Class: DatadogAPIClient::V2::SecurityMonitoringRuleOptions

Inherits:

Object

• Object
• DatadogAPIClient::V2::SecurityMonitoringRuleOptions

Includes:

BaseGenericModel

Defined in:

lib/datadog_api_client/v2/models/security_monitoring_rule_options.rb

Overview

Options on rules.

Instance Attribute Summary

• #compliance_rule_options ⇒ Object

  Options for cloud_configuration rules.

• #decrease_criticality_based_on_env ⇒ Object

  If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce signal noise.

• #detection_method ⇒ Object

  The detection method.

• #evaluation_window ⇒ Object

  A time window is specified to match when at least one of the cases matches true.

• #hardcoded_evaluator_type ⇒ Object

  Hardcoded evaluator type.

• #impossible_travel_options ⇒ Object

  Options on impossible travel rules.

• #keep_alive ⇒ Object

  Once a signal is generated, the signal will remain “open” if a case is matched at least once within this keep alive window.

• #max_signal_duration ⇒ Object

  A signal will “close” regardless of the query being matched once the time exceeds the maximum duration.

• #new_value_options ⇒ Object

  Options on new value rules.

Method Summary

Methods included from BaseGenericModel

included

Instance Attribute Details

#compliance_rule_options ⇒ Object

Options for cloud_configuration rules. Fields resourceType and regoRule are mandatory when managing custom cloud_configuration rules.

# File 'lib/datadog_api_client/v2/models/security_monitoring_rule_options.rb', line 31

def compliance_rule_options
  @compliance_rule_options
end

#decrease_criticality_based_on_env ⇒ Object

If true, signals in non-production environments have a lower severity than what is defined by the rule case, which can reduce signal noise. The severity is decreased by one level: CRITICAL in production becomes HIGH in non-production, HIGH becomes MEDIUM and so on. INFO remains INFO. The decrement is applied when the environment tag of the signal starts with staging, test or dev.

# File 'lib/datadog_api_client/v2/models/security_monitoring_rule_options.rb', line 36

def decrease_criticality_based_on_env
  @decrease_criticality_based_on_env
end

#detection_method ⇒ Object

The detection method.

# File 'lib/datadog_api_client/v2/models/security_monitoring_rule_options.rb', line 39

def detection_method
  @detection_method
end

#evaluation_window ⇒ Object

A time window is specified to match when at least one of the cases matches true. This is a sliding window and evaluates in real time.

# File 'lib/datadog_api_client/v2/models/security_monitoring_rule_options.rb', line 43

def evaluation_window
  @evaluation_window
end

#hardcoded_evaluator_type ⇒ Object

Hardcoded evaluator type.

# File 'lib/datadog_api_client/v2/models/security_monitoring_rule_options.rb', line 46

def hardcoded_evaluator_type
  @hardcoded_evaluator_type
end

#impossible_travel_options ⇒ Object

Options on impossible travel rules.

# File 'lib/datadog_api_client/v2/models/security_monitoring_rule_options.rb', line 49

def impossible_travel_options
  @impossible_travel_options
end

#keep_alive ⇒ Object

Once a signal is generated, the signal will remain “open” if a case is matched at least once within this keep alive window.

# File 'lib/datadog_api_client/v2/models/security_monitoring_rule_options.rb', line 53

def keep_alive
  @keep_alive
end

#max_signal_duration ⇒ Object

A signal will “close” regardless of the query being matched once the time exceeds the maximum duration. This time is calculated from the first seen timestamp.

# File 'lib/datadog_api_client/v2/models/security_monitoring_rule_options.rb', line 57

def max_signal_duration
  @max_signal_duration
end

#new_value_options ⇒ Object

Options on new value rules.

# File 'lib/datadog_api_client/v2/models/security_monitoring_rule_options.rb', line 60

def new_value_options
  @new_value_options
end