diff --git a/tests/v1/features/security_monitoring.feature b/tests/v1/features/security_monitoring.feature index 34fddb3dc1..ce9090d171 100644 --- a/tests/v1/features/security_monitoring.feature +++ b/tests/v1/features/security_monitoring.feature @@ -9,7 +9,7 @@ Feature: Security Monitoring And a valid "appKeyAuth" key in the system And an instance of "SecurityMonitoring" API - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Add a security signal to an incident returns "Bad Request" response Given new "AddSecurityMonitoringSignalToIncident" request And request contains "signal_id" parameter from "REPLACE.ME" @@ -17,7 +17,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Add a security signal to an incident returns "Not Found" response Given new "AddSecurityMonitoringSignalToIncident" request And request contains "signal_id" parameter from "REPLACE.ME" @@ -25,7 +25,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @replay-only @team:DataDog/k9-cloud-siem + @replay-only @team:DataDog/cloud-siem Scenario: Add a security signal to an incident returns "OK" response Given new "AddSecurityMonitoringSignalToIncident" request And request contains "signal_id" parameter with value "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE" @@ -34,7 +34,7 @@ Feature: Security Monitoring Then the response status is 200 OK And the response "status" is equal to "done" - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Change the triage state of a security signal returns "Bad Request" response Given new "EditSecurityMonitoringSignalState" request And request contains "signal_id" parameter from "REPLACE.ME" @@ -42,7 +42,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Change the triage state of a security signal returns "Not Found" response Given new "EditSecurityMonitoringSignalState" request And request contains "signal_id" parameter from "REPLACE.ME" @@ -50,7 +50,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @replay-only @team:DataDog/k9-cloud-siem + @replay-only @team:DataDog/cloud-siem Scenario: Change the triage state of a security signal returns "OK" response Given new "EditSecurityMonitoringSignalState" request And request contains "signal_id" parameter with value "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE" @@ -59,7 +59,7 @@ Feature: Security Monitoring Then the response status is 200 OK And the response "status" is equal to "done" - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Modify the triage assignee of a security signal returns "Bad Request" response Given new "EditSecurityMonitoringSignalAssignee" request And request contains "signal_id" parameter from "REPLACE.ME" @@ -67,7 +67,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Modify the triage assignee of a security signal returns "Not Found" response Given new "EditSecurityMonitoringSignalAssignee" request And request contains "signal_id" parameter from "REPLACE.ME" @@ -75,7 +75,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @replay-only @team:DataDog/k9-cloud-siem + @replay-only @team:DataDog/cloud-siem Scenario: Modify the triage assignee of a security signal returns "OK" response Given new "EditSecurityMonitoringSignalAssignee" request And request contains "signal_id" parameter with value "AQAAAYDiB_Ol8PbzFAAAAABBWURpQl9PbEFBQU0yeXhGTG9ZV2JnQUE" diff --git a/tests/v2/features/security_monitoring.feature b/tests/v2/features/security_monitoring.feature index 3ec8e88ce3..3fbf171254 100644 --- a/tests/v2/features/security_monitoring.feature +++ b/tests/v2/features/security_monitoring.feature @@ -9,7 +9,7 @@ Feature: Security Monitoring And a valid "appKeyAuth" key in the system And an instance of "SecurityMonitoring" API - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Activate content pack returns "Accepted" response Given operation "ActivateContentPack" enabled And new "ActivateContentPack" request @@ -17,7 +17,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 202 Accepted - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Activate content pack returns "Not Found" response Given operation "ActivateContentPack" enabled And new "ActivateContentPack" request @@ -163,63 +163,63 @@ Feature: Security Monitoring And the response "data.attributes.insights" has item with field "resource_id" with value "ZGZhMDI3ZjdjMDM3YjJmNzcxNTlhZGMwMjdmZWNiNTZ-MTVlYTNmYWU3NjNlOTNlYTE2YjM4N2JmZmI4Yjk5N2Y=" And the response "data.attributes.insights" has item with field "resource_id" with value "MmUzMzZkODQ2YTI3NDU0OTk4NDk3NzhkOTY5YjU2Zjh-YWJjZGI1ODI4OTYzNWM3ZmUwZTBlOWRkYTRiMGUyOGQ=" - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Bulk convert rules to Terraform returns "Bad Request" response Given new "BulkConvertExistingSecurityMonitoringRules" request And body with value {"data": {"attributes": {"ruleIds": ["def-000-u7q", "def-000-7dd"]}, "id": "convert_bulk", "type": "security_monitoring_rules_convert_bulk"}} When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Bulk convert rules to Terraform returns "Not Found" response Given new "BulkConvertExistingSecurityMonitoringRules" request And body with value {"data": {"attributes": {"ruleIds": ["def-000-u7q", "def-000-7dd"]}, "id": "convert_bulk", "type": "security_monitoring_rules_convert_bulk"}} When the request is sent Then the response status is 404 Not Found - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Bulk convert rules to Terraform returns "OK" response Given new "BulkConvertExistingSecurityMonitoringRules" request And body with value {"data": {"attributes": {"ruleIds": ["def-000-u7q", "def-000-7dd"]}, "id": "convert_bulk", "type": "security_monitoring_rules_convert_bulk"}} When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Bulk delete security monitoring rules returns "Bad Request" response Given new "BulkDeleteSecurityMonitoringRules" request And body with value {"data": {"attributes": {"ruleIds": ["abc-000-u7q", "abc-000-7dd"]}, "type": "bulk_delete_rules"}} When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Bulk delete security monitoring rules returns "Not Found" response Given new "BulkDeleteSecurityMonitoringRules" request And body with value {"data": {"attributes": {"ruleIds": ["abc-000-u7q", "abc-000-7dd"]}, "type": "bulk_delete_rules"}} When the request is sent Then the response status is 404 Not Found - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Bulk delete security monitoring rules returns "OK" response Given new "BulkDeleteSecurityMonitoringRules" request And body with value {"data": {"attributes": {"ruleIds": ["abc-000-u7q", "abc-000-7dd"]}, "type": "bulk_delete_rules"}} When the request is sent Then the response status is 200 OK - @skip @team:DataDog/k9-cloud-siem + @skip @team:DataDog/cloud-siem Scenario: Bulk export security monitoring rules returns "Bad Request" response Given new "BulkExportSecurityMonitoringRules" request And body with value {"data": {"attributes": {"ruleIds": []}, "type": "security_monitoring_rules_bulk_export"}} When the request is sent Then the response status is 400 Bad Request - @skip @team:DataDog/k9-cloud-siem + @skip @team:DataDog/cloud-siem Scenario: Bulk export security monitoring rules returns "Not Found" response Given new "BulkExportSecurityMonitoringRules" request And body with value {"data": {"attributes": {"ruleIds": ["non-existent-rule-id"]}, "type": "security_monitoring_rules_bulk_export"}} When the request is sent Then the response status is 404 Not Found - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Bulk export security monitoring rules returns "OK" response Given there is a valid "security_rule" in the system And new "BulkExportSecurityMonitoringRules" request @@ -227,7 +227,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Bulk subscribe to sample log generation returns "Bad Request" response Given operation "BulkCreateSampleLogGenerationSubscriptions" enabled And new "BulkCreateSampleLogGenerationSubscriptions" request @@ -235,7 +235,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Bulk subscribe to sample log generation returns "OK" response Given operation "BulkCreateSampleLogGenerationSubscriptions" enabled And new "BulkCreateSampleLogGenerationSubscriptions" request @@ -243,21 +243,21 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @skip @team:DataDog/k9-cloud-siem + @skip @team:DataDog/cloud-siem Scenario: Bulk update security signals returns "Bad Request" response Given new "BulkEditSecurityMonitoringSignals" request And body with value {"data": [{"attributes": {"archive_reason": "none", "assignee": {"uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"}, "state": "open"}, "id": "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA", "type": "signal"}]} When the request is sent Then the response status is 400 Bad Request - @skip @team:DataDog/k9-cloud-siem + @skip @team:DataDog/cloud-siem Scenario: Bulk update security signals returns "OK" response Given new "BulkEditSecurityMonitoringSignals" request And body with value {"data": [{"attributes": {"archive_reason": "none", "assignee": {"uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"}, "state": "open"}, "id": "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA", "type": "signal"}]} When the request is sent Then the response status is 200 OK - @skip @team:DataDog/k9-cloud-siem + @skip @team:DataDog/cloud-siem Scenario: Bulk update triage assignee of security signals returns "Bad Request" response Given operation "BulkEditSecurityMonitoringSignalsAssignee" enabled And new "BulkEditSecurityMonitoringSignalsAssignee" request @@ -265,14 +265,14 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Bulk update triage assignee of security signals returns "OK" response Given new "BulkEditSecurityMonitoringSignalsAssignee" request And body with value {"data": [{"attributes": {"assignee": "773b045d-ccf8-4808-bd3b-955ef6a8c940"}, "id": "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA", "type": "signal"}]} When the request is sent Then the response status is 200 OK - @skip @team:DataDog/k9-cloud-siem + @skip @team:DataDog/cloud-siem Scenario: Bulk update triage state of security signals returns "Bad Request" response Given operation "BulkEditSecurityMonitoringSignalsState" enabled And new "BulkEditSecurityMonitoringSignalsState" request @@ -280,14 +280,14 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Bulk update triage state of security signals returns "OK" response Given new "BulkEditSecurityMonitoringSignalsState" request And body with value {"data": [{"attributes": {"archive_reason": "none", "state": "open"}, "id": "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA", "type": "signal"}]} When the request is sent Then the response status is 200 OK - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Cancel a historical job returns "Bad Request" response Given operation "CancelHistoricalJob" enabled And new "CancelHistoricalJob" request @@ -295,7 +295,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Cancel a historical job returns "Conflict" response Given operation "CancelHistoricalJob" enabled And new "CancelHistoricalJob" request @@ -303,7 +303,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 409 Conflict - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Cancel a historical job returns "Not Found" response Given operation "CancelHistoricalJob" enabled And new "CancelHistoricalJob" request @@ -311,7 +311,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Cancel a historical job returns "OK" response Given operation "CancelHistoricalJob" enabled And operation "RunHistoricalJob" enabled @@ -321,7 +321,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 204 No Content - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Change the related incidents of a security signal returns "Bad Request" response Given new "EditSecurityMonitoringSignalIncidents" request And request contains "signal_id" parameter from "REPLACE.ME" @@ -329,7 +329,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Change the related incidents of a security signal returns "Not Found" response Given new "EditSecurityMonitoringSignalIncidents" request And request contains "signal_id" parameter from "REPLACE.ME" @@ -337,7 +337,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @replay-only @team:DataDog/k9-cloud-siem + @replay-only @team:DataDog/cloud-siem Scenario: Change the related incidents of a security signal returns "OK" response Given new "EditSecurityMonitoringSignalIncidents" request And request contains "signal_id" parameter with value "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE" @@ -345,7 +345,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Change the triage state of a security signal returns "Bad Request" response Given new "EditSecurityMonitoringSignalState" request And request contains "signal_id" parameter from "REPLACE.ME" @@ -353,7 +353,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Change the triage state of a security signal returns "Not Found" response Given new "EditSecurityMonitoringSignalState" request And request contains "signal_id" parameter from "REPLACE.ME" @@ -361,7 +361,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @replay-only @team:DataDog/k9-cloud-siem + @replay-only @team:DataDog/cloud-siem Scenario: Change the triage state of a security signal returns "OK" response Given new "EditSecurityMonitoringSignalState" request And request contains "signal_id" parameter with value "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE" @@ -369,7 +369,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Convert a job result to a signal returns "Bad Request" response Given operation "ConvertJobResultToSignal" enabled And new "ConvertJobResultToSignal" request @@ -377,7 +377,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Convert a job result to a signal returns "Not Found" response Given operation "ConvertJobResultToSignal" enabled And new "ConvertJobResultToSignal" request @@ -385,7 +385,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Convert a job result to a signal returns "OK" response Given operation "ConvertJobResultToSignal" enabled And new "ConvertJobResultToSignal" request @@ -393,21 +393,21 @@ Feature: Security Monitoring When the request is sent Then the response status is 204 OK - @skip @team:DataDog/k9-cloud-siem + @skip @team:DataDog/cloud-siem Scenario: Convert a rule from JSON to Terraform returns "Bad Request" response Given new "ConvertSecurityMonitoringRuleFromJSONToTerraform" request And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"metric":""}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type":"log_detection"} When the request is sent Then the response status is 400 Bad Request - @skip @team:DataDog/k9-cloud-siem + @skip @team:DataDog/cloud-siem Scenario: Convert a rule from JSON to Terraform returns "Not Found" response Given new "ConvertSecurityMonitoringRuleFromJSONToTerraform" request And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"metric":""}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type":"log_detection"} When the request is sent Then the response status is 404 Not Found - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Convert a rule from JSON to Terraform returns "OK" response Given new "ConvertSecurityMonitoringRuleFromJSONToTerraform" request And body with value {"name":"_{{ unique_hash }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"metric":""}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type":"log_detection"} @@ -415,21 +415,21 @@ Feature: Security Monitoring Then the response status is 200 OK And the response "terraformContent" is equal to "resource \"datadog_security_monitoring_rule\" \"_{{ unique_hash }}\" {\n\tname = \"_{{ unique_hash }}\"\n\tenabled = true\n\tquery {\n\t\tquery = \"@test:true\"\n\t\tgroup_by_fields = []\n\t\thas_optional_group_by_fields = false\n\t\tdistinct_fields = []\n\t\taggregation = \"count\"\n\t\tname = \"\"\n\t\tdata_source = \"logs\"\n\t}\n\toptions {\n\t\tkeep_alive = 3600\n\t\tmax_signal_duration = 86400\n\t\tdetection_method = \"threshold\"\n\t\tevaluation_window = 900\n\t}\n\tcase {\n\t\tname = \"\"\n\t\tstatus = \"info\"\n\t\tnotifications = []\n\t\tcondition = \"a > 0\"\n\t}\n\tmessage = \"Test rule\"\n\ttags = []\n\thas_extended_title = false\n\ttype = \"log_detection\"\n}\n" - @skip @team:DataDog/k9-cloud-siem + @skip @team:DataDog/cloud-siem Scenario: Convert an existing rule from JSON to Terraform returns "Bad Request" response Given new "ConvertExistingSecurityMonitoringRule" request And request contains "rule_id" parameter from "REPLACE.ME" When the request is sent Then the response status is 400 Bad Request - @skip @team:DataDog/k9-cloud-siem + @skip @team:DataDog/cloud-siem Scenario: Convert an existing rule from JSON to Terraform returns "Not Found" response Given new "ConvertExistingSecurityMonitoringRule" request And request contains "rule_id" parameter from "REPLACE.ME" When the request is sent Then the response status is 404 Not Found - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Convert an existing rule from JSON to Terraform returns "OK" response Given new "ConvertExistingSecurityMonitoringRule" request And there is a valid "security_rule_hash" in the system @@ -438,7 +438,7 @@ Feature: Security Monitoring Then the response status is 200 OK And the response "terraformContent" is equal to "resource \"datadog_security_monitoring_rule\" \"_{{ unique_hash }}\" {\n\tname = \"_{{ unique_hash }}\"\n\tenabled = true\n\tquery {\n\t\tquery = \"@test:true\"\n\t\tgroup_by_fields = []\n\t\thas_optional_group_by_fields = false\n\t\tdistinct_fields = []\n\t\taggregation = \"count\"\n\t\tname = \"\"\n\t\tdata_source = \"logs\"\n\t}\n\toptions {\n\t\tkeep_alive = 3600\n\t\tmax_signal_duration = 86400\n\t\tdetection_method = \"threshold\"\n\t\tevaluation_window = 900\n\t}\n\tcase {\n\t\tname = \"\"\n\t\tstatus = \"info\"\n\t\tnotifications = []\n\t\tcondition = \"a > 0\"\n\t}\n\tmessage = \"Test rule\"\n\ttags = []\n\thas_extended_title = false\n\ttype = \"log_detection\"\n}\n" - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Convert security monitoring resource to Terraform returns "Bad Request" response Given operation "ConvertSecurityMonitoringTerraformResource" enabled And new "ConvertSecurityMonitoringTerraformResource" request @@ -447,7 +447,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @replay-only @team:DataDog/k9-cloud-siem + @replay-only @team:DataDog/cloud-siem Scenario: Convert security monitoring resource to Terraform returns "OK" response Given operation "ConvertSecurityMonitoringTerraformResource" enabled And new "ConvertSecurityMonitoringTerraformResource" request @@ -554,7 +554,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @skip-validation @team:DataDog/k9-cloud-siem + @skip-validation @team:DataDog/cloud-siem Scenario: Create a cloud_configuration rule returns "OK" response Given new "CreateSecurityMonitoringRule" request And body with value {"type":"cloud_configuration","name":"{{ unique }}_cloud","isEnabled":false,"cases":[{"status":"info","notifications":["channel"]}],"options":{"complianceRuleOptions":{"resourceType":"gcp_compute_disk","complexRule": false,"regoRule":{"policy":"package datadog\n\nimport data.datadog.output as dd_output\n\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\nmilliseconds_in_a_day := ((1000 * 60) * 60) * 24\n\neval(iam_service_account_key) = \"skip\" if {\n\tiam_service_account_key.disabled\n} else = \"pass\" if {\n\t(iam_service_account_key.resource_seen_at / milliseconds_in_a_day) - (iam_service_account_key.valid_after_time / milliseconds_in_a_day) <= 90\n} else = \"fail\"\n\n# This part remains unchanged for all rules\nresults contains result if {\n\tsome resource in input.resources[input.main_resource_type]\n\tresult := dd_output.format(resource, eval(resource))\n}\n","resourceTypes":["gcp_compute_disk"]}}},"message":"ddd","tags":["my:tag"],"complianceSignalOptions":{"userActivationStatus":true,"userGroupByFields":["@account_id"]},"filters":[{"action":"require","query":"resource_id:helo*"},{"action":"suppress","query":"control:helo*"}]} @@ -565,21 +565,21 @@ Feature: Security Monitoring And the response "message" is equal to "ddd" And the response "options.complianceRuleOptions.resourceType" is equal to "gcp_compute_disk" - @skip @team:DataDog/k9-cloud-siem + @skip @team:DataDog/cloud-siem Scenario: Create a critical asset returns "Bad Request" response Given new "CreateSecurityMonitoringCriticalAsset" request And body with value {"data": {"type": "critical_assets", "attributes": {"query": "host:test"}}} When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Create a critical asset returns "Conflict" response Given new "CreateSecurityMonitoringCriticalAsset" request And body with value {"data": {"attributes": {"enabled": true, "query": "security:monitoring", "rule_query": "type:(log_detection OR signal_correlation OR workload_security OR application_security) source:cloudtrail", "severity": "increase", "tags": ["team:database", "source:cloudtrail"]}, "type": "critical_assets"}} When the request is sent Then the response status is 409 Conflict - @skip-validation @team:DataDog/k9-cloud-siem + @skip-validation @team:DataDog/cloud-siem Scenario: Create a critical asset returns "OK" response Given new "CreateSecurityMonitoringCriticalAsset" request And body with value {"data": {"type": "critical_assets", "attributes": {"query": "host:{{ unique_lower_alnum }}", "rule_query": "type:(log_detection OR signal_correlation OR workload_security OR application_security) source:cloudtrail", "severity": "decrease", "tags": ["team:security", "env:test"]}}} @@ -588,14 +588,14 @@ Feature: Security Monitoring And the response "data.type" is equal to "critical_assets" And the response "data.attributes.severity" is equal to "decrease" - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Create a custom framework returns "Bad Request" response Given new "CreateCustomFramework" request And body with value {"data":{"type":"custom_framework","attributes":{"name":"name","handle":"","version":"10","icon_url":"test-url","requirements":[{"name":"requirement","controls":[{"name":"control","rules_id":["def-000-be9"]}]}]}}} When the request is sent Then the response status is 400 Bad Request - @replay-only @skip-terraform-config @team:DataDog/k9-cloud-siem + @replay-only @skip-terraform-config @team:DataDog/cloud-siem Scenario: Create a custom framework returns "Conflict" response Given there is a valid "custom_framework" in the system And new "CreateCustomFramework" request @@ -603,14 +603,14 @@ Feature: Security Monitoring When the request is sent Then the response status is 409 Conflict - @replay-only @skip-terraform-config @team:DataDog/k9-cloud-siem + @replay-only @skip-terraform-config @team:DataDog/cloud-siem Scenario: Create a custom framework returns "OK" response Given new "CreateCustomFramework" request And body with value {"data":{"type":"custom_framework","attributes":{"name":"name","handle":"create-framework-new","version":"10","icon_url":"test-url","requirements":[{"name":"requirement","controls":[{"name":"control","rules_id":["def-000-be9"]}]}]}}} When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Create a dataset returns "Bad Request" response Given operation "CreateSecurityMonitoringDataset" enabled And new "CreateSecurityMonitoringDataset" request @@ -618,7 +618,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Create a dataset returns "Conflict" response Given operation "CreateSecurityMonitoringDataset" enabled And new "CreateSecurityMonitoringDataset" request @@ -626,7 +626,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 409 Conflict - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Create a dataset returns "Created" response Given operation "CreateSecurityMonitoringDataset" enabled And new "CreateSecurityMonitoringDataset" request @@ -634,14 +634,14 @@ Feature: Security Monitoring When the request is sent Then the response status is 201 Created - @skip @team:DataDog/k9-cloud-siem + @skip @team:DataDog/cloud-siem Scenario: Create a detection rule returns "Bad Request" response Given new "CreateSecurityMonitoringRule" request And body with value {"name":"{{ unique }}", "queries":[{"query":""}],"cases":[{"status":"info"}],"options":{},"message":"Test rule","tags":[],"isEnabled":true} When the request is sent Then the response status is 400 Bad Request - @skip-validation @team:DataDog/k9-cloud-siem + @skip-validation @team:DataDog/cloud-siem Scenario: Create a detection rule returns "OK" response Given new "CreateSecurityMonitoringRule" request And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"metric":""}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type":"log_detection", "referenceTables":[{"tableName": "synthetics_test_reference_table_dont_delete", "columnName": "value", "logFieldPath":"testtag", "checkPresence":true, "ruleQueryName":"a"}]} @@ -652,7 +652,7 @@ Feature: Security Monitoring And the response "message" is equal to "Test rule" And the response "referenceTables" is equal to [{"tableName": "synthetics_test_reference_table_dont_delete", "columnName": "value", "logFieldPath":"testtag", "checkPresence":true, "ruleQueryName":"a"}] - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Create a detection rule with detection method 'anomaly_detection' returns "OK" response Given new "CreateSecurityMonitoringRule" request And body with value {"name":"{{ unique }}","type":"log_detection","isEnabled":true,"queries":[{"aggregation":"count","dataSource":"logs","distinctFields":[],"groupByFields":["@usr.email","@network.client.ip"],"hasOptionalGroupByFields":false,"name":"","query":"service:app status:error"}],"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 0.995"}],"message":"An anomaly detection rule","options":{"detectionMethod":"anomaly_detection","evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400,"anomalyDetectionOptions":{"bucketDuration":300,"learningDuration":24,"detectionTolerance":3,"learningPeriodBaseline":10}},"tags":[],"filters":[]} @@ -666,7 +666,7 @@ Feature: Security Monitoring And the response "options.anomalyDetectionOptions.learningPeriodBaseline" is equal to 10 And the response "options.anomalyDetectionOptions.detectionTolerance" is equal to 3 - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Create a detection rule with detection method 'anomaly_detection' with enabled feature 'instantaneousBaseline' returns "OK" response Given new "CreateSecurityMonitoringRule" request And body with value {"name":"{{ unique }}","type":"log_detection","isEnabled":true,"queries":[{"aggregation":"count","dataSource":"logs","distinctFields":[],"groupByFields":["@usr.email","@network.client.ip"],"hasOptionalGroupByFields":false,"name":"","query":"service:app status:error"}],"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 0.995"}],"message":"An anomaly detection rule","options":{"detectionMethod":"anomaly_detection","evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400,"anomalyDetectionOptions":{"bucketDuration":300,"learningDuration":24,"detectionTolerance":3,"instantaneousBaseline":true}},"tags":[],"filters":[]} @@ -677,7 +677,7 @@ Feature: Security Monitoring And the response "options.detectionMethod" is equal to "anomaly_detection" And the response "options.anomalyDetectionOptions.instantaneousBaseline" is equal to true - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Create a detection rule with detection method 'sequence_detection' returns "OK" response Given new "CreateSecurityMonitoringRule" request And body with value {"name":"{{ unique }}","type":"log_detection","isEnabled":true,"queries":[{"aggregation":"count","dataSource":"logs","distinctFields":[],"groupByFields":[],"hasOptionalGroupByFields":false,"name":"","query":"service:logs-rule-reducer source:paul test2"},{"aggregation":"count","dataSource":"logs","distinctFields":[],"groupByFields":[],"hasOptionalGroupByFields":false,"name":"","query":"service:logs-rule-reducer source:paul test1"}],"cases":[{"name":"","status":"info","notifications":[],"condition":"step_b > 0"}],"message":"Logs and signals asdf","options":{"detectionMethod":"sequence_detection","evaluationWindow":0,"keepAlive":300,"maxSignalDuration":600,"sequenceDetectionOptions":{"stepTransitions":[{"child":"step_b","evaluationWindow":900,"parent":"step_a"}],"steps":[{"condition":"a > 0","evaluationWindow":60,"name":"step_a"},{"condition":"b > 0","evaluationWindow":60,"name":"step_b"}]}},"tags":[]} @@ -687,7 +687,7 @@ Feature: Security Monitoring And the response "type" is equal to "log_detection" And the response "options.detectionMethod" is equal to "sequence_detection" - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Create a detection rule with detection method 'third_party' returns "OK" response Given new "CreateSecurityMonitoringRule" request And body with value {"name":"{{ unique }}","type":"log_detection","isEnabled":true,"thirdPartyCases":[{"query":"status:error","name":"high","status":"high"},{"query":"status:info","name":"low","status":"low"}],"queries":[],"cases":[],"message":"This is a third party rule","options":{"detectionMethod":"third_party","keepAlive":0,"maxSignalDuration":600,"thirdPartyRuleOptions":{"defaultStatus":"info","rootQueries":[{"query":"source:guardduty @details.alertType:*EC2*", "groupByFields":["instance-id"]},{"query":"source:guardduty", "groupByFields":[]}]}}} @@ -698,7 +698,7 @@ Feature: Security Monitoring And the response "options.detectionMethod" is equal to "third_party" And the response "thirdPartyCases[0].query" is equal to "status:error" - @skip-validation @team:DataDog/k9-cloud-siem + @skip-validation @team:DataDog/cloud-siem Scenario: Create a detection rule with type 'application_security 'returns "OK" response Given new "CreateSecurityMonitoringRule" request And body with value {"type":"application_security","name":"{{unique}}_appsec_rule","queries":[{"query":"@appsec.security_activity:business_logic.users.login.failure","aggregation":"count","groupByFields":["service","@http.client_ip"],"distinctFields":[]}],"filters":[],"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 100000","actions":[{"type":"block_ip","options":{"duration":900}}, {"type":"user_behavior","options":{"userBehaviorName":"behavior"}}, {"type":"flag_ip","options":{"flaggedIPType":"FLAGGED"}}]}],"options":{"keepAlive":3600,"maxSignalDuration":86400,"evaluationWindow":900,"detectionMethod":"threshold"},"isEnabled":true,"message":"Test rule","tags":[],"groupSignalsBy":["service"]} @@ -708,7 +708,7 @@ Feature: Security Monitoring And the response "type" is equal to "application_security" And the response "message" is equal to "Test rule" - @skip-validation @team:DataDog/k9-cloud-siem + @skip-validation @team:DataDog/cloud-siem Scenario: Create a detection rule with type 'impossible_travel' and baselineUserLocationsDuration returns "OK" response Given new "CreateSecurityMonitoringRule" request And body with value {"queries":[{"aggregation":"geo_data","groupByFields":["@usr.id"],"distinctFields":[],"metric":"@network.client.geoip","query":"*"}],"cases":[{"name":"","status":"info","notifications":[]}],"hasExtendedTitle":true,"message":"test","isEnabled":true,"options":{"maxSignalDuration":86400,"evaluationWindow":900,"keepAlive":3600,"detectionMethod":"impossible_travel","impossibleTravelOptions":{"baselineUserLocations":true,"baselineUserLocationsDuration":7}},"name":"{{ unique }}","type":"log_detection","tags":[],"filters":[]} @@ -721,7 +721,7 @@ Feature: Security Monitoring And the response "options.impossibleTravelOptions.baselineUserLocations" is equal to true And the response "options.impossibleTravelOptions.baselineUserLocationsDuration" is equal to 7 - @skip-validation @team:DataDog/k9-cloud-siem + @skip-validation @team:DataDog/cloud-siem Scenario: Create a detection rule with type 'impossible_travel' returns "OK" response Given new "CreateSecurityMonitoringRule" request And body with value {"queries":[{"aggregation":"geo_data","groupByFields":["@usr.id"],"distinctFields":[],"metric":"@network.client.geoip","query":"*"}],"cases":[{"name":"","status":"info","notifications":[]}],"hasExtendedTitle":true,"message":"test","isEnabled":true,"options":{"maxSignalDuration":86400,"evaluationWindow":900,"keepAlive":3600,"detectionMethod":"impossible_travel","impossibleTravelOptions":{"baselineUserLocations":false}},"name":"{{ unique }}","type":"log_detection","tags":[],"filters":[]} @@ -732,7 +732,7 @@ Feature: Security Monitoring And the response "message" is equal to "test" And the response "options.detectionMethod" is equal to "impossible_travel" - @skip-validation @team:DataDog/k9-cloud-siem + @skip-validation @team:DataDog/cloud-siem Scenario: Create a detection rule with type 'signal_correlation' returns "OK" response Given there is a valid "security_rule" in the system And there is a valid "security_rule_bis" in the system @@ -745,7 +745,7 @@ Feature: Security Monitoring And the response "message" is equal to "Test signal correlation rule" And the response "isEnabled" is equal to true - @skip-validation @team:DataDog/k9-cloud-siem + @skip-validation @team:DataDog/cloud-siem Scenario: Create a detection rule with type 'workload_security' returns "OK" response Given new "CreateSecurityMonitoringRule" request And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"metric":""}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type": "workload_security"} @@ -845,7 +845,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 201 Successfully created the notification rule. - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Create a scheduled detection rule returns "OK" response Given new "CreateSecurityMonitoringRule" request And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"indexes":["main"]}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type":"log_detection", "schedulingOptions": {"rrule": "FREQ=HOURLY;INTERVAL=2;", "start": "2025-06-18T12:00:00", "timezone": "Europe/Paris"}} @@ -856,28 +856,28 @@ Feature: Security Monitoring And the response "message" is equal to "Test rule" And the response "schedulingOptions" is equal to {"rrule": "FREQ=HOURLY;INTERVAL=2;", "start": "2025-06-18T12:00:00", "timezone": "Europe/Paris"} - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Create a scheduled rule without rrule returns "Bad Request" response Given new "CreateSecurityMonitoringRule" request And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"indexes":["main"]}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type":"log_detection", "schedulingOptions": {"start": "2025-06-18T12:00:00", "timezone": "Europe/Paris"}} When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Create a security filter returns "Bad Request" response Given new "CreateSecurityFilter" request And body with value {"data": {"attributes": {"exclusion_filters": [{"name": "Exclude staging", "query": "source:staging"}], "filtered_data_type": "logs", "is_enabled": true, "name": "Custom security filter", "query": "service:api"}, "type": "security_filters"}} When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Create a security filter returns "Conflict" response Given new "CreateSecurityFilter" request And body with value {"data": {"attributes": {"exclusion_filters": [{"name": "Exclude staging", "query": "source:staging"}], "filtered_data_type": "logs", "is_enabled": true, "name": "Custom security filter", "query": "service:api"}, "type": "security_filters"}} When the request is sent Then the response status is 409 Conflict - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Create a security filter returns "OK" response Given new "CreateSecurityFilter" request And body with value {"data": {"attributes": {"exclusion_filters": [{"name": "Exclude staging", "query": "source:staging"}], "filtered_data_type": "logs", "is_enabled": true, "name": "{{ unique }}", "query": "service:{{ unique_alnum }}"}, "type": "security_filters"}} @@ -889,21 +889,21 @@ Feature: Security Monitoring And the response "data.attributes.exclusion_filters[0].name" is equal to "Exclude staging" And the response "data.attributes.exclusion_filters[0].query" is equal to "source:staging" - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Create a suppression rule returns "Bad Request" response Given new "CreateSecurityMonitoringSuppression" request And body with value {"data": {"attributes": {"data_exclusion_query": "source:cloudtrail account_id:12345", "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "start_date": 1703187336000, "suppression_query": "env:staging status:low", "tags": ["technique:T1110-brute-force", "source:cloudtrail"]}, "type": "suppressions"}} When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Create a suppression rule returns "Conflict" response Given new "CreateSecurityMonitoringSuppression" request And body with value {"data": {"attributes": {"data_exclusion_query": "source:cloudtrail account_id:12345", "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "expiration_date": 1703187336000, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail", "start_date": 1703187336000, "suppression_query": "env:staging status:low", "tags": ["technique:T1110-brute-force", "source:cloudtrail"]}, "type": "suppressions"}} When the request is sent Then the response status is 409 Conflict - @skip-validation @team:DataDog/k9-cloud-siem + @skip-validation @team:DataDog/cloud-siem Scenario: Create a suppression rule returns "OK" response Given new "CreateSecurityMonitoringSuppression" request And body with value {"data": {"attributes": {"description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "start_date": {{ timestamp('now + 10d') }}000, "expiration_date": {{ timestamp('now + 21d') }}000, "name": "{{ unique }}", "rule_query": "type:log_detection source:cloudtrail", "suppression_query": "env:staging status:low", "tags": ["technique:T1110-brute-force", "source:cloudtrail"]}, "type": "suppressions"}} @@ -913,7 +913,7 @@ Feature: Security Monitoring And the response "data.attributes.enabled" is equal to true And the response "data.attributes.rule_query" is equal to "type:log_detection source:cloudtrail" - @skip-validation @team:DataDog/k9-cloud-siem + @skip-validation @team:DataDog/cloud-siem Scenario: Create a suppression rule with an exclusion query returns "OK" response Given new "CreateSecurityMonitoringSuppression" request And body with value {"data": {"attributes": {"description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "start_date": {{ timestamp('now + 10d') }}000, "expiration_date": {{ timestamp('now + 21d') }}000, "name": "{{ unique }}", "rule_query": "type:log_detection source:cloudtrail", "data_exclusion_query": "account_id:12345"}, "type": "suppressions"}} @@ -951,7 +951,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 422 Unprocessable Entity - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Create an entity context sync configuration returns "Bad Request" response Given operation "CreateSecurityMonitoringIntegrationConfig" enabled And new "CreateSecurityMonitoringIntegrationConfig" request @@ -959,7 +959,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Create an entity context sync configuration returns "OK" response Given operation "CreateSecurityMonitoringIntegrationConfig" enabled And new "CreateSecurityMonitoringIntegrationConfig" request @@ -1035,7 +1035,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @replay-only @skip-terraform-config @team:DataDog/k9-cloud-siem + @replay-only @skip-terraform-config @team:DataDog/cloud-siem Scenario: Create or update an indicator triage state returns "Bad Request" response Given operation "CreateIoCTriageState" enabled And new "CreateIoCTriageState" request @@ -1043,7 +1043,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @replay-only @skip-terraform-config @team:DataDog/k9-cloud-siem + @replay-only @skip-terraform-config @team:DataDog/cloud-siem Scenario: Create or update an indicator triage state returns "Created" response Given operation "CreateIoCTriageState" enabled And new "CreateIoCTriageState" request @@ -1051,7 +1051,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 201 Created - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Deactivate content pack returns "Accepted" response Given operation "DeactivateContentPack" enabled And new "DeactivateContentPack" request @@ -1059,7 +1059,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 202 Accepted - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Deactivate content pack returns "Not Found" response Given operation "DeactivateContentPack" enabled And new "DeactivateContentPack" request @@ -1067,14 +1067,14 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Delete a critical asset returns "Not Found" response Given new "DeleteSecurityMonitoringCriticalAsset" request And request contains "critical_asset_id" parameter with value "00000000-0000-0000-0000-000000000000" When the request is sent Then the response status is 404 Not Found - @skip-validation @team:DataDog/k9-cloud-siem + @skip-validation @team:DataDog/cloud-siem Scenario: Delete a critical asset returns "OK" response Given there is a valid "critical_asset" in the system And new "DeleteSecurityMonitoringCriticalAsset" request @@ -1082,7 +1082,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 204 OK - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Delete a custom framework returns "Bad Request" response Given new "DeleteCustomFramework" request And request contains "handle" parameter with value "handle-does-not-exist" @@ -1090,7 +1090,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @replay-only @team:DataDog/k9-cloud-siem + @replay-only @team:DataDog/cloud-siem Scenario: Delete a custom framework returns "OK" response Given there is a valid "custom_framework" in the system And new "DeleteCustomFramework" request @@ -1099,7 +1099,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Delete a dataset returns "Bad Request" response Given operation "DeleteSecurityMonitoringDataset" enabled And new "DeleteSecurityMonitoringDataset" request @@ -1107,7 +1107,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Delete a dataset returns "No Content" response Given operation "DeleteSecurityMonitoringDataset" enabled And new "DeleteSecurityMonitoringDataset" request @@ -1115,7 +1115,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 204 No Content - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Delete a dataset returns "Not Found" response Given operation "DeleteSecurityMonitoringDataset" enabled And new "DeleteSecurityMonitoringDataset" request @@ -1157,14 +1157,14 @@ Feature: Security Monitoring When the request is sent Then the response status is 204 Rule successfully deleted. - @skip @team:DataDog/k9-cloud-siem + @skip @team:DataDog/cloud-siem Scenario: Delete a non existing rule returns "Not Found" response Given new "DeleteSecurityMonitoringRule" request And request contains "rule_id" parameter with value "ThisRuleIdProbablyDoesntExist" When the request is sent Then the response status is 404 Not Found - @skip-validation @team:DataDog/k9-cloud-siem + @skip-validation @team:DataDog/cloud-siem Scenario: Delete a security filter returns "No Content" response Given there is a valid "security_filter" in the system And new "DeleteSecurityFilter" request @@ -1172,14 +1172,14 @@ Feature: Security Monitoring When the request is sent Then the response status is 204 No Content - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Delete a security filter returns "Not Found" response Given new "DeleteSecurityFilter" request And request contains "security_filter_id" parameter from "REPLACE.ME" When the request is sent Then the response status is 404 Not Found - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Delete a security filter returns "OK" response Given new "DeleteSecurityFilter" request And request contains "security_filter_id" parameter from "REPLACE.ME" @@ -1201,14 +1201,14 @@ Feature: Security Monitoring When the request is sent Then the response status is 204 Rule successfully deleted. - @skip @team:DataDog/k9-cloud-siem + @skip @team:DataDog/cloud-siem Scenario: Delete a suppression rule returns "Not Found" response Given new "DeleteSecurityMonitoringSuppression" request And request contains "suppression_id" parameter with value "does-not-exist" When the request is sent Then the response status is 404 Not Found - @skip-validation @team:DataDog/k9-cloud-siem + @skip-validation @team:DataDog/cloud-siem Scenario: Delete a suppression rule returns "OK" response Given there is a valid "suppression" in the system And new "DeleteSecurityMonitoringSuppression" request @@ -1248,7 +1248,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 204 Rule successfully deleted. - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Delete an entity context sync configuration returns "Not Found" response Given operation "DeleteSecurityMonitoringIntegrationConfig" enabled And new "DeleteSecurityMonitoringIntegrationConfig" request @@ -1256,7 +1256,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Delete an entity context sync configuration returns "OK" response Given operation "DeleteSecurityMonitoringIntegrationConfig" enabled And new "DeleteSecurityMonitoringIntegrationConfig" request @@ -1264,7 +1264,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 204 OK - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Delete an existing job returns "Bad Request" response Given operation "DeleteHistoricalJob" enabled And new "DeleteHistoricalJob" request @@ -1272,7 +1272,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Delete an existing job returns "Conflict" response Given operation "DeleteHistoricalJob" enabled And new "DeleteHistoricalJob" request @@ -1280,7 +1280,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 409 Conflict - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Delete an existing job returns "Not Found" response Given operation "DeleteHistoricalJob" enabled And new "DeleteHistoricalJob" request @@ -1288,7 +1288,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Delete an existing job returns "OK" response Given operation "DeleteHistoricalJob" enabled And new "DeleteHistoricalJob" request @@ -1296,14 +1296,14 @@ Feature: Security Monitoring When the request is sent Then the response status is 204 OK - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Delete an existing rule returns "Not Found" response Given new "DeleteSecurityMonitoringRule" request And request contains "rule_id" parameter from "REPLACE.ME" When the request is sent Then the response status is 404 Not Found - @skip-validation @team:DataDog/k9-cloud-siem + @skip-validation @team:DataDog/cloud-siem Scenario: Delete an existing rule returns "OK" response Given there is a valid "security_rule" in the system And new "DeleteSecurityMonitoringRule" request @@ -1332,7 +1332,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Export security monitoring resource to Terraform returns "Not Found" response Given operation "ExportSecurityMonitoringTerraformResource" enabled And new "ExportSecurityMonitoringTerraformResource" request @@ -1341,7 +1341,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @replay-only @team:DataDog/k9-cloud-siem + @replay-only @team:DataDog/cloud-siem Scenario: Export security monitoring resource to Terraform returns "OK" response Given operation "ExportSecurityMonitoringTerraformResource" enabled And there is a valid "suppression" in the system @@ -1353,7 +1353,7 @@ Feature: Security Monitoring And the response "data.attributes.type_name" is equal to "datadog_security_monitoring_suppression" And the response "data.attributes.resource_id" has the same value as "suppression.data.id" - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Export security monitoring resources to Terraform returns "Bad Request" response Given operation "BulkExportSecurityMonitoringTerraformResources" enabled And new "BulkExportSecurityMonitoringTerraformResources" request @@ -1362,7 +1362,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Export security monitoring resources to Terraform returns "Not Found" response Given operation "BulkExportSecurityMonitoringTerraformResources" enabled And new "BulkExportSecurityMonitoringTerraformResources" request @@ -1371,7 +1371,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @replay-only @team:DataDog/k9-cloud-siem + @replay-only @team:DataDog/cloud-siem Scenario: Export security monitoring resources to Terraform returns "OK" response Given operation "BulkExportSecurityMonitoringTerraformResources" enabled And there is a valid "suppression" in the system @@ -1445,7 +1445,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @skip-validation @team:DataDog/k9-cloud-siem + @skip-validation @team:DataDog/cloud-siem Scenario: Get a cloud configuration rule's details returns "OK" response Given there is a valid "cloud_configuration_rule" in the system And new "GetSecurityMonitoringRule" request @@ -1455,14 +1455,14 @@ Feature: Security Monitoring And the response "name" is equal to "{{ unique }}_cloud" And the response "id" has the same value as "cloud_configuration_rule.id" - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Get a critical asset returns "Not Found" response Given new "GetSecurityMonitoringCriticalAsset" request And request contains "critical_asset_id" parameter with value "00000000-0000-0000-0000-000000000000" When the request is sent Then the response status is 404 Not Found - @skip-validation @team:DataDog/k9-cloud-siem + @skip-validation @team:DataDog/cloud-siem Scenario: Get a critical asset returns "OK" response Given new "GetSecurityMonitoringCriticalAsset" request And there is a valid "critical_asset" in the system @@ -1472,7 +1472,7 @@ Feature: Security Monitoring And the response "data.attributes.rule_query" has the same value as "critical_asset.data.attributes.rule_query" And the response "data.attributes.severity" is equal to "medium" - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Get a custom framework returns "Bad Request" response Given new "GetCustomFramework" request And request contains "handle" parameter with value "frame-does-not-exist" @@ -1480,7 +1480,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @replay-only @team:DataDog/k9-cloud-siem + @replay-only @team:DataDog/cloud-siem Scenario: Get a custom framework returns "OK" response Given there is a valid "custom_framework" in the system And new "GetCustomFramework" request @@ -1489,7 +1489,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get a dataset at a specific version returns "Bad Request" response Given operation "GetSecurityMonitoringDatasetByVersion" enabled And new "GetSecurityMonitoringDatasetByVersion" request @@ -1498,7 +1498,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get a dataset at a specific version returns "Not Found" response Given operation "GetSecurityMonitoringDatasetByVersion" enabled And new "GetSecurityMonitoringDatasetByVersion" request @@ -1507,7 +1507,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get a dataset at a specific version returns "OK" response Given operation "GetSecurityMonitoringDatasetByVersion" enabled And new "GetSecurityMonitoringDatasetByVersion" request @@ -1516,7 +1516,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get a dataset returns "Bad Request" response Given operation "GetSecurityMonitoringDataset" enabled And new "GetSecurityMonitoringDataset" request @@ -1524,7 +1524,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get a dataset returns "Not Found" response Given operation "GetSecurityMonitoringDataset" enabled And new "GetSecurityMonitoringDataset" request @@ -1532,7 +1532,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get a dataset returns "OK" response Given operation "GetSecurityMonitoringDataset" enabled And new "GetSecurityMonitoringDataset" request @@ -1584,7 +1584,7 @@ Feature: Security Monitoring Then the response status is 200 OK And the response "data.attributes.evaluation" is equal to "pass" - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get a hist signal's details returns "Bad Request" response Given operation "GetSecurityMonitoringHistsignal" enabled And new "GetSecurityMonitoringHistsignal" request @@ -1592,7 +1592,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get a hist signal's details returns "Not Found" response Given operation "GetSecurityMonitoringHistsignal" enabled And new "GetSecurityMonitoringHistsignal" request @@ -1600,7 +1600,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get a hist signal's details returns "OK" response Given operation "GetSecurityMonitoringHistsignal" enabled And new "GetSecurityMonitoringHistsignal" request @@ -1608,7 +1608,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Get a job's details returns "Bad Request" response Given operation "GetHistoricalJob" enabled And new "GetHistoricalJob" request @@ -1616,7 +1616,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Get a job's details returns "Not Found" response Given operation "GetHistoricalJob" enabled And new "GetHistoricalJob" request @@ -1624,7 +1624,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Get a job's details returns "OK" response Given operation "GetHistoricalJob" enabled And operation "RunHistoricalJob" enabled @@ -1634,7 +1634,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get a job's hist signals returns "Bad Request" response Given operation "GetSecurityMonitoringHistsignalsByJobId" enabled And new "GetSecurityMonitoringHistsignalsByJobId" request @@ -1642,7 +1642,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get a job's hist signals returns "Not Found" response Given operation "GetSecurityMonitoringHistsignalsByJobId" enabled And new "GetSecurityMonitoringHistsignalsByJobId" request @@ -1650,7 +1650,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get a job's hist signals returns "OK" response Given operation "GetSecurityMonitoringHistsignalsByJobId" enabled And new "GetSecurityMonitoringHistsignalsByJobId" request @@ -1658,21 +1658,21 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get a list of security signals returns "Bad Request" response Given new "SearchSecurityMonitoringSignals" request And body with value {"filter": {"from": "2019-01-02T09:42:36.320Z", "query": "security:attack status:high", "to": "2019-01-03T09:42:36.320Z"}, "page": {"cursor": "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==", "limit": 25}, "sort": "timestamp"} When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get a list of security signals returns "OK" response Given new "SearchSecurityMonitoringSignals" request And body with value {"filter": {"from": "2019-01-02T09:42:36.320Z", "query": "security:attack status:high", "to": "2019-01-03T09:42:36.320Z"}, "page": {"cursor": "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==", "limit": 25}, "sort": "timestamp"} When the request is sent Then the response status is 200 OK - @replay-only @skip-validation @team:DataDog/k9-cloud-siem @with-pagination + @replay-only @skip-validation @team:DataDog/cloud-siem @with-pagination Scenario: Get a list of security signals returns "OK" response with pagination Given new "SearchSecurityMonitoringSignals" request And body with value {"filter": {"from": "{{ timeISO("now-15m") }}", "query": "security:attack status:high", "to": "{{ timeISO("now") }}"}, "page": {"limit": 2}, "sort": "timestamp"} @@ -1699,19 +1699,19 @@ Feature: Security Monitoring And the response "data.id" is equal to "{{ valid_mute_rule.data.id }}" And the response "data.type" is equal to "mute_rules" - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get a quick list of security signals returns "Bad Request" response Given new "ListSecurityMonitoringSignals" request When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get a quick list of security signals returns "OK" response Given new "ListSecurityMonitoringSignals" request When the request is sent Then the response status is 200 OK - @replay-only @skip-validation @team:DataDog/k9-cloud-siem @with-pagination + @replay-only @skip-validation @team:DataDog/cloud-siem @with-pagination Scenario: Get a quick list of security signals returns "OK" response with pagination Given new "ListSecurityMonitoringSignals" request And request contains "page[limit]" parameter with value 2 @@ -1719,14 +1719,14 @@ Feature: Security Monitoring Then the response status is 200 OK And the response has 3 items - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Get a rule's details returns "Not Found" response Given new "GetSecurityMonitoringRule" request And request contains "rule_id" parameter with value "abcde-12345" When the request is sent Then the response status is 404 Not Found - @skip-validation @team:DataDog/k9-cloud-siem + @skip-validation @team:DataDog/cloud-siem Scenario: Get a rule's details returns "OK" response Given new "GetSecurityMonitoringRule" request And there is a valid "security_rule" in the system @@ -1736,7 +1736,7 @@ Feature: Security Monitoring And the response "name" is equal to "{{ unique }}" And the response "id" has the same value as "security_rule.id" - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get a rule's version history returns "Bad Request" response Given operation "GetRuleVersionHistory" enabled And new "GetRuleVersionHistory" request @@ -1744,7 +1744,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get a rule's version history returns "Not Found" response Given operation "GetRuleVersionHistory" enabled And new "GetRuleVersionHistory" request @@ -1752,7 +1752,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get a rule's version history returns "OK" response Given operation "GetRuleVersionHistory" enabled And new "GetRuleVersionHistory" request @@ -1760,14 +1760,14 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get a security filter returns "Not Found" response Given new "GetSecurityFilter" request And request contains "security_filter_id" parameter from "REPLACE.ME" When the request is sent Then the response status is 404 Not Found - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Get a security filter returns "OK" response Given there is a valid "security_filter" in the system And new "GetSecurityFilter" request @@ -1780,21 +1780,21 @@ Feature: Security Monitoring And the response "data.attributes.exclusion_filters[0].name" is equal to "Exclude logs from staging" And the response "data.attributes.exclusion_filters[0].query" is equal to "source:staging" - @replay-only @team:DataDog/k9-cloud-siem + @replay-only @team:DataDog/cloud-siem Scenario: Get a signal's details returns "Not Found" response Given new "GetSecurityMonitoringSignal" request And request contains "signal_id" parameter with value "AQAAAYNqUBVU4-rffwAAAABBWU5xVUJWVUFBQjJBd3ptCL3QUEm3nt2" When the request is sent Then the response status is 404 Not Found - @replay-only @team:DataDog/k9-cloud-siem + @replay-only @team:DataDog/cloud-siem Scenario: Get a signal's details returns "OK" response Given new "GetSecurityMonitoringSignal" request And request contains "signal_id" parameter with value "AQAAAYNqUBVU4-rffwAAAABBWU5xVUJWVUFBQjJBd3ptMDdQUnF3QUE" When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get a single entity context returns "Bad Request" response Given operation "GetSingleEntityContext" enabled And new "GetSingleEntityContext" request @@ -1802,7 +1802,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get a single entity context returns "Not Found" response Given operation "GetSingleEntityContext" enabled And new "GetSingleEntityContext" request @@ -1810,7 +1810,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get a single entity context returns "OK" response Given operation "GetSingleEntityContext" enabled And new "GetSingleEntityContext" request @@ -1818,14 +1818,14 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @skip-validation @team:DataDog/k9-cloud-siem + @skip-validation @team:DataDog/cloud-siem Scenario: Get a suppression rule returns "Not Found" response Given new "GetSecurityMonitoringSuppression" request And request contains "suppression_id" parameter with value "this-does-not-exist" When the request is sent Then the response status is 404 Not Found - @skip-validation @team:DataDog/k9-cloud-siem + @skip-validation @team:DataDog/cloud-siem Scenario: Get a suppression rule returns "OK" response Given new "GetSecurityMonitoringSuppression" request And there is a valid "suppression" in the system @@ -1835,14 +1835,14 @@ Feature: Security Monitoring And the response "data.attributes.rule_query" has the same value as "suppression.data.attributes.rule_query" And the response "data.attributes.suppression_query" is equal to "env:test" - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Get a suppression's version history returns "Not Found" response Given new "GetSuppressionVersionHistory" request And request contains "suppression_id" parameter with value "this-does-not-exist" When the request is sent Then the response status is 404 Not Found - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Get a suppression's version history returns "OK" response Given new "GetSuppressionVersionHistory" request And there is a valid "suppression" in the system @@ -1869,7 +1869,7 @@ Feature: Security Monitoring And the response "data.id" is equal to "{{ valid_ticket_creation_rule.data.id }}" And the response "data.type" is equal to "ticket_creation_rules" - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Get all critical assets returns "OK" response Given new "ListSecurityMonitoringCriticalAssets" request When the request is sent @@ -1893,7 +1893,7 @@ Feature: Security Monitoring Then the response status is 200 Successfully retrieved the list of mute rules And the response "data" has item with field "id" with value "{{ valid_mute_rule.data.id }}" - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Get all security filters returns "OK" response Given new "ListSecurityFilters" request When the request is sent @@ -1901,13 +1901,13 @@ Feature: Security Monitoring And the response "data" has item with field "attributes.filtered_data_type" with value "logs" And the response "data" has item with field "attributes.is_builtin" with value true - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get all suppression rules returns "OK" response Given new "ListSecurityMonitoringSuppressions" request When the request is sent Then the response status is 200 OK - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Get all suppression rules returns "OK" response with pagination Given new "ListSecurityMonitoringSuppressions" request And there is a valid "suppression" in the system @@ -1919,7 +1919,7 @@ Feature: Security Monitoring Then the response status is 200 OK And the response "data" has length 1 - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Get all suppression rules returns "OK" response with sort ascending Given new "ListSecurityMonitoringSuppressions" request And there is a valid "suppression" in the system @@ -1930,7 +1930,7 @@ Feature: Security Monitoring Then the response status is 200 OK And the response "data[0].attributes.name" is equal to "suppression {{ unique_hash }}" - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Get all suppression rules returns "OK" response with sort descending Given new "ListSecurityMonitoringSuppressions" request And there is a valid "suppression" in the system @@ -1950,7 +1950,7 @@ Feature: Security Monitoring Then the response status is 200 Successfully retrieved the list of ticket creation rules And the response "data" has item with field "id" with value "{{ valid_ticket_creation_rule.data.id }}" - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get an entity context sync configuration returns "Not Found" response Given operation "GetSecurityMonitoringIntegrationConfig" enabled And new "GetSecurityMonitoringIntegrationConfig" request @@ -1958,7 +1958,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get an entity context sync configuration returns "OK" response Given operation "GetSecurityMonitoringIntegrationConfig" enabled And new "GetSecurityMonitoringIntegrationConfig" request @@ -1966,7 +1966,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get an indicator of compromise returns "Bad Request" response Given operation "GetIndicatorOfCompromise" enabled And new "GetIndicatorOfCompromise" request @@ -1974,7 +1974,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @replay-only @skip-terraform-config @team:DataDog/k9-cloud-siem + @replay-only @skip-terraform-config @team:DataDog/cloud-siem Scenario: Get an indicator of compromise returns "Not Found" response Given operation "GetIndicatorOfCompromise" enabled And new "GetIndicatorOfCompromise" request @@ -1982,7 +1982,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @replay-only @skip-terraform-config @team:DataDog/k9-cloud-siem + @replay-only @skip-terraform-config @team:DataDog/cloud-siem Scenario: Get an indicator of compromise returns "OK" response Given operation "GetIndicatorOfCompromise" enabled And new "GetIndicatorOfCompromise" request @@ -1991,28 +1991,28 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get content pack states returns "Not Found" response Given operation "GetContentPacksStates" enabled And new "GetContentPacksStates" request When the request is sent Then the response status is 404 Not Found - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get content pack states returns "OK" response Given operation "GetContentPacksStates" enabled And new "GetContentPacksStates" request When the request is sent Then the response status is 200 OK - @skip @team:DataDog/k9-cloud-siem + @skip @team:DataDog/cloud-siem Scenario: Get critical assets affecting a specific rule returns "Not Found" response Given new "GetCriticalAssetsAffectingRule" request And request contains "rule_id" parameter with value "aaa-bbb-ccc-ddd" When the request is sent Then the response status is 404 Not Found - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Get critical assets affecting a specific rule returns "OK" response Given new "GetCriticalAssetsAffectingRule" request And there is a valid "security_rule" in the system @@ -2020,7 +2020,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get dataset dependencies returns "Bad Request" response Given operation "BatchGetSecurityMonitoringDatasetDependencies" enabled And new "BatchGetSecurityMonitoringDatasetDependencies" request @@ -2028,7 +2028,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get dataset dependencies returns "OK" response Given operation "BatchGetSecurityMonitoringDatasetDependencies" enabled And new "BatchGetSecurityMonitoringDatasetDependencies" request @@ -2096,7 +2096,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 Notification rule details. - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get entities related to a signal returns "Bad Request" response Given operation "GetSignalEntities" enabled And new "GetSignalEntities" request @@ -2104,7 +2104,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get entities related to a signal returns "Not Found" response Given operation "GetSignalEntities" enabled And new "GetSignalEntities" request @@ -2112,7 +2112,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get entities related to a signal returns "OK" response Given operation "GetSignalEntities" enabled And new "GetSignalEntities" request @@ -2120,28 +2120,28 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get entity context returns "Bad Request" response Given operation "GetEntityContext" enabled And new "GetEntityContext" request When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get entity context returns "OK" response Given operation "GetEntityContext" enabled And new "GetEntityContext" request When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get investigation queries for a signal returns "Not Found" response Given new "GetInvestigationLogQueriesMatchingSignal" request And request contains "signal_id" parameter from "REPLACE.ME" When the request is sent Then the response status is 404 Not Found - @skip @team:DataDog/k9-cloud-siem + @skip @team:DataDog/cloud-siem Scenario: Get investigation queries for a signal returns "OK" response Given new "GetInvestigationLogQueriesMatchingSignal" request And request contains "signal_id" parameter with value "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE" @@ -2169,7 +2169,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @skip-go @skip-java @skip-ruby @team:DataDog/k9-cloud-siem + @skip-go @skip-java @skip-ruby @team:DataDog/cloud-siem Scenario: Get rule version history returns "OK" response Given operation "GetRuleVersionHistory" enabled And new "GetRuleVersionHistory" request @@ -2182,28 +2182,28 @@ Feature: Security Monitoring And the response "data.attributes.count" is equal to 1 And the response "data.attributes.data[1].rule.name" has the same value as "security_rule.name" - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get sample log generation subscriptions returns "Bad Request" response Given operation "ListSampleLogGenerationSubscriptions" enabled And new "ListSampleLogGenerationSubscriptions" request When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get sample log generation subscriptions returns "OK" response Given operation "ListSampleLogGenerationSubscriptions" enabled And new "ListSampleLogGenerationSubscriptions" request When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get suggested actions for a signal returns "Not Found" response Given new "GetSuggestedActionsMatchingSignal" request And request contains "signal_id" parameter from "REPLACE.ME" When the request is sent Then the response status is 404 Not Found - @skip @team:DataDog/k9-cloud-siem + @skip @team:DataDog/cloud-siem Scenario: Get suggested actions for a signal returns "OK" response Given new "GetSuggestedActionsMatchingSignal" request And request contains "signal_id" parameter with value "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE" @@ -2219,14 +2219,14 @@ Feature: Security Monitoring And the response "data[1].attributes" has field "title" And the response "data[1].attributes" has field "url" - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Get suppressions affecting a specific rule returns "Not Found" response Given new "GetSuppressionsAffectingRule" request And request contains "rule_id" parameter with value "aaa-bbb-ccc-ddd" When the request is sent Then the response status is 404 Not Found - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Get suppressions affecting a specific rule returns "OK" response Given new "GetSuppressionsAffectingRule" request And there is a valid "security_rule" in the system @@ -2234,14 +2234,14 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Get suppressions affecting future rule returns "Bad Request" response Given new "GetSuppressionsAffectingFutureRule" request And body with value {"invalid_key":"invalid_value"} When the request is sent Then the response status is 400 Bad Request - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Get suppressions affecting future rule returns "OK" response Given new "GetSuppressionsAffectingFutureRule" request And body from file "security_monitoring_future_rule_suppression_payload.json" @@ -2262,7 +2262,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 The list of notification rules. - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get the version history of a dataset returns "Bad Request" response Given operation "GetSecurityMonitoringDatasetVersionHistory" enabled And new "GetSecurityMonitoringDatasetVersionHistory" request @@ -2270,7 +2270,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get the version history of a dataset returns "Not Found" response Given operation "GetSecurityMonitoringDatasetVersionHistory" enabled And new "GetSecurityMonitoringDatasetVersionHistory" request @@ -2278,7 +2278,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get the version history of a dataset returns "OK" response Given operation "GetSecurityMonitoringDatasetVersionHistory" enabled And new "GetSecurityMonitoringDatasetVersionHistory" request @@ -2286,7 +2286,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Get the version history of security filters returns "OK" response Given new "ListSecurityFilterVersions" request When the request is sent @@ -2366,21 +2366,21 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: List datasets returns "Bad Request" response Given operation "ListSecurityMonitoringDatasets" enabled And new "ListSecurityMonitoringDatasets" request When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: List datasets returns "OK" response Given operation "ListSecurityMonitoringDatasets" enabled And new "ListSecurityMonitoringDatasets" request When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: List entity context sync configurations returns "OK" response Given operation "ListSecurityMonitoringIntegrationConfigs" enabled And new "ListSecurityMonitoringIntegrationConfigs" request @@ -2432,42 +2432,42 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: List hist signals returns "Bad Request" response Given operation "ListSecurityMonitoringHistsignals" enabled And new "ListSecurityMonitoringHistsignals" request When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: List hist signals returns "Not Found" response Given operation "ListSecurityMonitoringHistsignals" enabled And new "ListSecurityMonitoringHistsignals" request When the request is sent Then the response status is 404 Not Found - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: List hist signals returns "OK" response Given operation "ListSecurityMonitoringHistsignals" enabled And new "ListSecurityMonitoringHistsignals" request When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: List historical jobs returns "Bad Request" response Given operation "ListHistoricalJobs" enabled And new "ListHistoricalJobs" request When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: List historical jobs returns "OK" response Given operation "ListHistoricalJobs" enabled And new "ListHistoricalJobs" request When the request is sent Then the response status is 200 OK - @replay-only @skip-terraform-config @team:DataDog/k9-cloud-siem + @replay-only @skip-terraform-config @team:DataDog/cloud-siem Scenario: List indicators of compromise returns "Bad Request" response Given operation "ListIndicatorsOfCompromise" enabled And new "ListIndicatorsOfCompromise" request @@ -2475,7 +2475,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @replay-only @skip-terraform-config @team:DataDog/k9-cloud-siem + @replay-only @skip-terraform-config @team:DataDog/cloud-siem Scenario: List indicators of compromise returns "OK" response Given operation "ListIndicatorsOfCompromise" enabled And new "ListIndicatorsOfCompromise" request @@ -2483,14 +2483,14 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: List resource filters returns "Bad Request" response Given new "GetResourceEvaluationFilters" request And request contains "account_id" parameter with value "123456789" When the request is sent Then the response status is 400 Bad Request - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: List resource filters returns "OK" response Given new "GetResourceEvaluationFilters" request And request contains "cloud_provider" parameter with value "aws" @@ -2498,13 +2498,13 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: List rules returns "Bad Request" response Given new "ListSecurityMonitoringRules" request When the request is sent Then the response status is 400 Bad Request - @skip-validation @team:DataDog/k9-cloud-siem + @skip-validation @team:DataDog/cloud-siem Scenario: List rules returns "OK" response Given new "ListSecurityMonitoringRules" request When the request is sent @@ -2608,7 +2608,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Modify the triage assignee of a security signal returns "Bad Request" response Given new "EditSecurityMonitoringSignalAssignee" request And request contains "signal_id" parameter from "REPLACE.ME" @@ -2616,7 +2616,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Modify the triage assignee of a security signal returns "Not Found" response Given new "EditSecurityMonitoringSignalAssignee" request And request contains "signal_id" parameter from "REPLACE.ME" @@ -2624,7 +2624,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @replay-only @team:DataDog/k9-cloud-siem + @replay-only @team:DataDog/cloud-siem Scenario: Modify the triage assignee of a security signal returns "OK" response Given new "EditSecurityMonitoringSignalAssignee" request And request contains "signal_id" parameter with value "AQAAAYG1bl5K4HuUewAAAABBWUcxYmw1S0FBQmt2RmhRN0V4ZUVnQUE" @@ -2824,7 +2824,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 422 Unprocessable Entity - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Restore a rule to a historical version returns "Bad Request" response Given operation "RestoreSecurityMonitoringRule" enabled And new "RestoreSecurityMonitoringRule" request @@ -2833,7 +2833,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Restore a rule to a historical version returns "Conflict" response Given operation "RestoreSecurityMonitoringRule" enabled And there is a valid "security_rule" in the system @@ -2844,7 +2844,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 409 Conflict - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Restore a rule to a historical version returns "Not Found" response Given operation "RestoreSecurityMonitoringRule" enabled And there is a valid "security_rule" in the system @@ -2854,7 +2854,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @skip-validation @team:DataDog/k9-cloud-siem + @skip-validation @team:DataDog/cloud-siem Scenario: Restore a rule to a historical version returns "OK" response Given operation "RestoreSecurityMonitoringRule" enabled And there is a valid "security_rule" in the system @@ -2881,7 +2881,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Run a historical job returns "Bad Request" response Given operation "RunHistoricalJob" enabled And new "RunHistoricalJob" request @@ -2889,7 +2889,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Run a historical job returns "Not Found" response Given operation "RunHistoricalJob" enabled And new "RunHistoricalJob" request @@ -2897,7 +2897,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Run a historical job returns "Status created" response Given operation "RunHistoricalJob" enabled And new "RunHistoricalJob" request @@ -2905,7 +2905,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 201 Status created - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Search hist signals returns "Bad Request" response Given operation "SearchSecurityMonitoringHistsignals" enabled And new "SearchSecurityMonitoringHistsignals" request @@ -2913,7 +2913,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Search hist signals returns "Not Found" response Given operation "SearchSecurityMonitoringHistsignals" enabled And new "SearchSecurityMonitoringHistsignals" request @@ -2921,7 +2921,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Search hist signals returns "OK" response Given operation "SearchSecurityMonitoringHistsignals" enabled And new "SearchSecurityMonitoringHistsignals" request @@ -2953,7 +2953,7 @@ Feature: Security Monitoring And the response "meta.page" has field "after" And the response "links" has field "next" - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Subscribe to sample log generation returns "Bad Request" response Given operation "CreateSampleLogGenerationSubscription" enabled And new "CreateSampleLogGenerationSubscription" request @@ -2961,7 +2961,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Subscribe to sample log generation returns "OK" response Given operation "CreateSampleLogGenerationSubscription" enabled And new "CreateSampleLogGenerationSubscription" request @@ -2969,35 +2969,35 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Test a notification rule returns "Bad Request" response Given new "SendSecurityMonitoringNotificationPreview" request And body with value {"data": {"attributes": {"enabled": true, "name": "Rule 1", "routing": {"mode": "manual"}, "selectors": {"query": "(source:production_service OR env:prod)", "rule_types": ["misconfiguration", "attack_path"], "severities": ["critical"], "trigger_source": "security_findings"}, "targets": ["@john.doe@email.com"], "time_aggregation": 86400}, "type": "notification_rules"}} When the request is sent Then the response status is 400 Bad Request - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Test a notification rule returns "OK" response Given new "SendSecurityMonitoringNotificationPreview" request And body with value {"data": {"attributes": {"enabled": true, "name": "Rule 1", "selectors": {"query": "env:prod", "rule_types": ["log_detection"], "severities": ["critical"], "trigger_source": "security_signals"}, "targets": ["@john.doe@email.com"]}, "type": "notification_rules"}} When the request is sent Then the response status is 200 OK - @skip @team:DataDog/k9-cloud-siem + @skip @team:DataDog/cloud-siem Scenario: Test a rule returns "Bad Request" response Given new "TestSecurityMonitoringRule" request And body with value {"rule": {"cases": [], "filters": [{"action": "require"}], "hasExtendedTitle": true, "isEnabled": true, "message": "", "name": "My security monitoring rule.", "options": {"decreaseCriticalityBasedOnEnv": false, "detectionMethod": "threshold", "evaluationWindow": 0, "hardcodedEvaluatorType": "log4shell", "impossibleTravelOptions": {"baselineUserLocations": true}, "keepAlive": 0, "maxSignalDuration": 0, "newValueOptions": {"forgetAfter": 1, "learningDuration": 0, "learningMethod": "duration", "learningThreshold": 0}, "thirdPartyRuleOptions": {"defaultNotifications": [], "defaultStatus": "critical", "rootQueries": [{"groupByFields": [], "query": "source:cloudtrail"}]}}, "queries": [], "tags": ["env:prod", "team:security"], "thirdPartyCases": [], "type": "application_security"}, "ruleQueryPayloads": [{"expectedResult": true, "index": 0, "payload": {"ddsource": "nginx", "ddtags": "env:staging,version:5.1", "hostname": "i-012345678", "message": "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World", "service": "payment"}}]} When the request is sent Then the response status is 400 Bad Request - @skip @team:DataDog/k9-cloud-siem + @skip @team:DataDog/cloud-siem Scenario: Test a rule returns "Not Found" response Given new "TestSecurityMonitoringRule" request And body with value {"rule": {"cases": [], "filters": [{"action": "require"}], "hasExtendedTitle": true, "isEnabled": true, "message": "", "name": "My security monitoring rule.", "options": {"decreaseCriticalityBasedOnEnv": false, "detectionMethod": "threshold", "evaluationWindow": 0, "hardcodedEvaluatorType": "log4shell", "impossibleTravelOptions": {"baselineUserLocations": true}, "keepAlive": 0, "maxSignalDuration": 0, "newValueOptions": {"forgetAfter": 1, "learningDuration": 0, "learningMethod": "duration", "learningThreshold": 0}, "thirdPartyRuleOptions": {"defaultNotifications": [], "defaultStatus": "critical", "rootQueries": [{"groupByFields": [], "query": "source:cloudtrail"}]}}, "queries": [], "tags": ["env:prod", "team:security"], "thirdPartyCases": [], "type": "application_security"}, "ruleQueryPayloads": [{"expectedResult": true, "index": 0, "payload": {"ddsource": "nginx", "ddtags": "env:staging,version:5.1", "hostname": "i-012345678", "message": "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World", "service": "payment"}}]} When the request is sent Then the response status is 404 Not Found - @skip-go @skip-java @skip-ruby @skip-typescript @team:DataDog/k9-cloud-siem + @skip-go @skip-java @skip-ruby @skip-typescript @team:DataDog/cloud-siem Scenario: Test a rule returns "OK" response Given new "TestSecurityMonitoringRule" request And body with value {"rule": {"cases": [{"name": "","status": "info","notifications": [],"condition": "a > 0"}],"hasExtendedTitle": true,"isEnabled": true,"message": "My security monitoring rule message.","name": "My security monitoring rule.","options": {"decreaseCriticalityBasedOnEnv": false,"detectionMethod": "threshold","evaluationWindow": 0,"keepAlive": 0,"maxSignalDuration": 0},"queries": [{"query": "source:source_here","groupByFields": ["@userIdentity.assumed_role"],"distinctFields": [],"aggregation": "count","name": ""}],"tags": ["env:prod", "team:security"],"type": "log_detection"}, "ruleQueryPayloads": [{"expectedResult": true,"index": 0,"payload": {"ddsource": "source_here","ddtags": "env:staging,version:5.1","hostname": "i-012345678","message": "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World","service": "payment","userIdentity": {"assumed_role" : "fake assumed_role"}}}]} @@ -3005,7 +3005,7 @@ Feature: Security Monitoring Then the response status is 200 OK And the response "results[0]" is equal to true - @skip @team:DataDog/k9-cloud-siem + @skip @team:DataDog/cloud-siem Scenario: Test an existing rule returns "Bad Request" response Given new "TestExistingSecurityMonitoringRule" request And request contains "rule_id" parameter from "REPLACE.ME" @@ -3013,7 +3013,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @skip @team:DataDog/k9-cloud-siem + @skip @team:DataDog/cloud-siem Scenario: Test an existing rule returns "Not Found" response Given new "TestExistingSecurityMonitoringRule" request And request contains "rule_id" parameter from "REPLACE.ME" @@ -3021,7 +3021,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @skip @team:DataDog/k9-cloud-siem + @skip @team:DataDog/cloud-siem Scenario: Test an existing rule returns "OK" response Given new "TestExistingSecurityMonitoringRule" request And request contains "rule_id" parameter from "REPLACE.ME" @@ -3050,7 +3050,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 422 Unprocessable Entity - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Unsubscribe from sample log generation returns "Bad Request" response Given operation "DeleteSampleLogGenerationSubscription" enabled And new "DeleteSampleLogGenerationSubscription" request @@ -3058,7 +3058,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Unsubscribe from sample log generation returns "OK" response Given operation "DeleteSampleLogGenerationSubscription" enabled And new "DeleteSampleLogGenerationSubscription" request @@ -3066,7 +3066,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @skip-validation @team:DataDog/k9-cloud-siem + @skip-validation @team:DataDog/cloud-siem Scenario: Update a cloud configuration rule's details returns "OK" response Given new "UpdateSecurityMonitoringRule" request And there is a valid "cloud_configuration_rule" in the system @@ -3077,7 +3077,7 @@ Feature: Security Monitoring And the response "name" is equal to "{{ unique }}_cloud_updated" And the response "id" has the same value as "cloud_configuration_rule.id" - @skip @team:DataDog/k9-cloud-siem + @skip @team:DataDog/cloud-siem Scenario: Update a critical asset returns "Bad Request" response Given new "UpdateSecurityMonitoringCriticalAsset" request And request contains "critical_asset_id" parameter with value "00000000-0000-0000-0000-000000000000" @@ -3085,7 +3085,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Update a critical asset returns "Concurrent Modification" response Given new "UpdateSecurityMonitoringCriticalAsset" request And request contains "critical_asset_id" parameter from "REPLACE.ME" @@ -3093,7 +3093,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 409 Concurrent Modification - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Update a critical asset returns "Not Found" response Given new "UpdateSecurityMonitoringCriticalAsset" request And request contains "critical_asset_id" parameter with value "00000000-0000-0000-0000-000000000001" @@ -3101,7 +3101,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @skip-validation @team:DataDog/k9-cloud-siem + @skip-validation @team:DataDog/cloud-siem Scenario: Update a critical asset returns "OK" response Given new "UpdateSecurityMonitoringCriticalAsset" request And there is a valid "critical_asset" in the system @@ -3114,7 +3114,7 @@ Feature: Security Monitoring And the response "data.attributes.enabled" is equal to false And the response "data.attributes.version" is equal to 2 - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Update a custom framework returns "Bad Request" response Given new "UpdateCustomFramework" request And request contains "handle" parameter with value "create-framework-new" @@ -3123,7 +3123,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @replay-only @team:DataDog/k9-cloud-siem + @replay-only @team:DataDog/cloud-siem Scenario: Update a custom framework returns "OK" response Given there is a valid "custom_framework" in the system And new "UpdateCustomFramework" request @@ -3133,7 +3133,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Update a dataset returns "Bad Request" response Given operation "UpdateSecurityMonitoringDataset" enabled And new "UpdateSecurityMonitoringDataset" request @@ -3142,7 +3142,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Update a dataset returns "Conflict" response Given operation "UpdateSecurityMonitoringDataset" enabled And new "UpdateSecurityMonitoringDataset" request @@ -3151,7 +3151,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 409 Conflict - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Update a dataset returns "No Content" response Given operation "UpdateSecurityMonitoringDataset" enabled And new "UpdateSecurityMonitoringDataset" request @@ -3160,7 +3160,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 204 No Content - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Update a dataset returns "Not Found" response Given operation "UpdateSecurityMonitoringDataset" enabled And new "UpdateSecurityMonitoringDataset" request @@ -3247,7 +3247,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 422 Unprocessable Entity - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Update a security filter returns "Bad Request" response Given new "UpdateSecurityFilter" request And request contains "security_filter_id" parameter from "REPLACE.ME" @@ -3255,7 +3255,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Update a security filter returns "Concurrent Modification" response Given new "UpdateSecurityFilter" request And request contains "security_filter_id" parameter from "REPLACE.ME" @@ -3263,7 +3263,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 409 Concurrent Modification - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Update a security filter returns "Not Found" response Given new "UpdateSecurityFilter" request And request contains "security_filter_id" parameter from "REPLACE.ME" @@ -3271,7 +3271,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Update a security filter returns "OK" response Given new "UpdateSecurityFilter" request And there is a valid "security_filter" in the system @@ -3283,7 +3283,7 @@ Feature: Security Monitoring And the response "data.attributes.filtered_data_type" is equal to "logs" And the response "data.attributes.name" is equal to "{{ unique }}" - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Update a suppression rule returns "Bad Request" response Given new "UpdateSecurityMonitoringSuppression" request And request contains "suppression_id" parameter from "REPLACE.ME" @@ -3291,7 +3291,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Update a suppression rule returns "Concurrent Modification" response Given new "UpdateSecurityMonitoringSuppression" request And request contains "suppression_id" parameter from "REPLACE.ME" @@ -3299,7 +3299,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 409 Concurrent Modification - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Update a suppression rule returns "Not Found" response Given new "UpdateSecurityMonitoringSuppression" request And request contains "suppression_id" parameter from "REPLACE.ME" @@ -3307,7 +3307,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @skip-validation @team:DataDog/k9-cloud-siem + @skip-validation @team:DataDog/cloud-siem Scenario: Update a suppression rule returns "OK" response Given new "UpdateSecurityMonitoringSuppression" request And there is a valid "suppression" in the system @@ -3358,7 +3358,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 422 Unprocessable Entity - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Update an entity context sync configuration returns "Bad Request" response Given operation "UpdateSecurityMonitoringIntegrationConfig" enabled And new "UpdateSecurityMonitoringIntegrationConfig" request @@ -3367,7 +3367,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Update an entity context sync configuration returns "Not Found" response Given operation "UpdateSecurityMonitoringIntegrationConfig" enabled And new "UpdateSecurityMonitoringIntegrationConfig" request @@ -3376,7 +3376,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Update an entity context sync configuration returns "OK" response Given operation "UpdateSecurityMonitoringIntegrationConfig" enabled And new "UpdateSecurityMonitoringIntegrationConfig" request @@ -3385,7 +3385,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @skip-validation @team:DataDog/k9-cloud-siem + @skip-validation @team:DataDog/cloud-siem Scenario: Update an existing rule returns "Bad Request" response Given new "UpdateSecurityMonitoringRule" request And there is a valid "security_rule" in the system @@ -3394,7 +3394,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Update an existing rule returns "Not Found" response Given new "UpdateSecurityMonitoringRule" request And request contains "rule_id" parameter with value "abcde-12345" @@ -3402,7 +3402,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @skip-validation @team:DataDog/k9-cloud-siem + @skip-validation @team:DataDog/cloud-siem Scenario: Update an existing rule returns "OK" response Given new "UpdateSecurityMonitoringRule" request And there is a valid "security_rule" in the system @@ -3413,21 +3413,21 @@ Feature: Security Monitoring And the response "name" is equal to "{{ unique }}-Updated" And the response "id" has the same value as "security_rule.id" - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Update resource filters returns "Bad Request" response Given new "UpdateResourceEvaluationFilters" request And body with value {"data": {"attributes": {"cloud_provider": {"invalid": {"aws_account_id": ["tag1:v1"]}}}, "id": "csm_resource_filter", "type": "csm_resource_filter"}} When the request is sent Then the response status is 400 Bad Request - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Update resource filters returns "OK" response Given new "UpdateResourceEvaluationFilters" request And body with value {"data": {"attributes": {"cloud_provider": {"aws": {"aws_account_id": ["tag1:v1"]}}}, "id": "csm_resource_filter", "type": "csm_resource_filter"}} When the request is sent Then the response status is 201 OK - @skip @team:DataDog/k9-cloud-siem + @skip @team:DataDog/cloud-siem Scenario: Update security signal triage state or assignee returns "Bad Request" response Given new "EditSecurityMonitoringSignal" request And request contains "signal_id" parameter from "REPLACE.ME" @@ -3435,7 +3435,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @skip @team:DataDog/k9-cloud-siem + @skip @team:DataDog/cloud-siem Scenario: Update security signal triage state or assignee returns "Not Found" response Given new "EditSecurityMonitoringSignal" request And request contains "signal_id" parameter from "REPLACE.ME" @@ -3443,7 +3443,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @skip @team:DataDog/k9-cloud-siem + @skip @team:DataDog/cloud-siem Scenario: Update security signal triage state or assignee returns "OK" response Given new "EditSecurityMonitoringSignal" request And request contains "signal_id" parameter from "REPLACE.ME" @@ -3451,49 +3451,49 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @skip-go @skip-java @skip-python @skip-ruby @skip-rust @skip-typescript @skip-validation @team:DataDog/k9-cloud-siem + @skip-go @skip-java @skip-python @skip-ruby @skip-rust @skip-typescript @skip-validation @team:DataDog/cloud-siem Scenario: Validate a detection rule returns "Bad Request" response Given new "ValidateSecurityMonitoringRule" request And body with value {"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 0"}],"hasExtendedTitle":true,"isEnabled":true,"message":"My security monitoring rule","name":"My security monitoring rule","options":{"evaluationWindow":1800,"keepAlive":999999,"maxSignalDuration":1800,"detectionMethod":"threshold"},"queries":[{"query":"source:source_here","groupByFields":["@userIdentity.assumed_role"],"distinctFields":[],"aggregation":"count","name":""}],"tags":["env:prod","team:security"],"type":"log_detection"} When the request is sent Then the response status is 400 Bad Request - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Validate a detection rule returns "OK" response Given new "ValidateSecurityMonitoringRule" request And body with value {"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 0"}],"hasExtendedTitle":true,"isEnabled":true,"message":"My security monitoring rule","name":"My security monitoring rule","options":{"evaluationWindow":1800,"keepAlive":1800,"maxSignalDuration":1800,"detectionMethod":"threshold"},"queries":[{"query":"source:source_here","groupByFields":["@userIdentity.assumed_role"],"distinctFields":[],"aggregation":"count","name":""}],"tags":["env:prod","team:security"],"type":"log_detection"} When the request is sent Then the response status is 204 OK - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Validate a detection rule with detection method 'new_value' with enabled feature 'instantaneousBaseline' returns "OK" response Given new "ValidateSecurityMonitoringRule" request And body with value {"cases":[{"name":"","status":"info","notifications":[]}],"hasExtendedTitle":true,"isEnabled":true,"message":"My security monitoring rule","name":"My security monitoring rule","options":{"evaluationWindow":0,"keepAlive":300,"maxSignalDuration":600,"detectionMethod":"new_value","newValueOptions":{"forgetAfter":7,"instantaneousBaseline":true,"learningDuration":1,"learningThreshold":0,"learningMethod":"duration"}},"queries":[{"query":"source:source_here","groupByFields":["@userIdentity.assumed_role"],"distinctFields":[],"metric":"name","metrics":["name"],"aggregation":"new_value","name":"","dataSource":"logs"}],"tags":["env:prod","team:security"],"type":"log_detection"} When the request is sent Then the response status is 204 OK - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Validate a detection rule with detection method 'sequence_detection' returns "OK" response Given new "ValidateSecurityMonitoringRule" request And body with value {"cases":[{"name":"","status":"info","notifications":[],"condition":"step_b > 0"}],"hasExtendedTitle":true,"isEnabled":true,"message":"My security monitoring rule","name":"My security monitoring rule","options":{"evaluationWindow":0,"keepAlive":300,"maxSignalDuration":600,"detectionMethod":"sequence_detection","sequenceDetectionOptions":{"stepTransitions":[{"child":"step_b","evaluationWindow":900,"parent":"step_a"}],"steps":[{"condition":"a > 0","evaluationWindow":60,"name":"step_a"},{"condition":"b > 0","evaluationWindow":60,"name":"step_b"}]}},"queries":[{"query":"source:source_here","groupByFields":["@userIdentity.assumed_role"],"distinctFields":[],"aggregation":"count","name":""},{"query":"source:source_here2","groupByFields":[],"distinctFields":[],"aggregation":"count","name":""}],"tags":["env:prod","team:security"],"type":"log_detection"} When the request is sent Then the response status is 204 OK - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Validate a suppression rule returns "Bad Request" response Given new "ValidateSecurityMonitoringSuppression" request And body with value {"data": {"attributes": {"name" : "cold_harbour", "enabled": false, "rule_query":"rule:[A-Invalid", "data_exclusion_query": "not enough attributes"}, "type": "suppressions"}} When the request is sent Then the response status is 400 Bad Request - @team:DataDog/k9-cloud-siem + @team:DataDog/cloud-siem Scenario: Validate a suppression rule returns "OK" response Given new "ValidateSecurityMonitoringSuppression" request And body with value {"data": {"attributes": {"data_exclusion_query": "source:cloudtrail account_id:12345", "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail"}, "type": "suppressions"}} When the request is sent Then the response status is 204 OK - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Validate an entity context sync configuration returns "Bad Request" response Given operation "ValidateSecurityMonitoringIntegrationConfig" enabled And new "ValidateSecurityMonitoringIntegrationConfig" request @@ -3501,7 +3501,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Validate an entity context sync configuration returns "Not Found" response Given operation "ValidateSecurityMonitoringIntegrationConfig" enabled And new "ValidateSecurityMonitoringIntegrationConfig" request @@ -3509,7 +3509,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 404 Not Found - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Validate an entity context sync configuration returns "OK" response Given operation "ValidateSecurityMonitoringIntegrationConfig" enabled And new "ValidateSecurityMonitoringIntegrationConfig" request @@ -3517,7 +3517,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 200 OK - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Validate entity context sync credentials returns "Bad Request" response Given operation "ValidateSecurityMonitoringIntegrationCredentials" enabled And new "ValidateSecurityMonitoringIntegrationCredentials" request @@ -3525,7 +3525,7 @@ Feature: Security Monitoring When the request is sent Then the response status is 400 Bad Request - @generated @skip @team:DataDog/k9-cloud-siem + @generated @skip @team:DataDog/cloud-siem Scenario: Validate entity context sync credentials returns "OK" response Given operation "ValidateSecurityMonitoringIntegrationCredentials" enabled And new "ValidateSecurityMonitoringIntegrationCredentials" request