-
Notifications
You must be signed in to change notification settings - Fork 32
/
Copy pathCreateSecurityMonitoringRule_1965169892.java
76 lines (72 loc) · 4.19 KB
/
CreateSecurityMonitoringRule_1965169892.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
// Create a detection rule with type 'application_security 'returns "OK" response
import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleCaseAction;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleCaseActionOptions;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleCaseActionType;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleCaseCreate;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleCreatePayload;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleDetectionMethod;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleEvaluationWindow;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleKeepAlive;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleMaxSignalDuration;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleOptions;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleQueryAggregation;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleResponse;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleSeverity;
import com.datadog.api.client.v2.model.SecurityMonitoringRuleTypeCreate;
import com.datadog.api.client.v2.model.SecurityMonitoringStandardRuleCreatePayload;
import com.datadog.api.client.v2.model.SecurityMonitoringStandardRuleQuery;
import java.util.Arrays;
import java.util.Collections;
public class Example {
public static void main(String[] args) {
ApiClient defaultClient = ApiClient.getDefaultApiClient();
SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);
SecurityMonitoringRuleCreatePayload body =
new SecurityMonitoringRuleCreatePayload(
new SecurityMonitoringStandardRuleCreatePayload()
.type(SecurityMonitoringRuleTypeCreate.APPLICATION_SECURITY)
.name("Example-Security-Monitoring_appsec_rule")
.queries(
Collections.singletonList(
new SecurityMonitoringStandardRuleQuery()
.query("@appsec.security_activity:business_logic.users.login.failure")
.aggregation(SecurityMonitoringRuleQueryAggregation.COUNT)
.groupByFields(Arrays.asList("service", "@http.client_ip"))))
.cases(
Collections.singletonList(
new SecurityMonitoringRuleCaseCreate()
.name("")
.status(SecurityMonitoringRuleSeverity.INFO)
.condition("a > 100000")
.actions(
Collections.singletonList(
new SecurityMonitoringRuleCaseAction()
.type(SecurityMonitoringRuleCaseActionType.BLOCK_IP)
.options(
new SecurityMonitoringRuleCaseActionOptions()
.duration(900L))))))
.options(
new SecurityMonitoringRuleOptions()
.keepAlive(SecurityMonitoringRuleKeepAlive.ONE_HOUR)
.maxSignalDuration(SecurityMonitoringRuleMaxSignalDuration.ONE_DAY)
.evaluationWindow(SecurityMonitoringRuleEvaluationWindow.FIFTEEN_MINUTES)
.detectionMethod(SecurityMonitoringRuleDetectionMethod.THRESHOLD))
.isEnabled(true)
.message("Test rule")
.groupSignalsBy(Collections.singletonList("service")));
try {
SecurityMonitoringRuleResponse result = apiInstance.createSecurityMonitoringRule(body);
System.out.println(result);
} catch (ApiException e) {
System.err.println(
"Exception when calling SecurityMonitoringApi#createSecurityMonitoringRule");
System.err.println("Status code: " + e.getCode());
System.err.println("Reason: " + e.getResponseBody());
System.err.println("Response headers: " + e.getResponseHeaders());
e.printStackTrace();
}
}
}