThreshold\": 0\n    }\n  },\n  \"cases\": [\n    {\n      \"status\": \"critical\",\n      \"condition\": \"<string>\",\n      \"name\": \"<string>\",\n      \"notifications\": [\n        \"<string>\",\n        \"<string>\"\n      ]\n    },\n    {\n      \"status\": \"low\",\n      \"condition\": \"<string>\",\n      \"name\": \"<string>\",\n      \"notifications\": [\n        \"<string>\",\n        \"<string>\"\n      ]\n    }\n  ],\n  \"message\": \"<string>\",\n  \"filters\": [\n    {\n      \"action\": \"suppress\",\n      \"query\": \"<string>\"\n    },\n    {\n      \"action\": \"require\",\n      \"query\": \"<string>\"\n    }\n  ],\n  \"hasExtendedTitle\": \"<boolean>\",\n  \"tags\": [\n    \"<string>\",\n    \"<string>\"\n  ],\n  \"type\": \"workload_security\"\n}",
          "options": {
            "raw": {
              "headerFamily": "json",
              "language": "json"
            }
          }
        },
        "url": {
          "raw": "{{baseUrl}}/api/v2/security_monitoring/rules",
          "host": [
            "{{baseUrl}}"
          ],
          "path": [
            "api",
            "v2",
            "security_monitoring",
            "rules"
          ]
        }
      },
      "status": "Forbidden",
      "code": 403,
      "_postman_previewlanguage": "json",
      "header": [
        {
          "key": "Content-Type",
          "value": "application/json"
        }
      ],
      "cookie": [
      ],
      "body": "{\n  \"errors\": [\n    \"<string>\",\n    \"<string>\"\n  ]\n}"
    },
    {
      "name": "Too many requests",
      "originalRequest": {
        "method": "POST",
        "header": [
          {
            "key": "Content-Type",
            "value": "application/json"
          },
          {
            "key": "Accept",
            "value": "application/json"
          },
          {
            "description": "Added as a part of security scheme: apikey",
            "key": "DD-API-KEY",
            "value": "<API Key>"
          }
        ],
        "body": {
          "mode": "raw",
          "raw": "{\n  \"name\": \"<string>\",\n  \"isEnabled\": \"<boolean>\",\n  \"queries\": [\n    {\n      \"aggregation\": \"count\",\n      \"distinctFields\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"groupByFields\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"metric\": \"<string>\",\n      \"metrics\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"name\": \"<string>\",\n      \"query\": \"<string>\"\n    },\n    {\n      \"aggregation\": \"count\",\n      \"distinctFields\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"groupByFields\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"metric\": \"<string>\",\n      \"metrics\": [\n        \"<string>\",\n        \"<string>\"\n      ],\n      \"name\": \"<string>\",\n      \"query\": \"<string>\"\n    }\n  ],\n  \"options\": {\n    \"complianceRuleOptions\": {\n      \"complexRule\": \"<boolean>\",\n      \"regoRule\": {\n        \"policy\": \"<string>\",\n        \"resourceTypes\": [\n          \"<string>\",\n          \"<string>\"\n        ]\n      },\n      \"resourceType\": \"<string>\",\n      \"incididuntfd5\": {},\n      \"Duis_3_\": {},\n      \"ipsum_965\": {}\n    },\n    \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n    \"detectionMethod\": \"impossible_travel\",\n    \"evaluationWindow\": 0,\n    \"hardcodedEvaluatorType\": \"log4shell\",\n    \"impossibleTravelOptions\": {\n      \"baselineUserLocations\": \"<boolean>\"\n    },\n    \"keepAlive\": 21600,\n    \"maxSignalDuration\": 21600,\n    \"newValueOptions\": {\n      \"forgetAfter\": 2,\n      \"learningDuration\": 0,\n      \"learningMethod\": \"duration\",\n      \"learningThreshold\": 0\n    }\n  },\n  \"cases\": [\n    {\n      \"status\": \"critical\",\n      \"condition\": \"<string>\",\n      \"name\": \"<string>\",\n      \"notifications\": [\n        \"<string>\",\n        \"<string>\"\n      ]\n    },\n    {\n      \"status\": \"low\",\n      \"condition\": \"<string>\",\n      \"name\": \"<string>\",\n      \"notifications\": [\n        \"<string>\",\n        \"<string>\"\n      ]\n    }\n  ],\n  \"message\": \"<string>\",\n  \"filters\": [\n    {\n      \"action\": \"suppress\",\n      \"query\": \"<string>\"\n    },\n    {\n      \"action\": \"require\",\n      \"query\": \"<string>\"\n    }\n  ],\n  \"hasExtendedTitle\": \"<boolean>\",\n  \"tags\": [\n    \"<string>\",\n    \"<string>\"\n  ],\n  \"type\": \"workload_security\"\n}",
          "options": {
            "raw": {
              "headerFamily": "json",
              "language": "json"
            }
          }
        },
        "url": {
          "raw": "{{baseUrl}}/api/v2/security_monitoring/rules",
          "host": [
            "{{baseUrl}}"
          ],
          "path": [
            "api",
            "v2",
            "security_monitoring",
            "rules"
          ]
        }
      },
      "status": "Too Many Requests",
      "code": 429,
      "_postman_previewlanguage": "json",
      "header": [
        {
          "key": "Content-Type",
          "value": "application/json"
        }
      ],
      "cookie": [
      ],
      "body": "{\n  \"errors\": [\n    \"<string>\",\n    \"<string>\"\n  ]\n}"
    }
  ]
}