Back to Collection Items
use chilkat();
# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
$http = chilkat::CkHttp->new();
# Use this online tool to generate code from sample JSON: Generate Code to Create JSON
# The following JSON is sent in the request body.
# {
# "name": "<string>",
# "isEnabled": "<boolean>",
# "queries": [
# {
# "aggregation": "count",
# "distinctFields": [
# "<string>",
# "<string>"
# ],
# "groupByFields": [
# "<string>",
# "<string>"
# ],
# "metric": "<string>",
# "metrics": [
# "<string>",
# "<string>"
# ],
# "name": "<string>",
# "query": "<string>"
# },
# {
# "aggregation": "count",
# "distinctFields": [
# "<string>",
# "<string>"
# ],
# "groupByFields": [
# "<string>",
# "<string>"
# ],
# "metric": "<string>",
# "metrics": [
# "<string>",
# "<string>"
# ],
# "name": "<string>",
# "query": "<string>"
# }
# ],
# "options": {
# "complianceRuleOptions": {
# "complexRule": "<boolean>",
# "regoRule": {
# "policy": "<string>",
# "resourceTypes": [
# "<string>",
# "<string>"
# ]
# },
# "resourceType": "<string>",
# "incididuntfd5": {},
# "Duis_3_": {},
# "ipsum_965": {}
# },
# "decreaseCriticalityBasedOnEnv": "<boolean>",
# "detectionMethod": "impossible_travel",
# "evaluationWindow": 0,
# "hardcodedEvaluatorType": "log4shell",
# "impossibleTravelOptions": {
# "baselineUserLocations": "<boolean>"
# },
# "keepAlive": 21600,
# "maxSignalDuration": 21600,
# "newValueOptions": {
# "forgetAfter": 2,
# "learningDuration": 0,
# "learningMethod": "duration",
# "learningThreshold": 0
# }
# },
# "cases": [
# {
# "status": "critical",
# "condition": "<string>",
# "name": "<string>",
# "notifications": [
# "<string>",
# "<string>"
# ]
# },
# {
# "status": "low",
# "condition": "<string>",
# "name": "<string>",
# "notifications": [
# "<string>",
# "<string>"
# ]
# }
# ],
# "message": "<string>",
# "filters": [
# {
# "action": "suppress",
# "query": "<string>"
# },
# {
# "action": "require",
# "query": "<string>"
# }
# ],
# "hasExtendedTitle": "<boolean>",
# "tags": [
# "<string>",
# "<string>"
# ],
# "type": "workload_security"
# }
$json = chilkat::CkJsonObject->new();
$json->UpdateString("name","<string>");
$json->UpdateString("isEnabled","<boolean>");
$json->UpdateString("queries[0].aggregation","count");
$json->UpdateString("queries[0].distinctFields[0]","<string>");
$json->UpdateString("queries[0].distinctFields[1]","<string>");
$json->UpdateString("queries[0].groupByFields[0]","<string>");
$json->UpdateString("queries[0].groupByFields[1]","<string>");
$json->UpdateString("queries[0].metric","<string>");
$json->UpdateString("queries[0].metrics[0]","<string>");
$json->UpdateString("queries[0].metrics[1]","<string>");
$json->UpdateString("queries[0].name","<string>");
$json->UpdateString("queries[0].query","<string>");
$json->UpdateString("queries[1].aggregation","count");
$json->UpdateString("queries[1].distinctFields[0]","<string>");
$json->UpdateString("queries[1].distinctFields[1]","<string>");
$json->UpdateString("queries[1].groupByFields[0]","<string>");
$json->UpdateString("queries[1].groupByFields[1]","<string>");
$json->UpdateString("queries[1].metric","<string>");
$json->UpdateString("queries[1].metrics[0]","<string>");
$json->UpdateString("queries[1].metrics[1]","<string>");
$json->UpdateString("queries[1].name","<string>");
$json->UpdateString("queries[1].query","<string>");
$json->UpdateString("options.complianceRuleOptions.complexRule","<boolean>");
$json->UpdateString("options.complianceRuleOptions.regoRule.policy","<string>");
$json->UpdateString("options.complianceRuleOptions.regoRule.resourceTypes[0]","<string>");
$json->UpdateString("options.complianceRuleOptions.regoRule.resourceTypes[1]","<string>");
$json->UpdateString("options.complianceRuleOptions.resourceType","<string>");
$json->UpdateNewObject("options.complianceRuleOptions.incididuntfd5");
$json->UpdateNewObject("options.complianceRuleOptions.Duis_3_");
$json->UpdateNewObject("options.complianceRuleOptions.ipsum_965");
$json->UpdateString("options.decreaseCriticalityBasedOnEnv","<boolean>");
$json->UpdateString("options.detectionMethod","impossible_travel");
$json->UpdateInt("options.evaluationWindow",0);
$json->UpdateString("options.hardcodedEvaluatorType","log4shell");
$json->UpdateString("options.impossibleTravelOptions.baselineUserLocations","<boolean>");
$json->UpdateInt("options.keepAlive",21600);
$json->UpdateInt("options.maxSignalDuration",21600);
$json->UpdateInt("options.newValueOptions.forgetAfter",2);
$json->UpdateInt("options.newValueOptions.learningDuration",0);
$json->UpdateString("options.newValueOptions.learningMethod","duration");
$json->UpdateInt("options.newValueOptions.learningThreshold",0);
$json->UpdateString("cases[0].status","critical");
$json->UpdateString("cases[0].condition","<string>");
$json->UpdateString("cases[0].name","<string>");
$json->UpdateString("cases[0].notifications[0]","<string>");
$json->UpdateString("cases[0].notifications[1]","<string>");
$json->UpdateString("cases[1].status","low");
$json->UpdateString("cases[1].condition","<string>");
$json->UpdateString("cases[1].name","<string>");
$json->UpdateString("cases[1].notifications[0]","<string>");
$json->UpdateString("cases[1].notifications[1]","<string>");
$json->UpdateString("message","<string>");
$json->UpdateString("filters[0].action","suppress");
$json->UpdateString("filters[0].query","<string>");
$json->UpdateString("filters[1].action","require");
$json->UpdateString("filters[1].query","<string>");
$json->UpdateString("hasExtendedTitle","<boolean>");
$json->UpdateString("tags[0]","<string>");
$json->UpdateString("tags[1]","<string>");
$json->UpdateString("type","workload_security");
$http->SetRequestHeader("Content-Type","application/json");
$http->SetRequestHeader("Accept","application/json");
# resp is a HttpResponse
$resp = $http->PostJson3("https://api.app.ddog-gov.com/api/v2/security_monitoring/rules","application/json",$json);
if ($http->get_LastMethodSuccess() == 0) {
print $http->lastErrorText() . "\r\n";
exit;
}
$sbResponseBody = chilkat::CkStringBuilder->new();
$resp->GetBodySb($sbResponseBody);
$jResp = chilkat::CkJsonObject->new();
$jResp->LoadSb($sbResponseBody);
$jResp->put_EmitCompact(0);
print "Response Body:" . "\r\n";
print $jResp->emit() . "\r\n";
$respStatusCode = $resp->get_StatusCode();
print "Response Status Code = " . $respStatusCode . "\r\n";
if ($respStatusCode >= 400) {
print "Response Header:" . "\r\n";
print $resp->header() . "\r\n";
print "Failed." . "\r\n";
exit;
}
# Sample JSON response:
# (Sample code for parsing the JSON response is shown below)
# {
# "cases": [
# {
# "condition": "<string>",
# "name": "<string>",
# "notifications": [
# "<string>",
# "<string>"
# ],
# "status": "medium"
# },
# {
# "condition": "<string>",
# "name": "<string>",
# "notifications": [
# "<string>",
# "<string>"
# ],
# "status": "critical"
# }
# ],
# "complianceSignalOptions": {
# "defaultActivationStatus": "<boolean>",
# "defaultGroupByFields": [
# "<string>",
# "<string>"
# ],
# "userActivationStatus": "<boolean>",
# "userGroupByFields": [
# "<string>",
# "<string>"
# ]
# },
# "createdAt": "<long>",
# "creationAuthorId": "<long>",
# "deprecationDate": "<long>",
# "filters": [
# {
# "action": "suppress",
# "query": "<string>"
# },
# {
# "action": "require",
# "query": "<string>"
# }
# ],
# "hasExtendedTitle": "<boolean>",
# "id": "<string>",
# "isDefault": "<boolean>",
# "isDeleted": "<boolean>",
# "isEnabled": "<boolean>",
# "message": "<string>",
# "name": "<string>",
# "options": {
# "complianceRuleOptions": {
# "complexRule": "<boolean>",
# "regoRule": {
# "policy": "<string>",
# "resourceTypes": [
# "<string>",
# "<string>"
# ]
# },
# "resourceType": "<string>"
# },
# "decreaseCriticalityBasedOnEnv": "<boolean>",
# "detectionMethod": "third_party",
# "evaluationWindow": 300,
# "hardcodedEvaluatorType": "log4shell",
# "impossibleTravelOptions": {
# "baselineUserLocations": "<boolean>"
# },
# "keepAlive": 300,
# "maxSignalDuration": 900,
# "newValueOptions": {
# "forgetAfter": 28,
# "learningDuration": 0,
# "learningMethod": "duration",
# "learningThreshold": 0
# }
# },
# "queries": [
# {
# "aggregation": "max",
# "distinctFields": [
# "<string>",
# "<string>"
# ],
# "groupByFields": [
# "<string>",
# "<string>"
# ],
# "metric": "<string>",
# "metrics": [
# "<string>",
# "<string>"
# ],
# "name": "<string>",
# "query": "<string>"
# },
# {
# "aggregation": "max",
# "distinctFields": [
# "<string>",
# "<string>"
# ],
# "groupByFields": [
# "<string>",
# "<string>"
# ],
# "metric": "<string>",
# "metrics": [
# "<string>",
# "<string>"
# ],
# "name": "<string>",
# "query": "<string>"
# }
# ],
# "tags": [
# "<string>",
# "<string>"
# ],
# "type": "application_security",
# "updateAuthorId": "<long>",
# "version": "<long>"
# }
# Sample code for parsing the JSON response...
# Use this online tool to generate parsing code from sample JSON: Generate JSON Parsing Code
$DefaultActivationStatus = $jResp->stringOf("complianceSignalOptions.defaultActivationStatus");
$UserActivationStatus = $jResp->stringOf("complianceSignalOptions.userActivationStatus");
$createdAt = $jResp->stringOf("createdAt");
$creationAuthorId = $jResp->stringOf("creationAuthorId");
$deprecationDate = $jResp->stringOf("deprecationDate");
$hasExtendedTitle = $jResp->stringOf("hasExtendedTitle");
$id = $jResp->stringOf("id");
$isDefault = $jResp->stringOf("isDefault");
$isDeleted = $jResp->stringOf("isDeleted");
$isEnabled = $jResp->stringOf("isEnabled");
$message = $jResp->stringOf("message");
$name = $jResp->stringOf("name");
$ComplexRule = $jResp->stringOf("options.complianceRuleOptions.complexRule");
$Policy = $jResp->stringOf("options.complianceRuleOptions.regoRule.policy");
$ResourceType = $jResp->stringOf("options.complianceRuleOptions.resourceType");
$DecreaseCriticalityBasedOnEnv = $jResp->stringOf("options.decreaseCriticalityBasedOnEnv");
$DetectionMethod = $jResp->stringOf("options.detectionMethod");
$EvaluationWindow = $jResp->IntOf("options.evaluationWindow");
$HardcodedEvaluatorType = $jResp->stringOf("options.hardcodedEvaluatorType");
$BaselineUserLocations = $jResp->stringOf("options.impossibleTravelOptions.baselineUserLocations");
$KeepAlive = $jResp->IntOf("options.keepAlive");
$MaxSignalDuration = $jResp->IntOf("options.maxSignalDuration");
$ForgetAfter = $jResp->IntOf("options.newValueOptions.forgetAfter");
$LearningDuration = $jResp->IntOf("options.newValueOptions.learningDuration");
$LearningMethod = $jResp->stringOf("options.newValueOptions.learningMethod");
$LearningThreshold = $jResp->IntOf("options.newValueOptions.learningThreshold");
$v_type = $jResp->stringOf("type");
$updateAuthorId = $jResp->stringOf("updateAuthorId");
$version = $jResp->stringOf("version");
$i = 0;
$count_i = $jResp->SizeOfArray("cases");
while ($i < $count_i) {
$jResp->put_I($i);
$condition = $jResp->stringOf("cases[i].condition");
$name = $jResp->stringOf("cases[i].name");
$status = $jResp->stringOf("cases[i].status");
$j = 0;
$count_j = $jResp->SizeOfArray("cases[i].notifications");
while ($j < $count_j) {
$jResp->put_J($j);
$strVal = $jResp->stringOf("cases[i].notifications[j]");
$j = $j + 1;
}
$i = $i + 1;
}
$i = 0;
$count_i = $jResp->SizeOfArray("complianceSignalOptions.defaultGroupByFields");
while ($i < $count_i) {
$jResp->put_I($i);
$strVal = $jResp->stringOf("complianceSignalOptions.defaultGroupByFields[i]");
$i = $i + 1;
}
$i = 0;
$count_i = $jResp->SizeOfArray("complianceSignalOptions.userGroupByFields");
while ($i < $count_i) {
$jResp->put_I($i);
$strVal = $jResp->stringOf("complianceSignalOptions.userGroupByFields[i]");
$i = $i + 1;
}
$i = 0;
$count_i = $jResp->SizeOfArray("filters");
while ($i < $count_i) {
$jResp->put_I($i);
$action = $jResp->stringOf("filters[i].action");
$query = $jResp->stringOf("filters[i].query");
$i = $i + 1;
}
$i = 0;
$count_i = $jResp->SizeOfArray("options.complianceRuleOptions.regoRule.resourceTypes");
while ($i < $count_i) {
$jResp->put_I($i);
$strVal = $jResp->stringOf("options.complianceRuleOptions.regoRule.resourceTypes[i]");
$i = $i + 1;
}
$i = 0;
$count_i = $jResp->SizeOfArray("queries");
while ($i < $count_i) {
$jResp->put_I($i);
$aggregation = $jResp->stringOf("queries[i].aggregation");
$metric = $jResp->stringOf("queries[i].metric");
$name = $jResp->stringOf("queries[i].name");
$query = $jResp->stringOf("queries[i].query");
$j = 0;
$count_j = $jResp->SizeOfArray("queries[i].distinctFields");
while ($j < $count_j) {
$jResp->put_J($j);
$strVal = $jResp->stringOf("queries[i].distinctFields[j]");
$j = $j + 1;
}
$j = 0;
$count_j = $jResp->SizeOfArray("queries[i].groupByFields");
while ($j < $count_j) {
$jResp->put_J($j);
$strVal = $jResp->stringOf("queries[i].groupByFields[j]");
$j = $j + 1;
}
$j = 0;
$count_j = $jResp->SizeOfArray("queries[i].metrics");
while ($j < $count_j) {
$jResp->put_J($j);
$strVal = $jResp->stringOf("queries[i].metrics[j]");
$j = $j + 1;
}
$i = $i + 1;
}
$i = 0;
$count_i = $jResp->SizeOfArray("tags");
while ($i < $count_i) {
$jResp->put_I($i);
$strVal = $jResp->stringOf("tags[i]");
$i = $i + 1;
}
Curl Command
curl -X POST
-H "Content-Type: application/json"
-H "Accept: application/json"
-d '{
"name": "<string>",
"isEnabled": "<boolean>",
"queries": [
{
"aggregation": "count",
"distinctFields": [
"<string>",
"<string>"
],
"groupByFields": [
"<string>",
"<string>"
],
"metric": "<string>",
"metrics": [
"<string>",
"<string>"
],
"name": "<string>",
"query": "<string>"
},
{
"aggregation": "count",
"distinctFields": [
"<string>",
"<string>"
],
"groupByFields": [
"<string>",
"<string>"
],
"metric": "<string>",
"metrics": [
"<string>",
"<string>"
],
"name": "<string>",
"query": "<string>"
}
],
"options": {
"complianceRuleOptions": {
"complexRule": "<boolean>",
"regoRule": {
"policy": "<string>",
"resourceTypes": [
"<string>",
"<string>"
]
},
"resourceType": "<string>",
"incididuntfd5": {},
"Duis_3_": {},
"ipsum_965": {}
},
"decreaseCriticalityBasedOnEnv": "<boolean>",
"detectionMethod": "impossible_travel",
"evaluationWindow": 0,
"hardcodedEvaluatorType": "log4shell",
"impossibleTravelOptions": {
"baselineUserLocations": "<boolean>"
},
"keepAlive": 21600,
"maxSignalDuration": 21600,
"newValueOptions": {
"forgetAfter": 2,
"learningDuration": 0,
"learningMethod": "duration",
"learningThreshold": 0
}
},
"cases": [
{
"status": "critical",
"condition": "<string>",
"name": "<string>",
"notifications": [
"<string>",
"<string>"
]
},
{
"status": "low",
"condition": "<string>",
"name": "<string>",
"notifications": [
"<string>",
"<string>"
]
}
],
"message": "<string>",
"filters": [
{
"action": "suppress",
"query": "<string>"
},
{
"action": "require",
"query": "<string>"
}
],
"hasExtendedTitle": "<boolean>",
"tags": [
"<string>",
"<string>"
],
"type": "workload_security"
}'
https://api.app.ddog-gov.com/api/v2/security_monitoring/rules
Postman Collection Item JSON
{
"name": "Create a detection rule",
"request": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"name\": \"<string>\",\n \"isEnabled\": \"<boolean>\",\n \"queries\": [\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\",\n \"incididuntfd5\": {},\n \"Duis_3_\": {},\n \"ipsum_965\": {}\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"impossible_travel\",\n \"evaluationWindow\": 0,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 21600,\n \"maxSignalDuration\": 21600,\n \"newValueOptions\": {\n \"forgetAfter\": 2,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"cases\": [\n {\n \"status\": \"critical\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n {\n \"status\": \"low\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n }\n ],\n \"message\": \"<string>\",\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"require\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"type\": \"workload_security\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules"
]
},
"description": "Create a detection rule."
},
"response": [
{
"name": "OK",
"originalRequest": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"name\": \"<string>\",\n \"isEnabled\": \"<boolean>\",\n \"queries\": [\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\",\n \"incididuntfd5\": {},\n \"Duis_3_\": {},\n \"ipsum_965\": {}\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"impossible_travel\",\n \"evaluationWindow\": 0,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 21600,\n \"maxSignalDuration\": 21600,\n \"newValueOptions\": {\n \"forgetAfter\": 2,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"cases\": [\n {\n \"status\": \"critical\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n {\n \"status\": \"low\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n }\n ],\n \"message\": \"<string>\",\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"require\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"type\": \"workload_security\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules"
]
}
},
"status": "OK",
"code": 200,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"cases\": [\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"medium\"\n },\n {\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ],\n \"status\": \"critical\"\n }\n ],\n \"complianceSignalOptions\": {\n \"defaultActivationStatus\": \"<boolean>\",\n \"defaultGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"userActivationStatus\": \"<boolean>\",\n \"userGroupByFields\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"createdAt\": \"<long>\",\n \"creationAuthorId\": \"<long>\",\n \"deprecationDate\": \"<long>\",\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"require\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"id\": \"<string>\",\n \"isDefault\": \"<boolean>\",\n \"isDeleted\": \"<boolean>\",\n \"isEnabled\": \"<boolean>\",\n \"message\": \"<string>\",\n \"name\": \"<string>\",\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\"\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"third_party\",\n \"evaluationWindow\": 300,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 300,\n \"maxSignalDuration\": 900,\n \"newValueOptions\": {\n \"forgetAfter\": 28,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"queries\": [\n {\n \"aggregation\": \"max\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"max\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"type\": \"application_security\",\n \"updateAuthorId\": \"<long>\",\n \"version\": \"<long>\"\n}"
},
{
"name": "Bad Request",
"originalRequest": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"name\": \"<string>\",\n \"isEnabled\": \"<boolean>\",\n \"queries\": [\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\",\n \"incididuntfd5\": {},\n \"Duis_3_\": {},\n \"ipsum_965\": {}\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"impossible_travel\",\n \"evaluationWindow\": 0,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 21600,\n \"maxSignalDuration\": 21600,\n \"newValueOptions\": {\n \"forgetAfter\": 2,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"cases\": [\n {\n \"status\": \"critical\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n {\n \"status\": \"low\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n }\n ],\n \"message\": \"<string>\",\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"require\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"type\": \"workload_security\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules"
]
}
},
"status": "Bad Request",
"code": 400,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
},
{
"name": "Not Authorized",
"originalRequest": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"name\": \"<string>\",\n \"isEnabled\": \"<boolean>\",\n \"queries\": [\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\",\n \"incididuntfd5\": {},\n \"Duis_3_\": {},\n \"ipsum_965\": {}\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"impossible_travel\",\n \"evaluationWindow\": 0,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 21600,\n \"maxSignalDuration\": 21600,\n \"newValueOptions\": {\n \"forgetAfter\": 2,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"cases\": [\n {\n \"status\": \"critical\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n {\n \"status\": \"low\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n }\n ],\n \"message\": \"<string>\",\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"require\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"type\": \"workload_security\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules"
]
}
},
"status": "Forbidden",
"code": 403,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
},
{
"name": "Too many requests",
"originalRequest": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"name\": \"<string>\",\n \"isEnabled\": \"<boolean>\",\n \"queries\": [\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n },\n {\n \"aggregation\": \"count\",\n \"distinctFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"groupByFields\": [\n \"<string>\",\n \"<string>\"\n ],\n \"metric\": \"<string>\",\n \"metrics\": [\n \"<string>\",\n \"<string>\"\n ],\n \"name\": \"<string>\",\n \"query\": \"<string>\"\n }\n ],\n \"options\": {\n \"complianceRuleOptions\": {\n \"complexRule\": \"<boolean>\",\n \"regoRule\": {\n \"policy\": \"<string>\",\n \"resourceTypes\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n \"resourceType\": \"<string>\",\n \"incididuntfd5\": {},\n \"Duis_3_\": {},\n \"ipsum_965\": {}\n },\n \"decreaseCriticalityBasedOnEnv\": \"<boolean>\",\n \"detectionMethod\": \"impossible_travel\",\n \"evaluationWindow\": 0,\n \"hardcodedEvaluatorType\": \"log4shell\",\n \"impossibleTravelOptions\": {\n \"baselineUserLocations\": \"<boolean>\"\n },\n \"keepAlive\": 21600,\n \"maxSignalDuration\": 21600,\n \"newValueOptions\": {\n \"forgetAfter\": 2,\n \"learningDuration\": 0,\n \"learningMethod\": \"duration\",\n \"learningThreshold\": 0\n }\n },\n \"cases\": [\n {\n \"status\": \"critical\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n },\n {\n \"status\": \"low\",\n \"condition\": \"<string>\",\n \"name\": \"<string>\",\n \"notifications\": [\n \"<string>\",\n \"<string>\"\n ]\n }\n ],\n \"message\": \"<string>\",\n \"filters\": [\n {\n \"action\": \"suppress\",\n \"query\": \"<string>\"\n },\n {\n \"action\": \"require\",\n \"query\": \"<string>\"\n }\n ],\n \"hasExtendedTitle\": \"<boolean>\",\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"type\": \"workload_security\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/security_monitoring/rules",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"security_monitoring",
"rules"
]
}
},
"status": "Too Many Requests",
"code": 429,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
}
]
}
