Skip to content

Add Security Monitoring API to dogshell #893

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add Security Monitoring API to dogshell #893

wants to merge 1 commit into from

Conversation

clementgbcn
Copy link

@clementgbcn clementgbcn commented Mar 27, 2025
edited
Loading

Cloud SIEM API Support

Overview

This PR adds support for Cloud SIEM rule management and security signals retrieval in the Datadog Python API client.

Changes

  • Added SecurityMonitoringRule class to manage SIEM rules:

    • Get all security monitoring rules
    • Get a specific security monitoring rule
    • Create a new security monitoring rule
    • Update an existing security monitoring rule
    • Delete a security monitoring rule

  • Added SecurityMonitoringSignal class to retrieve and manage security signals:

    • Get all security signals with filtering options
    • Get a specific security signal's details
    • Search for security signals with custom query filters
    • Change the triage state of security signals (open, archived, under_review)

  • Added dogshell commands for security monitoring:

    • dogshell security-monitoring rules list: List all security monitoring rules
    • dogshell security-monitoring rules get <rule_id>: Get a specific rule
    • dogshell security-monitoring rules create --file <rule.json>: Create a new rule
    • dogshell security-monitoring rules update <rule_id> --file <rule.json>: Update a rule
    • dogshell security-monitoring rules delete <rule_id>: Delete a rule
    • dogshell security-monitoring signals list: List security signals
    • dogshell security-monitoring signals get <signal_id>: Get a specific signal
    • dogshell security-monitoring signals triage --state <state> <signal_id>: Change triage state

  • Added basic unit tests for new API classes

  • Updated CHANGELOG.md

Tests

  • Added a basic unit test to ensure classes are defined correctly
  • More comprehensive testing will be added in a follow-up PR

Documentation

The API follows the standard Datadog REST API patterns described in:
https://docs.datadoghq.com/api/latest/security-monitoring/

@github-actions github-actions bot added the documentation Documentation related changes label Mar 27, 2025
@clementgbcn clementgbcn force-pushed the cgc/security-monitoring-dogshell branch 3 times, most recently from 4cc844a to 9ca7e7f Compare March 27, 2025 23:10
@clementgbcn clementgbcn marked this pull request as ready for review March 27, 2025 23:11
@clementgbcn clementgbcn requested review from a team as code owners March 27, 2025 23:11
@clementgbcn clementgbcn added the changelog/Added Added features results into a minor version bump label Mar 27, 2025
janine-c
janine-c previously approved these changes Mar 27, 2025
View reviewed changes
@clementgbcn clementgbcn force-pushed the cgc/security-monitoring-dogshell branch 2 times, most recently from aed4934 to d27910f Compare March 28, 2025 09:25
datadog-datadog-prod-us1[bot]
datadog-datadog-prod-us1 bot reviewed Mar 28, 2025
View reviewed changes
@clementgbcn clementgbcn force-pushed the cgc/security-monitoring-dogshell branch 3 times, most recently from 611abf5 to 8e5cbd4 Compare March 28, 2025 10:51
@DataDog DataDog deleted a comment from datadog-datadog-prod-us1 bot Mar 28, 2025
@clementgbcn clementgbcn force-pushed the cgc/security-monitoring-dogshell branch from 8e5cbd4 to f62fdef Compare March 28, 2025 11:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@datadog-datadog-prod-us1 datadog-datadog-prod-us1[bot] datadog-datadog-prod-us1[bot] left review comments

@janine-c janine-c janine-c left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
changelog/Added Added features results into a minor version bump documentation Documentation related changes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@clementgbcn @janine-c