diff --git a/.apigentools-info b/.apigentools-info index a2bb589d91699..18731bd61b91f 100644 --- a/.apigentools-info +++ b/.apigentools-info @@ -4,13 +4,13 @@ "spec_versions": { "v1": { "apigentools_version": "1.6.6", - "regenerated": "2025-05-14 09:56:07.965189", - "spec_repo_commit": "996fd99d" + "regenerated": "2025-05-14 13:56:49.154633", + "spec_repo_commit": "6f3c343c" }, "v2": { "apigentools_version": "1.6.6", - "regenerated": "2025-05-14 09:56:17.364106", - "spec_repo_commit": "996fd99d" + "regenerated": "2025-05-14 13:56:58.280602", + "spec_repo_commit": "6f3c343c" } } } \ No newline at end of file diff --git a/config/_default/menus/api.en.yaml b/config/_default/menus/api.en.yaml index 79ad930911b02..c0653546a7fc6 100644 --- a/config/_default/menus/api.en.yaml +++ b/config/_default/menus/api.en.yaml @@ -5424,214 +5424,6 @@ menu: - GetCSMCloudAccountsCoverageAnalysis unstable: [] order: 1 - - name: CSM Threats - url: /api/latest/csm-threats/ - identifier: csm-threats - generated: true - - name: Update a Cloud Workload Security Agent rule - url: '#update-a-cloud-workload-security-agent-rule' - identifier: csm-threats-update-a-cloud-workload-security-agent-rule - parent: csm-threats - generated: true - params: - versions: - - v2 - operationids: - - UpdateCloudWorkloadSecurityAgentRule - unstable: [] - order: 5 - - name: Get a Cloud Workload Security Agent rule - url: '#get-a-cloud-workload-security-agent-rule' - identifier: csm-threats-get-a-cloud-workload-security-agent-rule - parent: csm-threats - generated: true - params: - versions: - - v2 - operationids: - - GetCloudWorkloadSecurityAgentRule - unstable: [] - order: 2 - - name: Delete a Cloud Workload Security Agent rule - url: '#delete-a-cloud-workload-security-agent-rule' - identifier: csm-threats-delete-a-cloud-workload-security-agent-rule - parent: csm-threats - generated: true - params: - versions: - - v2 - operationids: - - DeleteCloudWorkloadSecurityAgentRule - unstable: [] - order: 6 - - name: Create a Cloud Workload Security Agent rule - url: '#create-a-cloud-workload-security-agent-rule' - identifier: csm-threats-create-a-cloud-workload-security-agent-rule - parent: csm-threats - generated: true - params: - versions: - - v2 - operationids: - - CreateCloudWorkloadSecurityAgentRule - unstable: [] - order: 4 - - name: Get all Cloud Workload Security Agent rules - url: '#get-all-cloud-workload-security-agent-rules' - identifier: csm-threats-get-all-cloud-workload-security-agent-rules - parent: csm-threats - generated: true - params: - versions: - - v2 - operationids: - - ListCloudWorkloadSecurityAgentRules - unstable: [] - order: 3 - - name: Get the latest Cloud Workload Security policy - url: '#get-the-latest-cloud-workload-security-policy' - identifier: csm-threats-get-the-latest-cloud-workload-security-policy - parent: csm-threats - generated: true - params: - versions: - - v2 - operationids: - - DownloadCloudWorkloadPolicyFile - unstable: [] - order: 1 - - name: Update a CSM Threats Agent policy - url: '#update-a-csm-threats-agent-policy' - identifier: csm-threats-update-a-csm-threats-agent-policy - parent: csm-threats - generated: true - params: - versions: - - v2 - operationids: - - UpdateCSMThreatsAgentPolicy - unstable: [] - order: 5 - - name: Get a CSM Threats Agent policy - url: '#get-a-csm-threats-agent-policy' - identifier: csm-threats-get-a-csm-threats-agent-policy - parent: csm-threats - generated: true - params: - versions: - - v2 - operationids: - - GetCSMThreatsAgentPolicy - unstable: [] - order: 2 - - name: Delete a CSM Threats Agent policy - url: '#delete-a-csm-threats-agent-policy' - identifier: csm-threats-delete-a-csm-threats-agent-policy - parent: csm-threats - generated: true - params: - versions: - - v2 - operationids: - - DeleteCSMThreatsAgentPolicy - unstable: [] - order: 6 - - name: Get the latest CSM Threats policy - url: '#get-the-latest-csm-threats-policy' - identifier: csm-threats-get-the-latest-csm-threats-policy - parent: csm-threats - generated: true - params: - versions: - - v2 - operationids: - - DownloadCSMThreatsPolicy - unstable: [] - order: 1 - - name: Create a CSM Threats Agent policy - url: '#create-a-csm-threats-agent-policy' - identifier: csm-threats-create-a-csm-threats-agent-policy - parent: csm-threats - generated: true - params: - versions: - - v2 - operationids: - - CreateCSMThreatsAgentPolicy - unstable: [] - order: 4 - - name: Get all CSM Threats Agent policies - url: '#get-all-csm-threats-agent-policies' - identifier: csm-threats-get-all-csm-threats-agent-policies - parent: csm-threats - generated: true - params: - versions: - - v2 - operationids: - - ListCSMThreatsAgentPolicies - unstable: [] - order: 3 - - name: Update a CSM Threats Agent rule - url: '#update-a-csm-threats-agent-rule' - identifier: csm-threats-update-a-csm-threats-agent-rule - parent: csm-threats - generated: true - params: - versions: - - v2 - operationids: - - UpdateCSMThreatsAgentRule - unstable: [] - order: 5 - - name: Get a CSM Threats Agent rule - url: '#get-a-csm-threats-agent-rule' - identifier: csm-threats-get-a-csm-threats-agent-rule - parent: csm-threats - generated: true - params: - versions: - - v2 - operationids: - - GetCSMThreatsAgentRule - unstable: [] - order: 2 - - name: Delete a CSM Threats Agent rule - url: '#delete-a-csm-threats-agent-rule' - identifier: csm-threats-delete-a-csm-threats-agent-rule - parent: csm-threats - generated: true - params: - versions: - - v2 - operationids: - - DeleteCSMThreatsAgentRule - unstable: [] - order: 6 - - name: Create a CSM Threats Agent rule - url: '#create-a-csm-threats-agent-rule' - identifier: csm-threats-create-a-csm-threats-agent-rule - parent: csm-threats - generated: true - params: - versions: - - v2 - operationids: - - CreateCSMThreatsAgentRule - unstable: [] - order: 4 - - name: Get all CSM Threats Agent rules - url: '#get-all-csm-threats-agent-rules' - identifier: csm-threats-get-all-csm-threats-agent-rules - parent: csm-threats - generated: true - params: - versions: - - v2 - operationids: - - ListCSMThreatsAgentRules - unstable: [] - order: 3 - name: Case Management url: /api/latest/case-management/ identifier: case-management @@ -9302,3 +9094,211 @@ menu: - CreateWorkflow unstable: [] order: 2 + - name: Workload Protection + url: /api/latest/workload-protection/ + identifier: workload-protection + generated: true + - name: Update a Workload Protection Agent rule (US1-FED) + url: '#update-a-workload-protection-agent-rule-us1-fed' + identifier: workload-protection-update-a-workload-protection-agent-rule-us1-fed + parent: workload-protection + generated: true + params: + versions: + - v2 + operationids: + - UpdateCloudWorkloadSecurityAgentRule + unstable: [] + order: 16 + - name: Get a Workload Protection Agent rule (US1-FED) + url: '#get-a-workload-protection-agent-rule-us1-fed' + identifier: workload-protection-get-a-workload-protection-agent-rule-us1-fed + parent: workload-protection + generated: true + params: + versions: + - v2 + operationids: + - GetCloudWorkloadSecurityAgentRule + unstable: [] + order: 15 + - name: Delete a Workload Protection Agent rule (US1-FED) + url: '#delete-a-workload-protection-agent-rule-us1-fed' + identifier: workload-protection-delete-a-workload-protection-agent-rule-us1-fed + parent: workload-protection + generated: true + params: + versions: + - v2 + operationids: + - DeleteCloudWorkloadSecurityAgentRule + unstable: [] + order: 17 + - name: Create a Workload Protection Agent rule (US1-FED) + url: '#create-a-workload-protection-agent-rule-us1-fed' + identifier: workload-protection-create-a-workload-protection-agent-rule-us1-fed + parent: workload-protection + generated: true + params: + versions: + - v2 + operationids: + - CreateCloudWorkloadSecurityAgentRule + unstable: [] + order: 14 + - name: Get all Workload Protection Agent rules (US1-FED) + url: '#get-all-workload-protection-agent-rules-us1-fed' + identifier: workload-protection-get-all-workload-protection-agent-rules-us1-fed + parent: workload-protection + generated: true + params: + versions: + - v2 + operationids: + - ListCloudWorkloadSecurityAgentRules + unstable: [] + order: 13 + - name: Download the Workload Protection policy (US1-FED) + url: '#download-the-workload-protection-policy-us1-fed' + identifier: workload-protection-download-the-workload-protection-policy-us1-fed + parent: workload-protection + generated: true + params: + versions: + - v2 + operationids: + - DownloadCloudWorkloadPolicyFile + unstable: [] + order: 12 + - name: Update a Workload Protection Agent policy + url: '#update-a-workload-protection-agent-policy' + identifier: workload-protection-update-a-workload-protection-agent-policy + parent: workload-protection + generated: true + params: + versions: + - v2 + operationids: + - UpdateCSMThreatsAgentPolicy + unstable: [] + order: 10 + - name: Get a Workload Protection Agent policy + url: '#get-a-workload-protection-agent-policy' + identifier: workload-protection-get-a-workload-protection-agent-policy + parent: workload-protection + generated: true + params: + versions: + - v2 + operationids: + - GetCSMThreatsAgentPolicy + unstable: [] + order: 9 + - name: Delete a Workload Protection Agent policy + url: '#delete-a-workload-protection-agent-policy' + identifier: workload-protection-delete-a-workload-protection-agent-policy + parent: workload-protection + generated: true + params: + versions: + - v2 + operationids: + - DeleteCSMThreatsAgentPolicy + unstable: [] + order: 11 + - name: Download the Workload Protection policy + url: '#download-the-workload-protection-policy' + identifier: workload-protection-download-the-workload-protection-policy + parent: workload-protection + generated: true + params: + versions: + - v2 + operationids: + - DownloadCSMThreatsPolicy + unstable: [] + order: 1 + - name: Create a Workload Protection Agent policy + url: '#create-a-workload-protection-agent-policy' + identifier: workload-protection-create-a-workload-protection-agent-policy + parent: workload-protection + generated: true + params: + versions: + - v2 + operationids: + - CreateCSMThreatsAgentPolicy + unstable: [] + order: 8 + - name: Get all Workload Protection Agent policies + url: '#get-all-workload-protection-agent-policies' + identifier: workload-protection-get-all-workload-protection-agent-policies + parent: workload-protection + generated: true + params: + versions: + - v2 + operationids: + - ListCSMThreatsAgentPolicies + unstable: [] + order: 7 + - name: Update a Workload Protection Agent rule + url: '#update-a-workload-protection-agent-rule' + identifier: workload-protection-update-a-workload-protection-agent-rule + parent: workload-protection + generated: true + params: + versions: + - v2 + operationids: + - UpdateCSMThreatsAgentRule + unstable: [] + order: 5 + - name: Get a Workload Protection Agent rule + url: '#get-a-workload-protection-agent-rule' + identifier: workload-protection-get-a-workload-protection-agent-rule + parent: workload-protection + generated: true + params: + versions: + - v2 + operationids: + - GetCSMThreatsAgentRule + unstable: [] + order: 4 + - name: Delete a Workload Protection Agent rule + url: '#delete-a-workload-protection-agent-rule' + identifier: workload-protection-delete-a-workload-protection-agent-rule + parent: workload-protection + generated: true + params: + versions: + - v2 + operationids: + - DeleteCSMThreatsAgentRule + unstable: [] + order: 6 + - name: Create a Workload Protection Agent rule + url: '#create-a-workload-protection-agent-rule' + identifier: workload-protection-create-a-workload-protection-agent-rule + parent: workload-protection + generated: true + params: + versions: + - v2 + operationids: + - CreateCSMThreatsAgentRule + unstable: [] + order: 3 + - name: Get all Workload Protection Agent rules + url: '#get-all-workload-protection-agent-rules' + identifier: workload-protection-get-all-workload-protection-agent-rules + parent: workload-protection + generated: true + params: + versions: + - v2 + operationids: + - ListCSMThreatsAgentRules + unstable: [] + order: 2 diff --git a/content/en/api/latest/workload-protection/_index.md b/content/en/api/latest/workload-protection/_index.md new file mode 100644 index 0000000000000..4855dee050505 --- /dev/null +++ b/content/en/api/latest/workload-protection/_index.md @@ -0,0 +1,3 @@ +--- +title: Workload Protection +--- diff --git a/content/en/api/v2/workload-protection/_index.md b/content/en/api/v2/workload-protection/_index.md new file mode 100644 index 0000000000000..939016d81b862 --- /dev/null +++ b/content/en/api/v2/workload-protection/_index.md @@ -0,0 +1,4 @@ +--- +title: Workload Protection +headless: true +--- diff --git a/content/en/api/v2/workload-protection/examples.json b/content/en/api/v2/workload-protection/examples.json new file mode 100644 index 0000000000000..393fe57e98edc --- /dev/null +++ b/content/en/api/v2/workload-protection/examples.json @@ -0,0 +1,1172 @@ +{ + "ListCSMThreatsAgentRules": { + "responses": { + "200": { + "json": { + "data": [ + { + "attributes": { + "actions": [ + { + "filter": "string", + "kill": { + "signal": "string" + } + } + ], + "agentConstraint": "string", + "category": "Process Activity", + "creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002", + "creationDate": 1624366480320, + "creator": { + "handle": "datadog.user@example.com", + "name": "Datadog User" + }, + "defaultRule": false, + "description": "My Agent rule", + "enabled": true, + "expression": "exec.file.name == \"sh\"", + "filters": [], + "name": "my_agent_rule", + "product_tags": [], + "updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002", + "updateDate": 1624366480320, + "updatedAt": 1624366480320, + "updater": { + "handle": "datadog.user@example.com", + "name": "Datadog User" + }, + "version": 23 + }, + "id": "3dd-0uc-h1s", + "type": "agent_rule" + } + ] + }, + "html": "
\n
\n
\n
\n

data

\n
\n

[object]

\n

A list of Agent rules objects

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A Workload Protection Agent rule returned by the API.

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

agentConstraint

\n
\n

string

\n

The version of the Agent

\n
\n \n
\n
\n
\n
\n
\n

category

\n
\n

string

\n

The category of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

creationAuthorUuId

\n
\n

string

\n

The ID of the user who created the rule

\n
\n \n
\n
\n
\n
\n
\n

creationDate

\n
\n

int64

\n

When the Agent rule was created, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

creator

\n
\n

object

\n

The attributes of the user who created the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

defaultRule

\n
\n

boolean

\n

Whether the rule is included by default

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n

updateAuthorUuId

\n
\n

string

\n

The ID of the user who updated the rule

\n
\n \n
\n
\n
\n
\n
\n

updateDate

\n
\n

int64

\n

Timestamp in milliseconds when the Agent rule was last updated

\n
\n \n
\n
\n
\n
\n
\n

updatedAt

\n
\n

int64

\n

When the Agent rule was last updated, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

The attributes of the user who last updated the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int64

\n

The version of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" + }, + "403": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "429": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + } + }, + "request": { + "json_curl": {}, + "json": {}, + "html": "" + } + }, + "CreateCSMThreatsAgentRule": { + "responses": { + "200": { + "json": { + "data": { + "attributes": { + "actions": [ + { + "filter": "string", + "kill": { + "signal": "string" + } + } + ], + "agentConstraint": "string", + "category": "Process Activity", + "creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002", + "creationDate": 1624366480320, + "creator": { + "handle": "datadog.user@example.com", + "name": "Datadog User" + }, + "defaultRule": false, + "description": "My Agent rule", + "enabled": true, + "expression": "exec.file.name == \"sh\"", + "filters": [], + "name": "my_agent_rule", + "product_tags": [], + "updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002", + "updateDate": 1624366480320, + "updatedAt": 1624366480320, + "updater": { + "handle": "datadog.user@example.com", + "name": "Datadog User" + }, + "version": 23 + }, + "id": "3dd-0uc-h1s", + "type": "agent_rule" + } + }, + "html": "
\n
\n
\n
\n

data

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A Workload Protection Agent rule returned by the API.

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

agentConstraint

\n
\n

string

\n

The version of the Agent

\n
\n \n
\n
\n
\n
\n
\n

category

\n
\n

string

\n

The category of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

creationAuthorUuId

\n
\n

string

\n

The ID of the user who created the rule

\n
\n \n
\n
\n
\n
\n
\n

creationDate

\n
\n

int64

\n

When the Agent rule was created, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

creator

\n
\n

object

\n

The attributes of the user who created the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

defaultRule

\n
\n

boolean

\n

Whether the rule is included by default

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n

updateAuthorUuId

\n
\n

string

\n

The ID of the user who updated the rule

\n
\n \n
\n
\n
\n
\n
\n

updateDate

\n
\n

int64

\n

Timestamp in milliseconds when the Agent rule was last updated

\n
\n \n
\n
\n
\n
\n
\n

updatedAt

\n
\n

int64

\n

When the Agent rule was last updated, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

The attributes of the user who last updated the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int64

\n

The version of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" + }, + "400": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "403": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "409": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "429": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + } + }, + "request": { + "json_curl": { + "data": { + "attributes": { + "expression": "exec.file.name == \"sh\"", + "name": "my_agent_rule" + }, + "type": "agent_rule" + } + }, + "json": { + "data": { + "attributes": { + "description": "My Agent rule", + "enabled": true, + "expression": "exec.file.name == \"sh\"", + "filters": [], + "name": "my_agent_rule", + "policy_id": "a8c8e364-6556-434d-b798-a4c23de29c0b", + "product_tags": [] + }, + "type": "agent_rule" + } + }, + "html": "
\n
\n
\n
\n

data [required]

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes [required]

\n
\n

object

\n

Create a new Workload Protection Agent rule.

\n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule.

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression [required]

\n
\n

string

\n

The SECL expression of the Agent rule.

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

name [required]

\n
\n

string

\n

The name of the Agent rule.

\n
\n \n
\n
\n
\n
\n
\n

policy_id

\n
\n

string

\n

The ID of the policy where the Agent rule is saved

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

type [required]

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" + } + }, + "DeleteCSMThreatsAgentRule": { + "responses": { + "403": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "404": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "429": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + } + }, + "request": { + "json_curl": {}, + "json": {}, + "html": "" + } + }, + "GetCSMThreatsAgentRule": { + "responses": { + "200": { + "json": { + "data": { + "attributes": { + "actions": [ + { + "filter": "string", + "kill": { + "signal": "string" + } + } + ], + "agentConstraint": "string", + "category": "Process Activity", + "creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002", + "creationDate": 1624366480320, + "creator": { + "handle": "datadog.user@example.com", + "name": "Datadog User" + }, + "defaultRule": false, + "description": "My Agent rule", + "enabled": true, + "expression": "exec.file.name == \"sh\"", + "filters": [], + "name": "my_agent_rule", + "product_tags": [], + "updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002", + "updateDate": 1624366480320, + "updatedAt": 1624366480320, + "updater": { + "handle": "datadog.user@example.com", + "name": "Datadog User" + }, + "version": 23 + }, + "id": "3dd-0uc-h1s", + "type": "agent_rule" + } + }, + "html": "
\n
\n
\n
\n

data

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A Workload Protection Agent rule returned by the API.

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

agentConstraint

\n
\n

string

\n

The version of the Agent

\n
\n \n
\n
\n
\n
\n
\n

category

\n
\n

string

\n

The category of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

creationAuthorUuId

\n
\n

string

\n

The ID of the user who created the rule

\n
\n \n
\n
\n
\n
\n
\n

creationDate

\n
\n

int64

\n

When the Agent rule was created, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

creator

\n
\n

object

\n

The attributes of the user who created the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

defaultRule

\n
\n

boolean

\n

Whether the rule is included by default

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n

updateAuthorUuId

\n
\n

string

\n

The ID of the user who updated the rule

\n
\n \n
\n
\n
\n
\n
\n

updateDate

\n
\n

int64

\n

Timestamp in milliseconds when the Agent rule was last updated

\n
\n \n
\n
\n
\n
\n
\n

updatedAt

\n
\n

int64

\n

When the Agent rule was last updated, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

The attributes of the user who last updated the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int64

\n

The version of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" + }, + "403": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "404": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "429": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + } + }, + "request": { + "json_curl": {}, + "json": {}, + "html": "" + } + }, + "UpdateCSMThreatsAgentRule": { + "responses": { + "200": { + "json": { + "data": { + "attributes": { + "actions": [ + { + "filter": "string", + "kill": { + "signal": "string" + } + } + ], + "agentConstraint": "string", + "category": "Process Activity", + "creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002", + "creationDate": 1624366480320, + "creator": { + "handle": "datadog.user@example.com", + "name": "Datadog User" + }, + "defaultRule": false, + "description": "My Agent rule", + "enabled": true, + "expression": "exec.file.name == \"sh\"", + "filters": [], + "name": "my_agent_rule", + "product_tags": [], + "updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002", + "updateDate": 1624366480320, + "updatedAt": 1624366480320, + "updater": { + "handle": "datadog.user@example.com", + "name": "Datadog User" + }, + "version": 23 + }, + "id": "3dd-0uc-h1s", + "type": "agent_rule" + } + }, + "html": "
\n
\n
\n
\n

data

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A Workload Protection Agent rule returned by the API.

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

agentConstraint

\n
\n

string

\n

The version of the Agent

\n
\n \n
\n
\n
\n
\n
\n

category

\n
\n

string

\n

The category of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

creationAuthorUuId

\n
\n

string

\n

The ID of the user who created the rule

\n
\n \n
\n
\n
\n
\n
\n

creationDate

\n
\n

int64

\n

When the Agent rule was created, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

creator

\n
\n

object

\n

The attributes of the user who created the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

defaultRule

\n
\n

boolean

\n

Whether the rule is included by default

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n

updateAuthorUuId

\n
\n

string

\n

The ID of the user who updated the rule

\n
\n \n
\n
\n
\n
\n
\n

updateDate

\n
\n

int64

\n

Timestamp in milliseconds when the Agent rule was last updated

\n
\n \n
\n
\n
\n
\n
\n

updatedAt

\n
\n

int64

\n

When the Agent rule was last updated, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

The attributes of the user who last updated the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int64

\n

The version of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" + }, + "400": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "403": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "404": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "409": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "429": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + } + }, + "request": { + "json_curl": { + "data": { + "attributes": {}, + "type": "agent_rule" + } + }, + "json": { + "data": { + "attributes": { + "description": "My Agent rule", + "enabled": true, + "expression": "exec.file.name == \"sh\"", + "policy_id": "a8c8e364-6556-434d-b798-a4c23de29c0b", + "product_tags": [] + }, + "id": "3dd-0uc-h1s", + "type": "agent_rule" + } + }, + "html": "
\n
\n
\n
\n

data [required]

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes [required]

\n
\n

object

\n

Update an existing Workload Protection Agent rule.

\n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

policy_id

\n
\n

string

\n

The ID of the policy where the Agent rule is saved

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type [required]

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" + } + }, + "ListCSMThreatsAgentPolicies": { + "responses": { + "200": { + "json": { + "data": [ + { + "attributes": { + "blockingRulesCount": 100, + "datadogManaged": false, + "description": "My agent policy", + "disabledRulesCount": 100, + "enabled": true, + "hostTags": [], + "hostTagsLists": [], + "monitoringRulesCount": 100, + "name": "my_agent_policy", + "policyVersion": "1", + "priority": 10, + "ruleCount": 100, + "updateDate": 1624366480320, + "updatedAt": 1624366480320, + "updater": { + "handle": "datadog.user@example.com", + "name": "Datadog User" + } + }, + "id": "6517fcc1-cec7-4394-a655-8d6e9d085255", + "type": "policy" + } + ] + }, + "html": "
\n
\n
\n
\n

data

\n
\n

[object]

\n

A list of Agent policy objects

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A Cloud Workload Security Agent policy returned by the API

\n
\n
\n
\n
\n
\n

blockingRulesCount

\n
\n

int32

\n

The number of rules with the blocking feature in this policy

\n
\n \n
\n
\n
\n
\n
\n

datadogManaged

\n
\n

boolean

\n

Whether the policy is managed by Datadog

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the policy

\n
\n \n
\n
\n
\n
\n
\n

disabledRulesCount

\n
\n

int32

\n

The number of rules that are disabled in this policy

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent policy is enabled

\n
\n \n
\n
\n
\n
\n
\n

hostTags

\n
\n

[string]

\n

The host tags defining where this policy is deployed

\n
\n \n
\n
\n
\n
\n
\n

hostTagsLists

\n
\n

[array]

\n

The host tags defining where this policy is deployed, the inner values are linked with AND, the outer values are linked with OR

\n
\n \n
\n
\n
\n
\n
\n

monitoringRulesCount

\n
\n

int32

\n

The number of rules in the monitoring state in this policy

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the policy

\n
\n \n
\n
\n
\n
\n
\n

policyVersion

\n
\n

string

\n

The version of the policy

\n
\n \n
\n
\n
\n
\n
\n

priority

\n
\n

int64

\n

The priority of the policy

\n
\n \n
\n
\n
\n
\n
\n

ruleCount

\n
\n

int32

\n

The number of rules in this policy

\n
\n \n
\n
\n
\n
\n
\n

updateDate

\n
\n

int64

\n

Timestamp in milliseconds when the policy was last updated

\n
\n \n
\n
\n
\n
\n
\n

updatedAt

\n
\n

int64

\n

When the policy was last updated, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

The attributes of the user who last updated the policy

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent policy

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource, must always be policy \nAllowed enum values: policy

default: policy

\n
\n \n
\n
\n
\n
" + }, + "403": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "429": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + } + }, + "request": { + "json_curl": {}, + "json": {}, + "html": "" + } + }, + "CreateCSMThreatsAgentPolicy": { + "responses": { + "200": { + "json": { + "data": { + "attributes": { + "blockingRulesCount": 100, + "datadogManaged": false, + "description": "My agent policy", + "disabledRulesCount": 100, + "enabled": true, + "hostTags": [], + "hostTagsLists": [], + "monitoringRulesCount": 100, + "name": "my_agent_policy", + "policyVersion": "1", + "priority": 10, + "ruleCount": 100, + "updateDate": 1624366480320, + "updatedAt": 1624366480320, + "updater": { + "handle": "datadog.user@example.com", + "name": "Datadog User" + } + }, + "id": "6517fcc1-cec7-4394-a655-8d6e9d085255", + "type": "policy" + } + }, + "html": "
\n
\n
\n
\n

data

\n
\n

object

\n

Object for a single Agent policy

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A Cloud Workload Security Agent policy returned by the API

\n
\n
\n
\n
\n
\n

blockingRulesCount

\n
\n

int32

\n

The number of rules with the blocking feature in this policy

\n
\n \n
\n
\n
\n
\n
\n

datadogManaged

\n
\n

boolean

\n

Whether the policy is managed by Datadog

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the policy

\n
\n \n
\n
\n
\n
\n
\n

disabledRulesCount

\n
\n

int32

\n

The number of rules that are disabled in this policy

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent policy is enabled

\n
\n \n
\n
\n
\n
\n
\n

hostTags

\n
\n

[string]

\n

The host tags defining where this policy is deployed

\n
\n \n
\n
\n
\n
\n
\n

hostTagsLists

\n
\n

[array]

\n

The host tags defining where this policy is deployed, the inner values are linked with AND, the outer values are linked with OR

\n
\n \n
\n
\n
\n
\n
\n

monitoringRulesCount

\n
\n

int32

\n

The number of rules in the monitoring state in this policy

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the policy

\n
\n \n
\n
\n
\n
\n
\n

policyVersion

\n
\n

string

\n

The version of the policy

\n
\n \n
\n
\n
\n
\n
\n

priority

\n
\n

int64

\n

The priority of the policy

\n
\n \n
\n
\n
\n
\n
\n

ruleCount

\n
\n

int32

\n

The number of rules in this policy

\n
\n \n
\n
\n
\n
\n
\n

updateDate

\n
\n

int64

\n

Timestamp in milliseconds when the policy was last updated

\n
\n \n
\n
\n
\n
\n
\n

updatedAt

\n
\n

int64

\n

When the policy was last updated, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

The attributes of the user who last updated the policy

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent policy

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource, must always be policy \nAllowed enum values: policy

default: policy

\n
\n \n
\n
\n
\n
" + }, + "400": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "403": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "409": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "429": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + } + }, + "request": { + "json_curl": { + "data": { + "attributes": { + "name": "my_agent_policy" + }, + "type": "policy" + } + }, + "json": { + "data": { + "attributes": { + "description": "My agent policy", + "enabled": true, + "hostTags": [], + "hostTagsLists": [], + "name": "my_agent_policy" + }, + "type": "policy" + } + }, + "html": "
\n
\n
\n
\n

data [required]

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes [required]

\n
\n

object

\n

Create a new Cloud Workload Security Agent policy

\n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the policy

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the policy is enabled

\n
\n \n
\n
\n
\n
\n
\n

hostTags

\n
\n

[string]

\n

The host tags defining where this policy is deployed

\n
\n \n
\n
\n
\n
\n
\n

hostTagsLists

\n
\n

[array]

\n

The host tags defining where this policy is deployed, the inner values are linked with AND, the outer values are linked with OR

\n
\n \n
\n
\n
\n
\n
\n

name [required]

\n
\n

string

\n

The name of the policy

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

type [required]

\n
\n

enum

\n

The type of the resource, must always be policy \nAllowed enum values: policy

default: policy

\n
\n \n
\n
\n
\n
" + } + }, + "DownloadCSMThreatsPolicy": { + "responses": { + "200": { + "json": {}, + "html": "
\n
\n
\n

No response body

\n
\n
\n
" + }, + "403": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "429": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + } + }, + "request": { + "json_curl": {}, + "json": {}, + "html": "" + } + }, + "DeleteCSMThreatsAgentPolicy": { + "responses": { + "403": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "404": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "429": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + } + }, + "request": { + "json_curl": {}, + "json": {}, + "html": "" + } + }, + "GetCSMThreatsAgentPolicy": { + "responses": { + "200": { + "json": { + "data": { + "attributes": { + "blockingRulesCount": 100, + "datadogManaged": false, + "description": "My agent policy", + "disabledRulesCount": 100, + "enabled": true, + "hostTags": [], + "hostTagsLists": [], + "monitoringRulesCount": 100, + "name": "my_agent_policy", + "policyVersion": "1", + "priority": 10, + "ruleCount": 100, + "updateDate": 1624366480320, + "updatedAt": 1624366480320, + "updater": { + "handle": "datadog.user@example.com", + "name": "Datadog User" + } + }, + "id": "6517fcc1-cec7-4394-a655-8d6e9d085255", + "type": "policy" + } + }, + "html": "
\n
\n
\n
\n

data

\n
\n

object

\n

Object for a single Agent policy

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A Cloud Workload Security Agent policy returned by the API

\n
\n
\n
\n
\n
\n

blockingRulesCount

\n
\n

int32

\n

The number of rules with the blocking feature in this policy

\n
\n \n
\n
\n
\n
\n
\n

datadogManaged

\n
\n

boolean

\n

Whether the policy is managed by Datadog

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the policy

\n
\n \n
\n
\n
\n
\n
\n

disabledRulesCount

\n
\n

int32

\n

The number of rules that are disabled in this policy

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent policy is enabled

\n
\n \n
\n
\n
\n
\n
\n

hostTags

\n
\n

[string]

\n

The host tags defining where this policy is deployed

\n
\n \n
\n
\n
\n
\n
\n

hostTagsLists

\n
\n

[array]

\n

The host tags defining where this policy is deployed, the inner values are linked with AND, the outer values are linked with OR

\n
\n \n
\n
\n
\n
\n
\n

monitoringRulesCount

\n
\n

int32

\n

The number of rules in the monitoring state in this policy

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the policy

\n
\n \n
\n
\n
\n
\n
\n

policyVersion

\n
\n

string

\n

The version of the policy

\n
\n \n
\n
\n
\n
\n
\n

priority

\n
\n

int64

\n

The priority of the policy

\n
\n \n
\n
\n
\n
\n
\n

ruleCount

\n
\n

int32

\n

The number of rules in this policy

\n
\n \n
\n
\n
\n
\n
\n

updateDate

\n
\n

int64

\n

Timestamp in milliseconds when the policy was last updated

\n
\n \n
\n
\n
\n
\n
\n

updatedAt

\n
\n

int64

\n

When the policy was last updated, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

The attributes of the user who last updated the policy

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent policy

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource, must always be policy \nAllowed enum values: policy

default: policy

\n
\n \n
\n
\n
\n
" + }, + "403": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "404": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "429": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + } + }, + "request": { + "json_curl": {}, + "json": {}, + "html": "" + } + }, + "UpdateCSMThreatsAgentPolicy": { + "responses": { + "200": { + "json": { + "data": { + "attributes": { + "blockingRulesCount": 100, + "datadogManaged": false, + "description": "My agent policy", + "disabledRulesCount": 100, + "enabled": true, + "hostTags": [], + "hostTagsLists": [], + "monitoringRulesCount": 100, + "name": "my_agent_policy", + "policyVersion": "1", + "priority": 10, + "ruleCount": 100, + "updateDate": 1624366480320, + "updatedAt": 1624366480320, + "updater": { + "handle": "datadog.user@example.com", + "name": "Datadog User" + } + }, + "id": "6517fcc1-cec7-4394-a655-8d6e9d085255", + "type": "policy" + } + }, + "html": "
\n
\n
\n
\n

data

\n
\n

object

\n

Object for a single Agent policy

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A Cloud Workload Security Agent policy returned by the API

\n
\n
\n
\n
\n
\n

blockingRulesCount

\n
\n

int32

\n

The number of rules with the blocking feature in this policy

\n
\n \n
\n
\n
\n
\n
\n

datadogManaged

\n
\n

boolean

\n

Whether the policy is managed by Datadog

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the policy

\n
\n \n
\n
\n
\n
\n
\n

disabledRulesCount

\n
\n

int32

\n

The number of rules that are disabled in this policy

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent policy is enabled

\n
\n \n
\n
\n
\n
\n
\n

hostTags

\n
\n

[string]

\n

The host tags defining where this policy is deployed

\n
\n \n
\n
\n
\n
\n
\n

hostTagsLists

\n
\n

[array]

\n

The host tags defining where this policy is deployed, the inner values are linked with AND, the outer values are linked with OR

\n
\n \n
\n
\n
\n
\n
\n

monitoringRulesCount

\n
\n

int32

\n

The number of rules in the monitoring state in this policy

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the policy

\n
\n \n
\n
\n
\n
\n
\n

policyVersion

\n
\n

string

\n

The version of the policy

\n
\n \n
\n
\n
\n
\n
\n

priority

\n
\n

int64

\n

The priority of the policy

\n
\n \n
\n
\n
\n
\n
\n

ruleCount

\n
\n

int32

\n

The number of rules in this policy

\n
\n \n
\n
\n
\n
\n
\n

updateDate

\n
\n

int64

\n

Timestamp in milliseconds when the policy was last updated

\n
\n \n
\n
\n
\n
\n
\n

updatedAt

\n
\n

int64

\n

When the policy was last updated, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

The attributes of the user who last updated the policy

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent policy

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource, must always be policy \nAllowed enum values: policy

default: policy

\n
\n \n
\n
\n
\n
" + }, + "400": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "403": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "404": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "409": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "429": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + } + }, + "request": { + "json_curl": { + "data": { + "attributes": {}, + "type": "policy" + } + }, + "json": { + "data": { + "attributes": { + "description": "My agent policy", + "enabled": true, + "hostTags": [], + "hostTagsLists": [], + "name": "my_agent_policy" + }, + "id": "6517fcc1-cec7-4394-a655-8d6e9d085255", + "type": "policy" + } + }, + "html": "
\n
\n
\n
\n

data [required]

\n
\n

object

\n

Object for a single Agent policy

\n
\n
\n
\n
\n
\n

attributes [required]

\n
\n

object

\n

Update an existing Cloud Workload Security Agent policy

\n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the policy

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the policy is enabled

\n
\n \n
\n
\n
\n
\n
\n

hostTags

\n
\n

[string]

\n

The host tags defining where this policy is deployed

\n
\n \n
\n
\n
\n
\n
\n

hostTagsLists

\n
\n

[array]

\n

The host tags defining where this policy is deployed, the inner values are linked with AND, the outer values are linked with OR

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the policy

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent policy

\n
\n \n
\n
\n
\n
\n
\n

type [required]

\n
\n

enum

\n

The type of the resource, must always be policy \nAllowed enum values: policy

default: policy

\n
\n \n
\n
\n
\n
" + } + }, + "DownloadCloudWorkloadPolicyFile": { + "responses": { + "200": { + "json": {}, + "html": "
\n
\n
\n

No response body

\n
\n
\n
" + }, + "403": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "429": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + } + }, + "request": { + "json_curl": {}, + "json": {}, + "html": "" + } + }, + "ListCloudWorkloadSecurityAgentRules": { + "responses": { + "200": { + "json": { + "data": [ + { + "attributes": { + "actions": [ + { + "filter": "string", + "kill": { + "signal": "string" + } + } + ], + "agentConstraint": "string", + "category": "Process Activity", + "creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002", + "creationDate": 1624366480320, + "creator": { + "handle": "datadog.user@example.com", + "name": "Datadog User" + }, + "defaultRule": false, + "description": "My Agent rule", + "enabled": true, + "expression": "exec.file.name == \"sh\"", + "filters": [], + "name": "my_agent_rule", + "product_tags": [], + "updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002", + "updateDate": 1624366480320, + "updatedAt": 1624366480320, + "updater": { + "handle": "datadog.user@example.com", + "name": "Datadog User" + }, + "version": 23 + }, + "id": "3dd-0uc-h1s", + "type": "agent_rule" + } + ] + }, + "html": "
\n
\n
\n
\n

data

\n
\n

[object]

\n

A list of Agent rules objects

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A Workload Protection Agent rule returned by the API.

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

agentConstraint

\n
\n

string

\n

The version of the Agent

\n
\n \n
\n
\n
\n
\n
\n

category

\n
\n

string

\n

The category of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

creationAuthorUuId

\n
\n

string

\n

The ID of the user who created the rule

\n
\n \n
\n
\n
\n
\n
\n

creationDate

\n
\n

int64

\n

When the Agent rule was created, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

creator

\n
\n

object

\n

The attributes of the user who created the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

defaultRule

\n
\n

boolean

\n

Whether the rule is included by default

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n

updateAuthorUuId

\n
\n

string

\n

The ID of the user who updated the rule

\n
\n \n
\n
\n
\n
\n
\n

updateDate

\n
\n

int64

\n

Timestamp in milliseconds when the Agent rule was last updated

\n
\n \n
\n
\n
\n
\n
\n

updatedAt

\n
\n

int64

\n

When the Agent rule was last updated, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

The attributes of the user who last updated the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int64

\n

The version of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" + }, + "403": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "429": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + } + }, + "request": { + "json_curl": {}, + "json": {}, + "html": "" + } + }, + "CreateCloudWorkloadSecurityAgentRule": { + "responses": { + "200": { + "json": { + "data": { + "attributes": { + "actions": [ + { + "filter": "string", + "kill": { + "signal": "string" + } + } + ], + "agentConstraint": "string", + "category": "Process Activity", + "creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002", + "creationDate": 1624366480320, + "creator": { + "handle": "datadog.user@example.com", + "name": "Datadog User" + }, + "defaultRule": false, + "description": "My Agent rule", + "enabled": true, + "expression": "exec.file.name == \"sh\"", + "filters": [], + "name": "my_agent_rule", + "product_tags": [], + "updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002", + "updateDate": 1624366480320, + "updatedAt": 1624366480320, + "updater": { + "handle": "datadog.user@example.com", + "name": "Datadog User" + }, + "version": 23 + }, + "id": "3dd-0uc-h1s", + "type": "agent_rule" + } + }, + "html": "
\n
\n
\n
\n

data

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A Workload Protection Agent rule returned by the API.

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

agentConstraint

\n
\n

string

\n

The version of the Agent

\n
\n \n
\n
\n
\n
\n
\n

category

\n
\n

string

\n

The category of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

creationAuthorUuId

\n
\n

string

\n

The ID of the user who created the rule

\n
\n \n
\n
\n
\n
\n
\n

creationDate

\n
\n

int64

\n

When the Agent rule was created, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

creator

\n
\n

object

\n

The attributes of the user who created the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

defaultRule

\n
\n

boolean

\n

Whether the rule is included by default

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n

updateAuthorUuId

\n
\n

string

\n

The ID of the user who updated the rule

\n
\n \n
\n
\n
\n
\n
\n

updateDate

\n
\n

int64

\n

Timestamp in milliseconds when the Agent rule was last updated

\n
\n \n
\n
\n
\n
\n
\n

updatedAt

\n
\n

int64

\n

When the Agent rule was last updated, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

The attributes of the user who last updated the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int64

\n

The version of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" + }, + "400": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "403": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "409": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "429": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + } + }, + "request": { + "json_curl": { + "data": { + "attributes": { + "expression": "exec.file.name == \"sh\"", + "name": "my_agent_rule" + }, + "type": "agent_rule" + } + }, + "json": { + "data": { + "attributes": { + "description": "My Agent rule", + "enabled": true, + "expression": "exec.file.name == \"sh\"", + "filters": [], + "name": "my_agent_rule", + "policy_id": "a8c8e364-6556-434d-b798-a4c23de29c0b", + "product_tags": [] + }, + "type": "agent_rule" + } + }, + "html": "
\n
\n
\n
\n

data [required]

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes [required]

\n
\n

object

\n

Create a new Workload Protection Agent rule.

\n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule.

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression [required]

\n
\n

string

\n

The SECL expression of the Agent rule.

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

name [required]

\n
\n

string

\n

The name of the Agent rule.

\n
\n \n
\n
\n
\n
\n
\n

policy_id

\n
\n

string

\n

The ID of the policy where the Agent rule is saved

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

type [required]

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" + } + }, + "DeleteCloudWorkloadSecurityAgentRule": { + "responses": { + "403": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "404": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "429": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + } + }, + "request": { + "json_curl": {}, + "json": {}, + "html": "" + } + }, + "GetCloudWorkloadSecurityAgentRule": { + "responses": { + "200": { + "json": { + "data": { + "attributes": { + "actions": [ + { + "filter": "string", + "kill": { + "signal": "string" + } + } + ], + "agentConstraint": "string", + "category": "Process Activity", + "creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002", + "creationDate": 1624366480320, + "creator": { + "handle": "datadog.user@example.com", + "name": "Datadog User" + }, + "defaultRule": false, + "description": "My Agent rule", + "enabled": true, + "expression": "exec.file.name == \"sh\"", + "filters": [], + "name": "my_agent_rule", + "product_tags": [], + "updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002", + "updateDate": 1624366480320, + "updatedAt": 1624366480320, + "updater": { + "handle": "datadog.user@example.com", + "name": "Datadog User" + }, + "version": 23 + }, + "id": "3dd-0uc-h1s", + "type": "agent_rule" + } + }, + "html": "
\n
\n
\n
\n

data

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A Workload Protection Agent rule returned by the API.

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

agentConstraint

\n
\n

string

\n

The version of the Agent

\n
\n \n
\n
\n
\n
\n
\n

category

\n
\n

string

\n

The category of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

creationAuthorUuId

\n
\n

string

\n

The ID of the user who created the rule

\n
\n \n
\n
\n
\n
\n
\n

creationDate

\n
\n

int64

\n

When the Agent rule was created, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

creator

\n
\n

object

\n

The attributes of the user who created the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

defaultRule

\n
\n

boolean

\n

Whether the rule is included by default

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n

updateAuthorUuId

\n
\n

string

\n

The ID of the user who updated the rule

\n
\n \n
\n
\n
\n
\n
\n

updateDate

\n
\n

int64

\n

Timestamp in milliseconds when the Agent rule was last updated

\n
\n \n
\n
\n
\n
\n
\n

updatedAt

\n
\n

int64

\n

When the Agent rule was last updated, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

The attributes of the user who last updated the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int64

\n

The version of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" + }, + "403": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "404": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "429": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + } + }, + "request": { + "json_curl": {}, + "json": {}, + "html": "" + } + }, + "UpdateCloudWorkloadSecurityAgentRule": { + "responses": { + "200": { + "json": { + "data": { + "attributes": { + "actions": [ + { + "filter": "string", + "kill": { + "signal": "string" + } + } + ], + "agentConstraint": "string", + "category": "Process Activity", + "creationAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002", + "creationDate": 1624366480320, + "creator": { + "handle": "datadog.user@example.com", + "name": "Datadog User" + }, + "defaultRule": false, + "description": "My Agent rule", + "enabled": true, + "expression": "exec.file.name == \"sh\"", + "filters": [], + "name": "my_agent_rule", + "product_tags": [], + "updateAuthorUuId": "e51c9744-d158-11ec-ad23-da7ad0900002", + "updateDate": 1624366480320, + "updatedAt": 1624366480320, + "updater": { + "handle": "datadog.user@example.com", + "name": "Datadog User" + }, + "version": 23 + }, + "id": "3dd-0uc-h1s", + "type": "agent_rule" + } + }, + "html": "
\n
\n
\n
\n

data

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes

\n
\n

object

\n

A Workload Protection Agent rule returned by the API.

\n
\n
\n
\n
\n
\n

actions

\n
\n

[object]

\n

The array of actions the rule can perform if triggered

\n
\n
\n
\n
\n
\n

filter

\n
\n

string

\n

SECL expression used to target the container to apply the action on

\n
\n \n
\n
\n
\n
\n
\n

kill

\n
\n

object

\n

Kill system call applied on the container matching the rule

\n
\n
\n
\n
\n
\n

signal

\n
\n

string

\n

Supported signals for the kill system call

\n
\n \n
\n
\n
\n
\n
\n
\n
\n
\n
\n

agentConstraint

\n
\n

string

\n

The version of the Agent

\n
\n \n
\n
\n
\n
\n
\n

category

\n
\n

string

\n

The category of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

creationAuthorUuId

\n
\n

string

\n

The ID of the user who created the rule

\n
\n \n
\n
\n
\n
\n
\n

creationDate

\n
\n

int64

\n

When the Agent rule was created, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

creator

\n
\n

object

\n

The attributes of the user who created the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

defaultRule

\n
\n

boolean

\n

Whether the rule is included by default

\n
\n \n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

filters

\n
\n

[string]

\n

The platforms the Agent rule is supported on

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n

updateAuthorUuId

\n
\n

string

\n

The ID of the user who updated the rule

\n
\n \n
\n
\n
\n
\n
\n

updateDate

\n
\n

int64

\n

Timestamp in milliseconds when the Agent rule was last updated

\n
\n \n
\n
\n
\n
\n
\n

updatedAt

\n
\n

int64

\n

When the Agent rule was last updated, timestamp in milliseconds

\n
\n \n
\n
\n
\n
\n
\n

updater

\n
\n

object

\n

The attributes of the user who last updated the Agent rule

\n
\n
\n
\n
\n
\n

handle

\n
\n

string

\n

The handle of the user

\n
\n \n
\n
\n
\n
\n
\n

name

\n
\n

string

\n

The name of the user

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

version

\n
\n

int64

\n

The version of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" + }, + "400": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "403": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "404": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "409": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + }, + "429": { + "json": { + "errors": [ + "Bad Request" + ] + }, + "html": "
\n
\n
\n
\n

errors [required]

\n
\n

[string]

\n

A list of errors.

\n
\n \n
\n
" + } + }, + "request": { + "json_curl": { + "data": { + "attributes": {}, + "type": "agent_rule" + } + }, + "json": { + "data": { + "attributes": { + "description": "My Agent rule", + "enabled": true, + "expression": "exec.file.name == \"sh\"", + "policy_id": "a8c8e364-6556-434d-b798-a4c23de29c0b", + "product_tags": [] + }, + "id": "3dd-0uc-h1s", + "type": "agent_rule" + } + }, + "html": "
\n
\n
\n
\n

data [required]

\n
\n

object

\n

Object for a single Agent rule

\n
\n
\n
\n
\n
\n

attributes [required]

\n
\n

object

\n

Update an existing Workload Protection Agent rule.

\n
\n
\n
\n
\n
\n

description

\n
\n

string

\n

The description of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

enabled

\n
\n

boolean

\n

Whether the Agent rule is enabled

\n
\n \n
\n
\n
\n
\n
\n

expression

\n
\n

string

\n

The SECL expression of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

policy_id

\n
\n

string

\n

The ID of the policy where the Agent rule is saved

\n
\n \n
\n
\n
\n
\n
\n

product_tags

\n
\n

[string]

\n

The list of product tags associated with the rule

\n
\n \n
\n
\n
\n
\n
\n
\n
\n

id

\n
\n

string

\n

The ID of the Agent rule

\n
\n \n
\n
\n
\n
\n
\n

type [required]

\n
\n

enum

\n

The type of the resource, must always be agent_rule \nAllowed enum values: agent_rule

default: agent_rule

\n
\n \n
\n
\n
\n
" + } + } +} \ No newline at end of file diff --git a/content/en/api/v2/workload-protection/request.CreateCSMThreatsAgentPolicy.json b/content/en/api/v2/workload-protection/request.CreateCSMThreatsAgentPolicy.json new file mode 100644 index 0000000000000..3cab077ecca3f --- /dev/null +++ b/content/en/api/v2/workload-protection/request.CreateCSMThreatsAgentPolicy.json @@ -0,0 +1,15 @@ +{ + "data": { + "attributes": { + "description": "My agent policy", + "enabled": true, + "hostTagsLists": [ + [ + "env:test" + ] + ], + "name": "my_agent_policy" + }, + "type": "policy" + } +} \ No newline at end of file diff --git a/content/en/api/v2/workload-protection/request.CreateCSMThreatsAgentRule.json b/content/en/api/v2/workload-protection/request.CreateCSMThreatsAgentRule.json new file mode 100644 index 0000000000000..8566473c11591 --- /dev/null +++ b/content/en/api/v2/workload-protection/request.CreateCSMThreatsAgentRule.json @@ -0,0 +1,14 @@ +{ + "data": { + "attributes": { + "description": "My Agent rule", + "enabled": true, + "expression": "exec.file.name == \"sh\"", + "filters": [], + "name": "exampleworkloadprotection", + "policy_id": "6517fcc1-cec7-4394-a655-8d6e9d085255", + "product_tags": [] + }, + "type": "agent_rule" + } +} \ No newline at end of file diff --git a/content/en/api/v2/workload-protection/request.CreateCloudWorkloadSecurityAgentRule.json b/content/en/api/v2/workload-protection/request.CreateCloudWorkloadSecurityAgentRule.json new file mode 100644 index 0000000000000..a3fd06c2ed6f4 --- /dev/null +++ b/content/en/api/v2/workload-protection/request.CreateCloudWorkloadSecurityAgentRule.json @@ -0,0 +1,12 @@ +{ + "data": { + "attributes": { + "description": "My Agent rule", + "enabled": true, + "expression": "exec.file.name == \"sh\"", + "filters": [], + "name": "exampleworkloadprotection" + }, + "type": "agent_rule" + } +} \ No newline at end of file diff --git a/content/en/api/v2/workload-protection/request.UpdateCSMThreatsAgentPolicy.json b/content/en/api/v2/workload-protection/request.UpdateCSMThreatsAgentPolicy.json new file mode 100644 index 0000000000000..763f11bc1827e --- /dev/null +++ b/content/en/api/v2/workload-protection/request.UpdateCSMThreatsAgentPolicy.json @@ -0,0 +1,16 @@ +{ + "data": { + "attributes": { + "description": "Updated agent policy", + "enabled": true, + "hostTagsLists": [ + [ + "env:test" + ] + ], + "name": "updated_agent_policy" + }, + "id": "6517fcc1-cec7-4394-a655-8d6e9d085255", + "type": "policy" + } +} \ No newline at end of file diff --git a/content/en/api/v2/workload-protection/request.UpdateCloudWorkloadSecurityAgentRule.json b/content/en/api/v2/workload-protection/request.UpdateCloudWorkloadSecurityAgentRule.json new file mode 100644 index 0000000000000..84bfd55f361b3 --- /dev/null +++ b/content/en/api/v2/workload-protection/request.UpdateCloudWorkloadSecurityAgentRule.json @@ -0,0 +1,10 @@ +{ + "data": { + "attributes": { + "description": "Updated Agent rule", + "expression": "exec.file.name == \"sh\"" + }, + "id": "3dd-0uc-h1s", + "type": "agent_rule" + } +} \ No newline at end of file diff --git a/data/api/v2/CodeExamples.json b/data/api/v2/CodeExamples.json index 06834c141262a..5c959bbd1b0b6 100644 --- a/data/api/v2/CodeExamples.json +++ b/data/api/v2/CodeExamples.json @@ -200,41 +200,6 @@ "description": "Search tests events returns \"OK\" response with pagination" } ], - "CreateCSMThreatsAgentPolicy": [ - { - "group": "csm_threats", - "suffix": "", - "description": "Create a CSM Threats Agent policy returns \"OK\" response" - } - ], - "CreateCSMThreatsAgentRule": [ - { - "group": "csm_threats", - "suffix": "", - "description": "Create a CSM Threats Agent rule returns \"OK\" response" - } - ], - "CreateCloudWorkloadSecurityAgentRule": [ - { - "group": "csm_threats", - "suffix": "", - "description": "Create a Cloud Workload Security Agent rule returns \"OK\" response" - } - ], - "UpdateCSMThreatsAgentPolicy": [ - { - "group": "csm_threats", - "suffix": "", - "description": "Update a CSM Threats Agent policy returns \"OK\" response" - } - ], - "UpdateCloudWorkloadSecurityAgentRule": [ - { - "group": "csm_threats", - "suffix": "", - "description": "Update a Cloud Workload Security Agent rule returns \"OK\" response" - } - ], "ArchiveCase": [ { "group": "case_management", @@ -1511,5 +1476,40 @@ "suffix": "", "description": "Update an existing Workflow returns \"Successfully updated a workflow.\" response" } + ], + "CreateCSMThreatsAgentPolicy": [ + { + "group": "workload_protection", + "suffix": "", + "description": "Create a Workload Protection Agent policy returns \"OK\" response" + } + ], + "CreateCloudWorkloadSecurityAgentRule": [ + { + "group": "workload_protection", + "suffix": "", + "description": "Create a Workload Protection Agent rule (US1-FED) returns \"OK\" response" + } + ], + "CreateCSMThreatsAgentRule": [ + { + "group": "workload_protection", + "suffix": "", + "description": "Create a Workload Protection Agent rule returns \"OK\" response" + } + ], + "UpdateCSMThreatsAgentPolicy": [ + { + "group": "workload_protection", + "suffix": "", + "description": "Update a Workload Protection Agent policy returns \"OK\" response" + } + ], + "UpdateCloudWorkloadSecurityAgentRule": [ + { + "group": "workload_protection", + "suffix": "", + "description": "Update a Workload Protection Agent rule (US1-FED) returns \"OK\" response" + } ] } \ No newline at end of file diff --git a/data/api/v2/full_spec.yaml b/data/api/v2/full_spec.yaml index 5b28d02c9410b..372ff3c285fc6 100644 --- a/data/api/v2/full_spec.yaml +++ b/data/api/v2/full_spec.yaml @@ -7532,7 +7532,7 @@ components: nullable: true type: array CloudWorkloadSecurityAgentRuleAttributes: - description: A Cloud Workload Security Agent rule returned by the API + description: A Workload Protection Agent rule returned by the API. properties: actions: $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleActions' @@ -7607,7 +7607,7 @@ components: type: integer type: object CloudWorkloadSecurityAgentRuleCreateAttributes: - description: Create a new Cloud Workload Security Agent rule. + description: Create a new Workload Protection Agent rule. properties: description: description: The description of the Agent rule. @@ -7714,7 +7714,7 @@ components: x-enum-varnames: - AGENT_RULE CloudWorkloadSecurityAgentRuleUpdateAttributes: - description: Update an existing Cloud Workload Security Agent rule + description: Update an existing Workload Protection Agent rule. properties: description: description: The description of the Agent rule @@ -55595,10 +55595,12 @@ paths: type: idempotent /api/v2/remote_config/products/cws/agent_rules: get: - description: Get the list of Cloud Security Management Threats Agent rules + description: 'Get the list of Workload Protection Agent rules. + + + **Note**: This endpoint is not available for the Government (US1-FED) site. + Please reference the (US1-FED) specific resource below.' operationId: ListCSMThreatsAgentRules - parameters: - - $ref: '#/components/parameters/CloudWorkloadSecurityQueryAgentPolicyID' responses: '200': content: @@ -55610,15 +55612,18 @@ paths: $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' - summary: Get all CSM Threats Agent rules + summary: Get all Workload Protection Agent rules tags: - - CSM Threats - x-menu-order: 3 + - Workload Protection + x-menu-order: 2 x-undo: type: safe post: - description: Create a new Cloud Security Management Threats Agent rule with - the given parameters + description: 'Create a new Workload Protection Agent rule with the given parameters. + + + **Note**: This endpoint is not available for the Government (US1-FED) site. + Please reference the (US1-FED) specific resource below.' operationId: CreateCSMThreatsAgentRule requestBody: content: @@ -55642,9 +55647,9 @@ paths: $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' - summary: Create a CSM Threats Agent rule + summary: Create a Workload Protection Agent rule tags: - - CSM Threats + - Workload Protection x-codegen-request-body-name: body x-given: agent_rule: @@ -55657,7 +55662,7 @@ paths: \"technique:T1059\"],\n \"policy_id\": \"{{ policy.data.id }}\"\n \ }\n }\n}" step: there is a valid "agent_rule_rc" in the system - x-menu-order: 4 + x-menu-order: 3 x-undo: operationId: DeleteCSMThreatsAgentRule parameters: @@ -55666,7 +55671,11 @@ paths: type: unsafe /api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}: delete: - description: Delete a specific Cloud Security Management Threats Agent rule + description: 'Delete a specific Workload Protection Agent rule. + + + **Note**: This endpoint is not available for the Government (US1-FED) site. + Please reference the (US1-FED) specific resource below.' operationId: DeleteCSMThreatsAgentRule parameters: - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID' @@ -55680,15 +55689,18 @@ paths: $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' - summary: Delete a CSM Threats Agent rule + summary: Delete a Workload Protection Agent rule tags: - - CSM Threats + - Workload Protection x-menu-order: 6 x-undo: type: idempotent get: - description: Get the details of a specific Cloud Security Management Threats - Agent rule + description: 'Get the details of a specific Workload Protection Agent rule. + + + **Note**: This endpoint is not available for the Government (US1-FED) site. + Please reference the (US1-FED) specific resource below.' operationId: GetCSMThreatsAgentRule parameters: - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID' @@ -55706,16 +55718,20 @@ paths: $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' - summary: Get a CSM Threats Agent rule + summary: Get a Workload Protection Agent rule tags: - - CSM Threats - x-menu-order: 2 + - Workload Protection + x-menu-order: 4 x-undo: type: safe patch: - description: 'Update a specific Cloud Security Management Threats Agent rule. + description: 'Update a specific Workload Protection Agent rule. + + Returns the Agent rule object when the request is successful. + - Returns the Agent rule object when the request is successful.' + **Note**: This endpoint is not available for the Government (US1-FED) site. + Please reference the (US1-FED) specific resource below.' operationId: UpdateCSMThreatsAgentRule parameters: - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID' @@ -55744,16 +55760,16 @@ paths: $ref: '#/components/responses/ConcurrentModificationResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' - summary: Update a CSM Threats Agent rule + summary: Update a Workload Protection Agent rule tags: - - CSM Threats + - Workload Protection x-codegen-request-body-name: body x-menu-order: 5 x-undo: type: idempotent /api/v2/remote_config/products/cws/policy: get: - description: Get the list of Cloud Security Management Threats Agent policies + description: Get the list of Workload Protection Agent policies operationId: ListCSMThreatsAgentPolicies responses: '200': @@ -55766,15 +55782,14 @@ paths: $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' - summary: Get all CSM Threats Agent policies + summary: Get all Workload Protection Agent policies tags: - - CSM Threats - x-menu-order: 3 + - Workload Protection + x-menu-order: 7 x-undo: type: safe post: - description: Create a new Cloud Security Management Threats Agent policy with - the given parameters + description: Create a new Workload Protection Agent policy with the given parameters operationId: CreateCSMThreatsAgentPolicy requestBody: content: @@ -55798,9 +55813,9 @@ paths: $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' - summary: Create a CSM Threats Agent policy + summary: Create a Workload Protection Agent policy tags: - - CSM Threats + - Workload Protection x-codegen-request-body-name: body x-given: policy: @@ -55811,7 +55826,7 @@ paths: \"My agent policy\",\n \"hostTags\": [\"env:staging\"],\n \"enabled\": true\n }\n }\n}" step: there is a valid "policy_rc" in the system - x-menu-order: 4 + x-menu-order: 8 x-undo: operationId: DeleteCSMThreatsAgentPolicy parameters: @@ -55820,13 +55835,17 @@ paths: type: unsafe /api/v2/remote_config/products/cws/policy/download: get: - description: 'The download endpoint generates a CSM Threats policy file from - your currently active + description: 'The download endpoint generates a Workload Protection policy file + from your currently active + + Workload Protection rules, and downloads them as a `.policy` file. This file + can then be deployed to - CSM Threats rules, and downloads them as a `.policy` file. This file can then - be deployed to + your Agents to update the policy running in your environment. - your Agents to update the policy running in your environment.' + + **Note**: This endpoint is not available for the Government (US1-FED) site. + Please reference the (US1-FED) specific resource below.' operationId: DownloadCSMThreatsPolicy responses: '200': @@ -55840,15 +55859,15 @@ paths: $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' - summary: Get the latest CSM Threats policy + summary: Download the Workload Protection policy tags: - - CSM Threats + - Workload Protection x-menu-order: 1 x-undo: type: safe /api/v2/remote_config/products/cws/policy/{policy_id}: delete: - description: Delete a specific Cloud Security Management Threats Agent policy + description: Delete a specific Workload Protection Agent policy operationId: DeleteCSMThreatsAgentPolicy parameters: - $ref: '#/components/parameters/CloudWorkloadSecurityPathAgentPolicyID' @@ -55863,15 +55882,14 @@ paths: $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' - summary: Delete a CSM Threats Agent policy + summary: Delete a Workload Protection Agent policy tags: - - CSM Threats - x-menu-order: 6 + - Workload Protection + x-menu-order: 11 x-undo: type: idempotent get: - description: Get the details of a specific Cloud Security Management Threats - Agent policy + description: Get the details of a specific Workload Protection Agent policy operationId: GetCSMThreatsAgentPolicy parameters: - $ref: '#/components/parameters/CloudWorkloadSecurityPathAgentPolicyID' @@ -55888,14 +55906,14 @@ paths: $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' - summary: Get a CSM Threats Agent policy + summary: Get a Workload Protection Agent policy tags: - - CSM Threats - x-menu-order: 2 + - Workload Protection + x-menu-order: 9 x-undo: type: safe patch: - description: 'Update a specific Cloud Security Management Threats Agent policy. + description: 'Update a specific Workload Protection Agent policy. Returns the Agent policy object when the request is successful.' operationId: UpdateCSMThreatsAgentPolicy @@ -55925,11 +55943,11 @@ paths: $ref: '#/components/responses/ConcurrentModificationResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' - summary: Update a CSM Threats Agent policy + summary: Update a Workload Protection Agent policy tags: - - CSM Threats + - Workload Protection x-codegen-request-body-name: body - x-menu-order: 5 + x-menu-order: 10 x-undo: type: idempotent /api/v2/remote_config/products/obs_pipelines/pipelines: @@ -58904,13 +58922,16 @@ paths: If you are interested in accessing this API, [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9).' /api/v2/security/cloud_workload/policy/download: get: - description: 'The download endpoint generates a Cloud Workload Security policy - file from your currently active + description: 'The download endpoint generates a Workload Protection policy file + from your currently active + + Workload Protection rules, and downloads them as a .policy file. This file + can then be deployed to + + your Agents to update the policy running in your environment. - Cloud Workload Security rules, and downloads them as a .policy file. This - file can then be deployed to - your Agents to update the policy running in your environment.' + **Note**: This endpoint should only be used for the Government (US1-FED) site.' operationId: DownloadCloudWorkloadPolicyFile responses: '200': @@ -58924,10 +58945,10 @@ paths: $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' - summary: Get the latest Cloud Workload Security policy + summary: Download the Workload Protection policy (US1-FED) tags: - - CSM Threats - x-menu-order: 1 + - Workload Protection + x-menu-order: 12 x-permission: operator: OR permissions: @@ -59815,7 +59836,10 @@ paths: type: idempotent /api/v2/security_monitoring/cloud_workload_security/agent_rules: get: - description: Get the list of Agent rules + description: 'Get the list of Agent rules. + + + **Note**: This endpoint should only be used for the Government (US1-FED) site.' operationId: ListCloudWorkloadSecurityAgentRules responses: '200': @@ -59828,10 +59852,10 @@ paths: $ref: '#/components/responses/NotAuthorizedResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' - summary: Get all Cloud Workload Security Agent rules + summary: Get all Workload Protection Agent rules (US1-FED) tags: - - CSM Threats - x-menu-order: 3 + - Workload Protection + x-menu-order: 13 x-permission: operator: OR permissions: @@ -59839,7 +59863,10 @@ paths: x-undo: type: safe post: - description: Create a new Agent rule with the given parameters. + description: 'Create a new Agent rule with the given parameters. + + + **Note**: This endpoint should only be used for the Government (US1-FED) site.' operationId: CreateCloudWorkloadSecurityAgentRule requestBody: content: @@ -59863,9 +59890,9 @@ paths: $ref: '#/components/responses/ConflictResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' - summary: Create a Cloud Workload Security Agent rule + summary: Create a Workload Protection Agent rule (US1-FED) tags: - - CSM Threats + - Workload Protection x-codegen-request-body-name: body x-given: agent_rule: @@ -59876,7 +59903,7 @@ paths: \"My Agent rule\",\n \"expression\": \"exec.file.name == \\\"sh\\\"\",\n \ \"enabled\": true\n }\n }\n}" step: there is a valid "agent_rule" in the system - x-menu-order: 4 + x-menu-order: 14 x-permission: operator: OR permissions: @@ -59889,7 +59916,10 @@ paths: type: unsafe /api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}: delete: - description: Delete a specific Agent rule + description: 'Delete a specific Agent rule. + + + **Note**: This endpoint should only be used for the Government (US1-FED) site.' operationId: DeleteCloudWorkloadSecurityAgentRule parameters: - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID' @@ -59902,10 +59932,10 @@ paths: $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' - summary: Delete a Cloud Workload Security Agent rule + summary: Delete a Workload Protection Agent rule (US1-FED) tags: - - CSM Threats - x-menu-order: 6 + - Workload Protection + x-menu-order: 17 x-permission: operator: OR permissions: @@ -59913,7 +59943,10 @@ paths: x-undo: type: idempotent get: - description: Get the details of a specific Agent rule + description: 'Get the details of a specific Agent rule. + + + **Note**: This endpoint should only be used for the Government (US1-FED) site.' operationId: GetCloudWorkloadSecurityAgentRule parameters: - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID' @@ -59930,10 +59963,10 @@ paths: $ref: '#/components/responses/NotFoundResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' - summary: Get a Cloud Workload Security Agent rule + summary: Get a Workload Protection Agent rule (US1-FED) tags: - - CSM Threats - x-menu-order: 2 + - Workload Protection + x-menu-order: 15 x-permission: operator: OR permissions: @@ -59943,7 +59976,10 @@ paths: patch: description: 'Update a specific Agent rule. - Returns the Agent rule object when the request is successful.' + Returns the Agent rule object when the request is successful. + + + **Note**: This endpoint should only be used for the Government (US1-FED) site.' operationId: UpdateCloudWorkloadSecurityAgentRule parameters: - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID' @@ -59971,11 +60007,11 @@ paths: $ref: '#/components/responses/ConcurrentModificationResponse' '429': $ref: '#/components/responses/TooManyRequestsResponse' - summary: Update a Cloud Workload Security Agent rule + summary: Update a Workload Protection Agent rule (US1-FED) tags: - - CSM Threats + - Workload Protection x-codegen-request-body-name: body - x-menu-order: 5 + x-menu-order: 16 x-permission: operator: OR permissions: @@ -65910,11 +65946,6 @@ tags: Go to https://docs.datadoghq.com/security/cloud_security_management to learn more.' name: CSM Coverage Analysis -- description: Cloud Security Management Threats (CSM Threats) monitors file, network, - and process activity across your environment to detect real-time threats to your - infrastructure. See [Cloud Security Management Threats](https://docs.datadoghq.com/security/threats/) - for more information on setting up CSM Threats. - name: CSM Threats - description: View and manage cases and projects within Case Management. See the [Case Management page](https://docs.datadoghq.com/service_management/case_management/) for more information. @@ -66339,6 +66370,15 @@ tags: description: Find out more at url: https://docs.datadoghq.com/service_management/workflows/ name: Workflow Automation +- description: 'Workload Protection monitors file, network, and process activity across + your environment to detect real-time threats to your infrastructure. See [Workload + Protection](https://docs.datadoghq.com/security/workload_protection/) for more + information on setting up Workload Protection. + + + **Note**: These endpoints are split based on whether you are using the US1-FED + site or not. Please reference the specific resource for the site you are using.' + name: Workload Protection x-group-parameters: true x-merge-override: paths: false diff --git a/data/api/v2/full_spec_deref.json b/data/api/v2/full_spec_deref.json index a12b8dabfa163..ed20fd2291d4c 100644 --- a/data/api/v2/full_spec_deref.json +++ b/data/api/v2/full_spec_deref.json @@ -42637,7 +42637,7 @@ "type": "array" }, "CloudWorkloadSecurityAgentRuleAttributes": { - "description": "A Cloud Workload Security Agent rule returned by the API", + "description": "A Workload Protection Agent rule returned by the API.", "properties": { "actions": { "description": "The array of actions the rule can perform if triggered", @@ -42784,7 +42784,7 @@ "type": "object" }, "CloudWorkloadSecurityAgentRuleCreateAttributes": { - "description": "Create a new Cloud Workload Security Agent rule.", + "description": "Create a new Workload Protection Agent rule.", "properties": { "description": { "description": "The description of the Agent rule.", @@ -42836,7 +42836,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "Create a new Cloud Workload Security Agent rule.", + "description": "Create a new Workload Protection Agent rule.", "properties": { "description": { "description": "The description of the Agent rule.", @@ -42910,7 +42910,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "Create a new Cloud Workload Security Agent rule.", + "description": "Create a new Workload Protection Agent rule.", "properties": { "description": { "description": "The description of the Agent rule.", @@ -43004,7 +43004,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "A Cloud Workload Security Agent rule returned by the API", + "description": "A Workload Protection Agent rule returned by the API.", "properties": { "actions": { "description": "The array of actions the rule can perform if triggered", @@ -43192,7 +43192,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "A Cloud Workload Security Agent rule returned by the API", + "description": "A Workload Protection Agent rule returned by the API.", "properties": { "actions": { "description": "The array of actions the rule can perform if triggered", @@ -43374,7 +43374,7 @@ ] }, "CloudWorkloadSecurityAgentRuleUpdateAttributes": { - "description": "Update an existing Cloud Workload Security Agent rule", + "description": "Update an existing Workload Protection Agent rule.", "properties": { "description": { "description": "The description of the Agent rule", @@ -43410,7 +43410,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "Update an existing Cloud Workload Security Agent rule", + "description": "Update an existing Workload Protection Agent rule.", "properties": { "description": { "description": "The description of the Agent rule", @@ -43473,7 +43473,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "Update an existing Cloud Workload Security Agent rule", + "description": "Update an existing Workload Protection Agent rule.", "properties": { "description": { "description": "The description of the Agent rule", @@ -43561,7 +43561,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "A Cloud Workload Security Agent rule returned by the API", + "description": "A Workload Protection Agent rule returned by the API.", "properties": { "actions": { "description": "The array of actions the rule can perform if triggered", @@ -438207,20 +438207,8 @@ }, "/api/v2/remote_config/products/cws/agent_rules": { "get": { - "description": "Get the list of Cloud Security Management Threats Agent rules", + "description": "Get the list of Workload Protection Agent rules.\n\n**Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.", "operationId": "ListCSMThreatsAgentRules", - "parameters": [ - { - "description": "The ID of the Agent policy", - "example": "6517fcc1-cec7-4394-a655-8d6e9d085255", - "in": "query", - "name": "policy_id", - "required": false, - "schema": { - "type": "string" - } - } - ], "responses": { "200": { "content": { @@ -438234,7 +438222,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "A Cloud Workload Security Agent rule returned by the API", + "description": "A Workload Protection Agent rule returned by the API.", "properties": { "actions": { "description": "The array of actions the rule can perform if triggered", @@ -438466,17 +438454,17 @@ "description": "Too many requests" } }, - "summary": "Get all CSM Threats Agent rules", + "summary": "Get all Workload Protection Agent rules", "tags": [ - "CSM Threats" + "Workload Protection" ], - "x-menu-order": 3, + "x-menu-order": 2, "x-undo": { "type": "safe" } }, "post": { - "description": "Create a new Cloud Security Management Threats Agent rule with the given parameters", + "description": "Create a new Workload Protection Agent rule with the given parameters.\n\n**Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.", "operationId": "CreateCSMThreatsAgentRule", "requestBody": { "content": { @@ -438488,7 +438476,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "Create a new Cloud Workload Security Agent rule.", + "description": "Create a new Workload Protection Agent rule.", "properties": { "description": { "description": "The description of the Agent rule.", @@ -438577,7 +438565,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "A Cloud Workload Security Agent rule returned by the API", + "description": "A Workload Protection Agent rule returned by the API.", "properties": { "actions": { "description": "The array of actions the rule can perform if triggered", @@ -438863,9 +438851,9 @@ "description": "Too many requests" } }, - "summary": "Create a CSM Threats Agent rule", + "summary": "Create a Workload Protection Agent rule", "tags": [ - "CSM Threats" + "Workload Protection" ], "x-codegen-request-body-name": "body", "x-given": { @@ -438879,7 +438867,7 @@ "step": "there is a valid \"agent_rule_rc\" in the system" } }, - "x-menu-order": 4, + "x-menu-order": 3, "x-undo": { "operationId": "DeleteCSMThreatsAgentRule", "parameters": [ @@ -438894,7 +438882,7 @@ }, "/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}": { "delete": { - "description": "Delete a specific Cloud Security Management Threats Agent rule", + "description": "Delete a specific Workload Protection Agent rule.\n\n**Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.", "operationId": "DeleteCSMThreatsAgentRule", "parameters": [ { @@ -439007,9 +438995,9 @@ "description": "Too many requests" } }, - "summary": "Delete a CSM Threats Agent rule", + "summary": "Delete a Workload Protection Agent rule", "tags": [ - "CSM Threats" + "Workload Protection" ], "x-menu-order": 6, "x-undo": { @@ -439017,7 +439005,7 @@ } }, "get": { - "description": "Get the details of a specific Cloud Security Management Threats Agent rule", + "description": "Get the details of a specific Workload Protection Agent rule.\n\n**Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.", "operationId": "GetCSMThreatsAgentRule", "parameters": [ { @@ -439052,7 +439040,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "A Cloud Workload Security Agent rule returned by the API", + "description": "A Workload Protection Agent rule returned by the API.", "properties": { "actions": { "description": "The array of actions the rule can perform if triggered", @@ -439310,17 +439298,17 @@ "description": "Too many requests" } }, - "summary": "Get a CSM Threats Agent rule", + "summary": "Get a Workload Protection Agent rule", "tags": [ - "CSM Threats" + "Workload Protection" ], - "x-menu-order": 2, + "x-menu-order": 4, "x-undo": { "type": "safe" } }, "patch": { - "description": "Update a specific Cloud Security Management Threats Agent rule.\nReturns the Agent rule object when the request is successful.", + "description": "Update a specific Workload Protection Agent rule.\nReturns the Agent rule object when the request is successful.\n\n**Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.", "operationId": "UpdateCSMThreatsAgentRule", "parameters": [ { @@ -439354,7 +439342,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "Update an existing Cloud Workload Security Agent rule", + "description": "Update an existing Workload Protection Agent rule.", "properties": { "description": { "description": "The description of the Agent rule", @@ -439432,7 +439420,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "A Cloud Workload Security Agent rule returned by the API", + "description": "A Workload Protection Agent rule returned by the API.", "properties": { "actions": { "description": "The array of actions the rule can perform if triggered", @@ -439746,9 +439734,9 @@ "description": "Too many requests" } }, - "summary": "Update a CSM Threats Agent rule", + "summary": "Update a Workload Protection Agent rule", "tags": [ - "CSM Threats" + "Workload Protection" ], "x-codegen-request-body-name": "body", "x-menu-order": 5, @@ -439759,7 +439747,7 @@ }, "/api/v2/remote_config/products/cws/policy": { "get": { - "description": "Get the list of Cloud Security Management Threats Agent policies", + "description": "Get the list of Workload Protection Agent policies", "operationId": "ListCSMThreatsAgentPolicies", "responses": { "200": { @@ -439970,17 +439958,17 @@ "description": "Too many requests" } }, - "summary": "Get all CSM Threats Agent policies", + "summary": "Get all Workload Protection Agent policies", "tags": [ - "CSM Threats" + "Workload Protection" ], - "x-menu-order": 3, + "x-menu-order": 7, "x-undo": { "type": "safe" } }, "post": { - "description": "Create a new Cloud Security Management Threats Agent policy with the given parameters", + "description": "Create a new Workload Protection Agent policy with the given parameters", "operationId": "CreateCSMThreatsAgentPolicy", "requestBody": { "content": { @@ -440323,9 +440311,9 @@ "description": "Too many requests" } }, - "summary": "Create a CSM Threats Agent policy", + "summary": "Create a Workload Protection Agent policy", "tags": [ - "CSM Threats" + "Workload Protection" ], "x-codegen-request-body-name": "body", "x-given": { @@ -440339,7 +440327,7 @@ "step": "there is a valid \"policy_rc\" in the system" } }, - "x-menu-order": 4, + "x-menu-order": 8, "x-undo": { "operationId": "DeleteCSMThreatsAgentPolicy", "parameters": [ @@ -440354,7 +440342,7 @@ }, "/api/v2/remote_config/products/cws/policy/download": { "get": { - "description": "The download endpoint generates a CSM Threats policy file from your currently active\nCSM Threats rules, and downloads them as a `.policy` file. This file can then be deployed to\nyour Agents to update the policy running in your environment.", + "description": "The download endpoint generates a Workload Protection policy file from your currently active\nWorkload Protection rules, and downloads them as a `.policy` file. This file can then be deployed to\nyour Agents to update the policy running in your environment.\n\n**Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.", "operationId": "DownloadCSMThreatsPolicy", "responses": { "200": { @@ -440425,9 +440413,9 @@ "description": "Too many requests" } }, - "summary": "Get the latest CSM Threats policy", + "summary": "Download the Workload Protection policy", "tags": [ - "CSM Threats" + "Workload Protection" ], "x-menu-order": 1, "x-undo": { @@ -440437,7 +440425,7 @@ }, "/api/v2/remote_config/products/cws/policy/{policy_id}": { "delete": { - "description": "Delete a specific Cloud Security Management Threats Agent policy", + "description": "Delete a specific Workload Protection Agent policy", "operationId": "DeleteCSMThreatsAgentPolicy", "parameters": [ { @@ -440543,17 +440531,17 @@ "description": "Too many requests" } }, - "summary": "Delete a CSM Threats Agent policy", + "summary": "Delete a Workload Protection Agent policy", "tags": [ - "CSM Threats" + "Workload Protection" ], - "x-menu-order": 6, + "x-menu-order": 11, "x-undo": { "type": "idempotent" } }, "get": { - "description": "Get the details of a specific Cloud Security Management Threats Agent policy", + "description": "Get the details of a specific Workload Protection Agent policy", "operationId": "GetCSMThreatsAgentPolicy", "parameters": [ { @@ -440800,17 +440788,17 @@ "description": "Too many requests" } }, - "summary": "Get a CSM Threats Agent policy", + "summary": "Get a Workload Protection Agent policy", "tags": [ - "CSM Threats" + "Workload Protection" ], - "x-menu-order": 2, + "x-menu-order": 9, "x-undo": { "type": "safe" } }, "patch": { - "description": "Update a specific Cloud Security Management Threats Agent policy.\nReturns the Agent policy object when the request is successful.", + "description": "Update a specific Workload Protection Agent policy.\nReturns the Agent policy object when the request is successful.", "operationId": "UpdateCSMThreatsAgentPolicy", "parameters": [ { @@ -441195,12 +441183,12 @@ "description": "Too many requests" } }, - "summary": "Update a CSM Threats Agent policy", + "summary": "Update a Workload Protection Agent policy", "tags": [ - "CSM Threats" + "Workload Protection" ], "x-codegen-request-body-name": "body", - "x-menu-order": 5, + "x-menu-order": 10, "x-undo": { "type": "idempotent" } @@ -486390,7 +486378,7 @@ }, "/api/v2/security/cloud_workload/policy/download": { "get": { - "description": "The download endpoint generates a Cloud Workload Security policy file from your currently active\nCloud Workload Security rules, and downloads them as a .policy file. This file can then be deployed to\nyour Agents to update the policy running in your environment.", + "description": "The download endpoint generates a Workload Protection policy file from your currently active\nWorkload Protection rules, and downloads them as a .policy file. This file can then be deployed to\nyour Agents to update the policy running in your environment.\n\n**Note**: This endpoint should only be used for the Government (US1-FED) site.", "operationId": "DownloadCloudWorkloadPolicyFile", "responses": { "200": { @@ -486461,11 +486449,11 @@ "description": "Too many requests" } }, - "summary": "Get the latest Cloud Workload Security policy", + "summary": "Download the Workload Protection policy (US1-FED)", "tags": [ - "CSM Threats" + "Workload Protection" ], - "x-menu-order": 1, + "x-menu-order": 12, "x-permission": { "operator": "OR", "permissions": [ @@ -492716,7 +492704,7 @@ }, "/api/v2/security_monitoring/cloud_workload_security/agent_rules": { "get": { - "description": "Get the list of Agent rules", + "description": "Get the list of Agent rules.\n\n**Note**: This endpoint should only be used for the Government (US1-FED) site.", "operationId": "ListCloudWorkloadSecurityAgentRules", "responses": { "200": { @@ -492731,7 +492719,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "A Cloud Workload Security Agent rule returned by the API", + "description": "A Workload Protection Agent rule returned by the API.", "properties": { "actions": { "description": "The array of actions the rule can perform if triggered", @@ -492963,11 +492951,11 @@ "description": "Too many requests" } }, - "summary": "Get all Cloud Workload Security Agent rules", + "summary": "Get all Workload Protection Agent rules (US1-FED)", "tags": [ - "CSM Threats" + "Workload Protection" ], - "x-menu-order": 3, + "x-menu-order": 13, "x-permission": { "operator": "OR", "permissions": [ @@ -492979,7 +492967,7 @@ } }, "post": { - "description": "Create a new Agent rule with the given parameters.", + "description": "Create a new Agent rule with the given parameters.\n\n**Note**: This endpoint should only be used for the Government (US1-FED) site.", "operationId": "CreateCloudWorkloadSecurityAgentRule", "requestBody": { "content": { @@ -492991,7 +492979,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "Create a new Cloud Workload Security Agent rule.", + "description": "Create a new Workload Protection Agent rule.", "properties": { "description": { "description": "The description of the Agent rule.", @@ -493080,7 +493068,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "A Cloud Workload Security Agent rule returned by the API", + "description": "A Workload Protection Agent rule returned by the API.", "properties": { "actions": { "description": "The array of actions the rule can perform if triggered", @@ -493366,9 +493354,9 @@ "description": "Too many requests" } }, - "summary": "Create a Cloud Workload Security Agent rule", + "summary": "Create a Workload Protection Agent rule (US1-FED)", "tags": [ - "CSM Threats" + "Workload Protection" ], "x-codegen-request-body-name": "body", "x-given": { @@ -493382,7 +493370,7 @@ "step": "there is a valid \"agent_rule\" in the system" } }, - "x-menu-order": 4, + "x-menu-order": 14, "x-permission": { "operator": "OR", "permissions": [ @@ -493403,7 +493391,7 @@ }, "/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}": { "delete": { - "description": "Delete a specific Agent rule", + "description": "Delete a specific Agent rule.\n\n**Note**: This endpoint should only be used for the Government (US1-FED) site.", "operationId": "DeleteCloudWorkloadSecurityAgentRule", "parameters": [ { @@ -493506,11 +493494,11 @@ "description": "Too many requests" } }, - "summary": "Delete a Cloud Workload Security Agent rule", + "summary": "Delete a Workload Protection Agent rule (US1-FED)", "tags": [ - "CSM Threats" + "Workload Protection" ], - "x-menu-order": 6, + "x-menu-order": 17, "x-permission": { "operator": "OR", "permissions": [ @@ -493522,7 +493510,7 @@ } }, "get": { - "description": "Get the details of a specific Agent rule", + "description": "Get the details of a specific Agent rule.\n\n**Note**: This endpoint should only be used for the Government (US1-FED) site.", "operationId": "GetCloudWorkloadSecurityAgentRule", "parameters": [ { @@ -493547,7 +493535,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "A Cloud Workload Security Agent rule returned by the API", + "description": "A Workload Protection Agent rule returned by the API.", "properties": { "actions": { "description": "The array of actions the rule can perform if triggered", @@ -493805,11 +493793,11 @@ "description": "Too many requests" } }, - "summary": "Get a Cloud Workload Security Agent rule", + "summary": "Get a Workload Protection Agent rule (US1-FED)", "tags": [ - "CSM Threats" + "Workload Protection" ], - "x-menu-order": 2, + "x-menu-order": 15, "x-permission": { "operator": "OR", "permissions": [ @@ -493821,7 +493809,7 @@ } }, "patch": { - "description": "Update a specific Agent rule.\nReturns the Agent rule object when the request is successful.", + "description": "Update a specific Agent rule.\nReturns the Agent rule object when the request is successful.\n\n**Note**: This endpoint should only be used for the Government (US1-FED) site.", "operationId": "UpdateCloudWorkloadSecurityAgentRule", "parameters": [ { @@ -493845,7 +493833,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "Update an existing Cloud Workload Security Agent rule", + "description": "Update an existing Workload Protection Agent rule.", "properties": { "description": { "description": "The description of the Agent rule", @@ -493923,7 +493911,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "A Cloud Workload Security Agent rule returned by the API", + "description": "A Workload Protection Agent rule returned by the API.", "properties": { "actions": { "description": "The array of actions the rule can perform if triggered", @@ -494237,12 +494225,12 @@ "description": "Too many requests" } }, - "summary": "Update a Cloud Workload Security Agent rule", + "summary": "Update a Workload Protection Agent rule (US1-FED)", "tags": [ - "CSM Threats" + "Workload Protection" ], "x-codegen-request-body-name": "body", - "x-menu-order": 5, + "x-menu-order": 16, "x-permission": { "operator": "OR", "permissions": [ @@ -561133,10 +561121,6 @@ "description": "Datadog Cloud Security Management (CSM) delivers real-time threat detection\nand continuous configuration audits across your entire cloud infrastructure,\nall in a unified view for seamless collaboration and faster remediation.\nGo to https://docs.datadoghq.com/security/cloud_security_management to learn more.", "name": "CSM Coverage Analysis" }, - { - "description": "Cloud Security Management Threats (CSM Threats) monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. See [Cloud Security Management Threats](https://docs.datadoghq.com/security/threats/) for more information on setting up CSM Threats.", - "name": "CSM Threats" - }, { "description": "View and manage cases and projects within Case Management. See the [Case Management page](https://docs.datadoghq.com/service_management/case_management/) for more information.", "name": "Case Management" @@ -561429,6 +561413,10 @@ "url": "https://docs.datadoghq.com/service_management/workflows/" }, "name": "Workflow Automation" + }, + { + "description": "Workload Protection monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. See [Workload Protection](https://docs.datadoghq.com/security/workload_protection/) for more information on setting up Workload Protection.\n\n**Note**: These endpoints are split based on whether you are using the US1-FED site or not. Please reference the specific resource for the site you are using.", + "name": "Workload Protection" } ], "x-group-parameters": true, diff --git a/data/api/v2/translate_actions.json b/data/api/v2/translate_actions.json index 483bd8f4f1abe..4536cd19de41a 100644 --- a/data/api/v2/translate_actions.json +++ b/data/api/v2/translate_actions.json @@ -1506,54 +1506,54 @@ "request_schema_description": "Request object for updating a single WAF exclusion filter." }, "ListCSMThreatsAgentRules": { - "description": "Get the list of Cloud Security Management Threats Agent rules", - "summary": "Get all CSM Threats Agent rules" + "description": "Get the list of Workload Protection Agent rules.\n\n**Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.", + "summary": "Get all Workload Protection Agent rules" }, "CreateCSMThreatsAgentRule": { - "description": "Create a new Cloud Security Management Threats Agent rule with the given parameters", - "summary": "Create a CSM Threats Agent rule", + "description": "Create a new Workload Protection Agent rule with the given parameters.\n\n**Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.", + "summary": "Create a Workload Protection Agent rule", "request_description": "The definition of the new Agent rule", "request_schema_description": "Request object that includes the Agent rule to create" }, "DeleteCSMThreatsAgentRule": { - "description": "Delete a specific Cloud Security Management Threats Agent rule", - "summary": "Delete a CSM Threats Agent rule" + "description": "Delete a specific Workload Protection Agent rule.\n\n**Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.", + "summary": "Delete a Workload Protection Agent rule" }, "GetCSMThreatsAgentRule": { - "description": "Get the details of a specific Cloud Security Management Threats Agent rule", - "summary": "Get a CSM Threats Agent rule" + "description": "Get the details of a specific Workload Protection Agent rule.\n\n**Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.", + "summary": "Get a Workload Protection Agent rule" }, "UpdateCSMThreatsAgentRule": { - "description": "Update a specific Cloud Security Management Threats Agent rule.\nReturns the Agent rule object when the request is successful.", - "summary": "Update a CSM Threats Agent rule", + "description": "Update a specific Workload Protection Agent rule.\nReturns the Agent rule object when the request is successful.\n\n**Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.", + "summary": "Update a Workload Protection Agent rule", "request_description": "New definition of the Agent rule", "request_schema_description": "Request object that includes the Agent rule with the attributes to update" }, "ListCSMThreatsAgentPolicies": { - "description": "Get the list of Cloud Security Management Threats Agent policies", - "summary": "Get all CSM Threats Agent policies" + "description": "Get the list of Workload Protection Agent policies", + "summary": "Get all Workload Protection Agent policies" }, "CreateCSMThreatsAgentPolicy": { - "description": "Create a new Cloud Security Management Threats Agent policy with the given parameters", - "summary": "Create a CSM Threats Agent policy", + "description": "Create a new Workload Protection Agent policy with the given parameters", + "summary": "Create a Workload Protection Agent policy", "request_description": "The definition of the new Agent policy", "request_schema_description": "Request object that includes the Agent policy to create" }, "DownloadCSMThreatsPolicy": { - "description": "The download endpoint generates a CSM Threats policy file from your currently active\nCSM Threats rules, and downloads them as a `.policy` file. This file can then be deployed to\nyour Agents to update the policy running in your environment.", - "summary": "Get the latest CSM Threats policy" + "description": "The download endpoint generates a Workload Protection policy file from your currently active\nWorkload Protection rules, and downloads them as a `.policy` file. This file can then be deployed to\nyour Agents to update the policy running in your environment.\n\n**Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.", + "summary": "Download the Workload Protection policy" }, "DeleteCSMThreatsAgentPolicy": { - "description": "Delete a specific Cloud Security Management Threats Agent policy", - "summary": "Delete a CSM Threats Agent policy" + "description": "Delete a specific Workload Protection Agent policy", + "summary": "Delete a Workload Protection Agent policy" }, "GetCSMThreatsAgentPolicy": { - "description": "Get the details of a specific Cloud Security Management Threats Agent policy", - "summary": "Get a CSM Threats Agent policy" + "description": "Get the details of a specific Workload Protection Agent policy", + "summary": "Get a Workload Protection Agent policy" }, "UpdateCSMThreatsAgentPolicy": { - "description": "Update a specific Cloud Security Management Threats Agent policy.\nReturns the Agent policy object when the request is successful.", - "summary": "Update a CSM Threats Agent policy", + "description": "Update a specific Workload Protection Agent policy.\nReturns the Agent policy object when the request is successful.", + "summary": "Update a Workload Protection Agent policy", "request_description": "New definition of the Agent policy", "request_schema_description": "Request object that includes the Agent policy with the attributes to update" }, @@ -1858,8 +1858,8 @@ "summary": "List vulnerable assets" }, "DownloadCloudWorkloadPolicyFile": { - "description": "The download endpoint generates a Cloud Workload Security policy file from your currently active\nCloud Workload Security rules, and downloads them as a .policy file. This file can then be deployed to\nyour Agents to update the policy running in your environment.", - "summary": "Get the latest Cloud Workload Security policy" + "description": "The download endpoint generates a Workload Protection policy file from your currently active\nWorkload Protection rules, and downloads them as a .policy file. This file can then be deployed to\nyour Agents to update the policy running in your environment.\n\n**Note**: This endpoint should only be used for the Government (US1-FED) site.", + "summary": "Download the Workload Protection policy (US1-FED)" }, "GetSBOM": { "description": "Get a single SBOM related to an asset by its type and name.\n", @@ -1918,26 +1918,26 @@ "request_schema_description": "Body of the notification rule patch request." }, "ListCloudWorkloadSecurityAgentRules": { - "description": "Get the list of Agent rules", - "summary": "Get all Cloud Workload Security Agent rules" + "description": "Get the list of Agent rules.\n\n**Note**: This endpoint should only be used for the Government (US1-FED) site.", + "summary": "Get all Workload Protection Agent rules (US1-FED)" }, "CreateCloudWorkloadSecurityAgentRule": { - "description": "Create a new Agent rule with the given parameters.", - "summary": "Create a Cloud Workload Security Agent rule", + "description": "Create a new Agent rule with the given parameters.\n\n**Note**: This endpoint should only be used for the Government (US1-FED) site.", + "summary": "Create a Workload Protection Agent rule (US1-FED)", "request_description": "The definition of the new Agent rule", "request_schema_description": "Request object that includes the Agent rule to create" }, "DeleteCloudWorkloadSecurityAgentRule": { - "description": "Delete a specific Agent rule", - "summary": "Delete a Cloud Workload Security Agent rule" + "description": "Delete a specific Agent rule.\n\n**Note**: This endpoint should only be used for the Government (US1-FED) site.", + "summary": "Delete a Workload Protection Agent rule (US1-FED)" }, "GetCloudWorkloadSecurityAgentRule": { - "description": "Get the details of a specific Agent rule", - "summary": "Get a Cloud Workload Security Agent rule" + "description": "Get the details of a specific Agent rule.\n\n**Note**: This endpoint should only be used for the Government (US1-FED) site.", + "summary": "Get a Workload Protection Agent rule (US1-FED)" }, "UpdateCloudWorkloadSecurityAgentRule": { - "description": "Update a specific Agent rule.\nReturns the Agent rule object when the request is successful.", - "summary": "Update a Cloud Workload Security Agent rule", + "description": "Update a specific Agent rule.\nReturns the Agent rule object when the request is successful.\n\n**Note**: This endpoint should only be used for the Government (US1-FED) site.", + "summary": "Update a Workload Protection Agent rule (US1-FED)", "request_description": "New definition of the Agent rule", "request_schema_description": "Request object that includes the Agent rule with the attributes to update" }, diff --git a/data/api/v2/translate_tags.json b/data/api/v2/translate_tags.json index deaca7dcce406..fb24a33061c2a 100644 --- a/data/api/v2/translate_tags.json +++ b/data/api/v2/translate_tags.json @@ -55,10 +55,6 @@ "name": "CSM Coverage Analysis", "description": "Datadog Cloud Security Management (CSM) delivers real-time threat detection\nand continuous configuration audits across your entire cloud infrastructure,\nall in a unified view for seamless collaboration and faster remediation.\nGo to https://docs.datadoghq.com/security/cloud_security_management to learn more." }, - "csm-threats": { - "name": "CSM Threats", - "description": "Cloud Security Management Threats (CSM Threats) monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. See [Cloud Security Management Threats](https://docs.datadoghq.com/security/threats/) for more information on setting up CSM Threats." - }, "case-management": { "name": "Case Management", "description": "View and manage cases and projects within Case Management. See the [Case Management page](https://docs.datadoghq.com/service_management/case_management/) for more information." @@ -282,5 +278,9 @@ "workflow-automation": { "name": "Workflow Automation", "description": "Datadog Workflow Automation allows you to automate your end-to-end processes by connecting Datadog with the rest of your tech stack. Build workflows to auto-remediate your alerts, streamline your incident and security processes, and reduce manual toil. Workflow Automation supports over 1,000+ OOTB actions, including AWS, JIRA, ServiceNow, GitHub, and OpenAI. Learn more in our Workflow Automation docs [here](https://docs.datadoghq.com/service_management/workflows/)." + }, + "workload-protection": { + "name": "Workload Protection", + "description": "Workload Protection monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. See [Workload Protection](https://docs.datadoghq.com/security/workload_protection/) for more information on setting up Workload Protection.\n\n**Note**: These endpoints are split based on whether you are using the US1-FED site or not. Please reference the specific resource for the site you are using." } } \ No newline at end of file diff --git a/static/resources/json/full_spec_v2.json b/static/resources/json/full_spec_v2.json index a12b8dabfa163..ed20fd2291d4c 100644 --- a/static/resources/json/full_spec_v2.json +++ b/static/resources/json/full_spec_v2.json @@ -42637,7 +42637,7 @@ "type": "array" }, "CloudWorkloadSecurityAgentRuleAttributes": { - "description": "A Cloud Workload Security Agent rule returned by the API", + "description": "A Workload Protection Agent rule returned by the API.", "properties": { "actions": { "description": "The array of actions the rule can perform if triggered", @@ -42784,7 +42784,7 @@ "type": "object" }, "CloudWorkloadSecurityAgentRuleCreateAttributes": { - "description": "Create a new Cloud Workload Security Agent rule.", + "description": "Create a new Workload Protection Agent rule.", "properties": { "description": { "description": "The description of the Agent rule.", @@ -42836,7 +42836,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "Create a new Cloud Workload Security Agent rule.", + "description": "Create a new Workload Protection Agent rule.", "properties": { "description": { "description": "The description of the Agent rule.", @@ -42910,7 +42910,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "Create a new Cloud Workload Security Agent rule.", + "description": "Create a new Workload Protection Agent rule.", "properties": { "description": { "description": "The description of the Agent rule.", @@ -43004,7 +43004,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "A Cloud Workload Security Agent rule returned by the API", + "description": "A Workload Protection Agent rule returned by the API.", "properties": { "actions": { "description": "The array of actions the rule can perform if triggered", @@ -43192,7 +43192,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "A Cloud Workload Security Agent rule returned by the API", + "description": "A Workload Protection Agent rule returned by the API.", "properties": { "actions": { "description": "The array of actions the rule can perform if triggered", @@ -43374,7 +43374,7 @@ ] }, "CloudWorkloadSecurityAgentRuleUpdateAttributes": { - "description": "Update an existing Cloud Workload Security Agent rule", + "description": "Update an existing Workload Protection Agent rule.", "properties": { "description": { "description": "The description of the Agent rule", @@ -43410,7 +43410,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "Update an existing Cloud Workload Security Agent rule", + "description": "Update an existing Workload Protection Agent rule.", "properties": { "description": { "description": "The description of the Agent rule", @@ -43473,7 +43473,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "Update an existing Cloud Workload Security Agent rule", + "description": "Update an existing Workload Protection Agent rule.", "properties": { "description": { "description": "The description of the Agent rule", @@ -43561,7 +43561,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "A Cloud Workload Security Agent rule returned by the API", + "description": "A Workload Protection Agent rule returned by the API.", "properties": { "actions": { "description": "The array of actions the rule can perform if triggered", @@ -438207,20 +438207,8 @@ }, "/api/v2/remote_config/products/cws/agent_rules": { "get": { - "description": "Get the list of Cloud Security Management Threats Agent rules", + "description": "Get the list of Workload Protection Agent rules.\n\n**Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.", "operationId": "ListCSMThreatsAgentRules", - "parameters": [ - { - "description": "The ID of the Agent policy", - "example": "6517fcc1-cec7-4394-a655-8d6e9d085255", - "in": "query", - "name": "policy_id", - "required": false, - "schema": { - "type": "string" - } - } - ], "responses": { "200": { "content": { @@ -438234,7 +438222,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "A Cloud Workload Security Agent rule returned by the API", + "description": "A Workload Protection Agent rule returned by the API.", "properties": { "actions": { "description": "The array of actions the rule can perform if triggered", @@ -438466,17 +438454,17 @@ "description": "Too many requests" } }, - "summary": "Get all CSM Threats Agent rules", + "summary": "Get all Workload Protection Agent rules", "tags": [ - "CSM Threats" + "Workload Protection" ], - "x-menu-order": 3, + "x-menu-order": 2, "x-undo": { "type": "safe" } }, "post": { - "description": "Create a new Cloud Security Management Threats Agent rule with the given parameters", + "description": "Create a new Workload Protection Agent rule with the given parameters.\n\n**Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.", "operationId": "CreateCSMThreatsAgentRule", "requestBody": { "content": { @@ -438488,7 +438476,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "Create a new Cloud Workload Security Agent rule.", + "description": "Create a new Workload Protection Agent rule.", "properties": { "description": { "description": "The description of the Agent rule.", @@ -438577,7 +438565,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "A Cloud Workload Security Agent rule returned by the API", + "description": "A Workload Protection Agent rule returned by the API.", "properties": { "actions": { "description": "The array of actions the rule can perform if triggered", @@ -438863,9 +438851,9 @@ "description": "Too many requests" } }, - "summary": "Create a CSM Threats Agent rule", + "summary": "Create a Workload Protection Agent rule", "tags": [ - "CSM Threats" + "Workload Protection" ], "x-codegen-request-body-name": "body", "x-given": { @@ -438879,7 +438867,7 @@ "step": "there is a valid \"agent_rule_rc\" in the system" } }, - "x-menu-order": 4, + "x-menu-order": 3, "x-undo": { "operationId": "DeleteCSMThreatsAgentRule", "parameters": [ @@ -438894,7 +438882,7 @@ }, "/api/v2/remote_config/products/cws/agent_rules/{agent_rule_id}": { "delete": { - "description": "Delete a specific Cloud Security Management Threats Agent rule", + "description": "Delete a specific Workload Protection Agent rule.\n\n**Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.", "operationId": "DeleteCSMThreatsAgentRule", "parameters": [ { @@ -439007,9 +438995,9 @@ "description": "Too many requests" } }, - "summary": "Delete a CSM Threats Agent rule", + "summary": "Delete a Workload Protection Agent rule", "tags": [ - "CSM Threats" + "Workload Protection" ], "x-menu-order": 6, "x-undo": { @@ -439017,7 +439005,7 @@ } }, "get": { - "description": "Get the details of a specific Cloud Security Management Threats Agent rule", + "description": "Get the details of a specific Workload Protection Agent rule.\n\n**Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.", "operationId": "GetCSMThreatsAgentRule", "parameters": [ { @@ -439052,7 +439040,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "A Cloud Workload Security Agent rule returned by the API", + "description": "A Workload Protection Agent rule returned by the API.", "properties": { "actions": { "description": "The array of actions the rule can perform if triggered", @@ -439310,17 +439298,17 @@ "description": "Too many requests" } }, - "summary": "Get a CSM Threats Agent rule", + "summary": "Get a Workload Protection Agent rule", "tags": [ - "CSM Threats" + "Workload Protection" ], - "x-menu-order": 2, + "x-menu-order": 4, "x-undo": { "type": "safe" } }, "patch": { - "description": "Update a specific Cloud Security Management Threats Agent rule.\nReturns the Agent rule object when the request is successful.", + "description": "Update a specific Workload Protection Agent rule.\nReturns the Agent rule object when the request is successful.\n\n**Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.", "operationId": "UpdateCSMThreatsAgentRule", "parameters": [ { @@ -439354,7 +439342,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "Update an existing Cloud Workload Security Agent rule", + "description": "Update an existing Workload Protection Agent rule.", "properties": { "description": { "description": "The description of the Agent rule", @@ -439432,7 +439420,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "A Cloud Workload Security Agent rule returned by the API", + "description": "A Workload Protection Agent rule returned by the API.", "properties": { "actions": { "description": "The array of actions the rule can perform if triggered", @@ -439746,9 +439734,9 @@ "description": "Too many requests" } }, - "summary": "Update a CSM Threats Agent rule", + "summary": "Update a Workload Protection Agent rule", "tags": [ - "CSM Threats" + "Workload Protection" ], "x-codegen-request-body-name": "body", "x-menu-order": 5, @@ -439759,7 +439747,7 @@ }, "/api/v2/remote_config/products/cws/policy": { "get": { - "description": "Get the list of Cloud Security Management Threats Agent policies", + "description": "Get the list of Workload Protection Agent policies", "operationId": "ListCSMThreatsAgentPolicies", "responses": { "200": { @@ -439970,17 +439958,17 @@ "description": "Too many requests" } }, - "summary": "Get all CSM Threats Agent policies", + "summary": "Get all Workload Protection Agent policies", "tags": [ - "CSM Threats" + "Workload Protection" ], - "x-menu-order": 3, + "x-menu-order": 7, "x-undo": { "type": "safe" } }, "post": { - "description": "Create a new Cloud Security Management Threats Agent policy with the given parameters", + "description": "Create a new Workload Protection Agent policy with the given parameters", "operationId": "CreateCSMThreatsAgentPolicy", "requestBody": { "content": { @@ -440323,9 +440311,9 @@ "description": "Too many requests" } }, - "summary": "Create a CSM Threats Agent policy", + "summary": "Create a Workload Protection Agent policy", "tags": [ - "CSM Threats" + "Workload Protection" ], "x-codegen-request-body-name": "body", "x-given": { @@ -440339,7 +440327,7 @@ "step": "there is a valid \"policy_rc\" in the system" } }, - "x-menu-order": 4, + "x-menu-order": 8, "x-undo": { "operationId": "DeleteCSMThreatsAgentPolicy", "parameters": [ @@ -440354,7 +440342,7 @@ }, "/api/v2/remote_config/products/cws/policy/download": { "get": { - "description": "The download endpoint generates a CSM Threats policy file from your currently active\nCSM Threats rules, and downloads them as a `.policy` file. This file can then be deployed to\nyour Agents to update the policy running in your environment.", + "description": "The download endpoint generates a Workload Protection policy file from your currently active\nWorkload Protection rules, and downloads them as a `.policy` file. This file can then be deployed to\nyour Agents to update the policy running in your environment.\n\n**Note**: This endpoint is not available for the Government (US1-FED) site. Please reference the (US1-FED) specific resource below.", "operationId": "DownloadCSMThreatsPolicy", "responses": { "200": { @@ -440425,9 +440413,9 @@ "description": "Too many requests" } }, - "summary": "Get the latest CSM Threats policy", + "summary": "Download the Workload Protection policy", "tags": [ - "CSM Threats" + "Workload Protection" ], "x-menu-order": 1, "x-undo": { @@ -440437,7 +440425,7 @@ }, "/api/v2/remote_config/products/cws/policy/{policy_id}": { "delete": { - "description": "Delete a specific Cloud Security Management Threats Agent policy", + "description": "Delete a specific Workload Protection Agent policy", "operationId": "DeleteCSMThreatsAgentPolicy", "parameters": [ { @@ -440543,17 +440531,17 @@ "description": "Too many requests" } }, - "summary": "Delete a CSM Threats Agent policy", + "summary": "Delete a Workload Protection Agent policy", "tags": [ - "CSM Threats" + "Workload Protection" ], - "x-menu-order": 6, + "x-menu-order": 11, "x-undo": { "type": "idempotent" } }, "get": { - "description": "Get the details of a specific Cloud Security Management Threats Agent policy", + "description": "Get the details of a specific Workload Protection Agent policy", "operationId": "GetCSMThreatsAgentPolicy", "parameters": [ { @@ -440800,17 +440788,17 @@ "description": "Too many requests" } }, - "summary": "Get a CSM Threats Agent policy", + "summary": "Get a Workload Protection Agent policy", "tags": [ - "CSM Threats" + "Workload Protection" ], - "x-menu-order": 2, + "x-menu-order": 9, "x-undo": { "type": "safe" } }, "patch": { - "description": "Update a specific Cloud Security Management Threats Agent policy.\nReturns the Agent policy object when the request is successful.", + "description": "Update a specific Workload Protection Agent policy.\nReturns the Agent policy object when the request is successful.", "operationId": "UpdateCSMThreatsAgentPolicy", "parameters": [ { @@ -441195,12 +441183,12 @@ "description": "Too many requests" } }, - "summary": "Update a CSM Threats Agent policy", + "summary": "Update a Workload Protection Agent policy", "tags": [ - "CSM Threats" + "Workload Protection" ], "x-codegen-request-body-name": "body", - "x-menu-order": 5, + "x-menu-order": 10, "x-undo": { "type": "idempotent" } @@ -486390,7 +486378,7 @@ }, "/api/v2/security/cloud_workload/policy/download": { "get": { - "description": "The download endpoint generates a Cloud Workload Security policy file from your currently active\nCloud Workload Security rules, and downloads them as a .policy file. This file can then be deployed to\nyour Agents to update the policy running in your environment.", + "description": "The download endpoint generates a Workload Protection policy file from your currently active\nWorkload Protection rules, and downloads them as a .policy file. This file can then be deployed to\nyour Agents to update the policy running in your environment.\n\n**Note**: This endpoint should only be used for the Government (US1-FED) site.", "operationId": "DownloadCloudWorkloadPolicyFile", "responses": { "200": { @@ -486461,11 +486449,11 @@ "description": "Too many requests" } }, - "summary": "Get the latest Cloud Workload Security policy", + "summary": "Download the Workload Protection policy (US1-FED)", "tags": [ - "CSM Threats" + "Workload Protection" ], - "x-menu-order": 1, + "x-menu-order": 12, "x-permission": { "operator": "OR", "permissions": [ @@ -492716,7 +492704,7 @@ }, "/api/v2/security_monitoring/cloud_workload_security/agent_rules": { "get": { - "description": "Get the list of Agent rules", + "description": "Get the list of Agent rules.\n\n**Note**: This endpoint should only be used for the Government (US1-FED) site.", "operationId": "ListCloudWorkloadSecurityAgentRules", "responses": { "200": { @@ -492731,7 +492719,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "A Cloud Workload Security Agent rule returned by the API", + "description": "A Workload Protection Agent rule returned by the API.", "properties": { "actions": { "description": "The array of actions the rule can perform if triggered", @@ -492963,11 +492951,11 @@ "description": "Too many requests" } }, - "summary": "Get all Cloud Workload Security Agent rules", + "summary": "Get all Workload Protection Agent rules (US1-FED)", "tags": [ - "CSM Threats" + "Workload Protection" ], - "x-menu-order": 3, + "x-menu-order": 13, "x-permission": { "operator": "OR", "permissions": [ @@ -492979,7 +492967,7 @@ } }, "post": { - "description": "Create a new Agent rule with the given parameters.", + "description": "Create a new Agent rule with the given parameters.\n\n**Note**: This endpoint should only be used for the Government (US1-FED) site.", "operationId": "CreateCloudWorkloadSecurityAgentRule", "requestBody": { "content": { @@ -492991,7 +492979,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "Create a new Cloud Workload Security Agent rule.", + "description": "Create a new Workload Protection Agent rule.", "properties": { "description": { "description": "The description of the Agent rule.", @@ -493080,7 +493068,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "A Cloud Workload Security Agent rule returned by the API", + "description": "A Workload Protection Agent rule returned by the API.", "properties": { "actions": { "description": "The array of actions the rule can perform if triggered", @@ -493366,9 +493354,9 @@ "description": "Too many requests" } }, - "summary": "Create a Cloud Workload Security Agent rule", + "summary": "Create a Workload Protection Agent rule (US1-FED)", "tags": [ - "CSM Threats" + "Workload Protection" ], "x-codegen-request-body-name": "body", "x-given": { @@ -493382,7 +493370,7 @@ "step": "there is a valid \"agent_rule\" in the system" } }, - "x-menu-order": 4, + "x-menu-order": 14, "x-permission": { "operator": "OR", "permissions": [ @@ -493403,7 +493391,7 @@ }, "/api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}": { "delete": { - "description": "Delete a specific Agent rule", + "description": "Delete a specific Agent rule.\n\n**Note**: This endpoint should only be used for the Government (US1-FED) site.", "operationId": "DeleteCloudWorkloadSecurityAgentRule", "parameters": [ { @@ -493506,11 +493494,11 @@ "description": "Too many requests" } }, - "summary": "Delete a Cloud Workload Security Agent rule", + "summary": "Delete a Workload Protection Agent rule (US1-FED)", "tags": [ - "CSM Threats" + "Workload Protection" ], - "x-menu-order": 6, + "x-menu-order": 17, "x-permission": { "operator": "OR", "permissions": [ @@ -493522,7 +493510,7 @@ } }, "get": { - "description": "Get the details of a specific Agent rule", + "description": "Get the details of a specific Agent rule.\n\n**Note**: This endpoint should only be used for the Government (US1-FED) site.", "operationId": "GetCloudWorkloadSecurityAgentRule", "parameters": [ { @@ -493547,7 +493535,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "A Cloud Workload Security Agent rule returned by the API", + "description": "A Workload Protection Agent rule returned by the API.", "properties": { "actions": { "description": "The array of actions the rule can perform if triggered", @@ -493805,11 +493793,11 @@ "description": "Too many requests" } }, - "summary": "Get a Cloud Workload Security Agent rule", + "summary": "Get a Workload Protection Agent rule (US1-FED)", "tags": [ - "CSM Threats" + "Workload Protection" ], - "x-menu-order": 2, + "x-menu-order": 15, "x-permission": { "operator": "OR", "permissions": [ @@ -493821,7 +493809,7 @@ } }, "patch": { - "description": "Update a specific Agent rule.\nReturns the Agent rule object when the request is successful.", + "description": "Update a specific Agent rule.\nReturns the Agent rule object when the request is successful.\n\n**Note**: This endpoint should only be used for the Government (US1-FED) site.", "operationId": "UpdateCloudWorkloadSecurityAgentRule", "parameters": [ { @@ -493845,7 +493833,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "Update an existing Cloud Workload Security Agent rule", + "description": "Update an existing Workload Protection Agent rule.", "properties": { "description": { "description": "The description of the Agent rule", @@ -493923,7 +493911,7 @@ "description": "Object for a single Agent rule", "properties": { "attributes": { - "description": "A Cloud Workload Security Agent rule returned by the API", + "description": "A Workload Protection Agent rule returned by the API.", "properties": { "actions": { "description": "The array of actions the rule can perform if triggered", @@ -494237,12 +494225,12 @@ "description": "Too many requests" } }, - "summary": "Update a Cloud Workload Security Agent rule", + "summary": "Update a Workload Protection Agent rule (US1-FED)", "tags": [ - "CSM Threats" + "Workload Protection" ], "x-codegen-request-body-name": "body", - "x-menu-order": 5, + "x-menu-order": 16, "x-permission": { "operator": "OR", "permissions": [ @@ -561133,10 +561121,6 @@ "description": "Datadog Cloud Security Management (CSM) delivers real-time threat detection\nand continuous configuration audits across your entire cloud infrastructure,\nall in a unified view for seamless collaboration and faster remediation.\nGo to https://docs.datadoghq.com/security/cloud_security_management to learn more.", "name": "CSM Coverage Analysis" }, - { - "description": "Cloud Security Management Threats (CSM Threats) monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. See [Cloud Security Management Threats](https://docs.datadoghq.com/security/threats/) for more information on setting up CSM Threats.", - "name": "CSM Threats" - }, { "description": "View and manage cases and projects within Case Management. See the [Case Management page](https://docs.datadoghq.com/service_management/case_management/) for more information.", "name": "Case Management" @@ -561429,6 +561413,10 @@ "url": "https://docs.datadoghq.com/service_management/workflows/" }, "name": "Workflow Automation" + }, + { + "description": "Workload Protection monitors file, network, and process activity across your environment to detect real-time threats to your infrastructure. See [Workload Protection](https://docs.datadoghq.com/security/workload_protection/) for more information on setting up Workload Protection.\n\n**Note**: These endpoints are split based on whether you are using the US1-FED site or not. Please reference the specific resource for the site you are using.", + "name": "Workload Protection" } ], "x-group-parameters": true,