Test an existing rule
POST {{baseUrl}}/api/v2/security_monitoring/rules/:rule_id/test
Test an existing rule.
Request Body
{"rule"=>{"name"=>"My security monitoring rule.", "isEnabled"=>true, "options"=>{"complianceRuleOptions"=>{"complexRule"=>false, "regoRule"=>{"policy"=>"package datadog\n\nimport data.datadog.output as dd_output\nimport future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\neval(resource) = \"skip\" if {\n # Logic that evaluates to true if the resource should be skipped\n true\n} else = \"pass\" {\n # Logic that evaluates to true if the resource is compliant\n true\n} else = \"fail\" {\n # Logic that evaluates to true if the resource is not compliant\n true\n}\n\n# This part remains unchanged for all rules\nresults contains result if {\n some resource in input.resources[input.main_resource_type]\n result := dd_output.format(resource, eval(resource))\n}\n", "resourceTypes"=>["gcp_iam_service_account", "gcp_iam_policy"]}, "resourceType"=>"aws_acm"}, "decreaseCriticalityBasedOnEnv"=>false, "detectionMethod"=>"impossible_travel", "evaluationWindow"=>1800, "hardcodedEvaluatorType"=>"log4shell", "impossibleTravelOptions"=>{"baselineUserLocations"=>true}, "keepAlive"=>3600, "maxSignalDuration"=>900, "newValueOptions"=>{"forgetAfter"=>2, "learningDuration"=>0, "learningMethod"=>"duration", "learningThreshold"=>0}, "thirdPartyRuleOptions"=>{"defaultNotifications"=>["elit culpa", "anim elit sit minim"], "defaultStatus"=>"critical", "rootQueries"=>[{"groupByFields"=>["occaecat minim sed ", "Ut consequat"], "query"=>"source:cloudtrail"}, {"groupByFields"=>["qui sed Lorem voluptate", "in do laboris pariatur"], "query"=>"source:cloudtrail"}], "signalTitleTemplate"=>"amet magna"}}, "message"=>"", "filters"=>[{"action"=>"suppress", "query"=>"consequat velit id minim"}, {"action"=>"require", "query"=>"sint dolor ea dolore aliquip"}], "hasExtendedTitle"=>true, "tags"=>["env:prod", "team:security"], "type"=>"log_detection"}, "ruleQueryPayloads"=>[{"expectedResult"=>true, "index"=>0, "payload"=>{"ddsource"=>"nginx", "ddtags"=>"env:staging,version:5.1", "hostname"=>"i-012345678", "message"=>"2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World", "service"=>"payment"}}, {"expectedResult"=>true, "index"=>0, "payload"=>{"ddsource"=>"nginx", "ddtags"=>"env:staging,version:5.1", "hostname"=>"i-012345678", "message"=>"2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World", "service"=>"payment"}}]}
HEADERS
| Key | Datatype | Required | Description |
|---|---|---|---|
Content-Type | string | ||
Accept | string |
RESPONSES
status: OK
{"results":[false,true]}