arcade-mcp/toolkits/datadog_api/arcade_datadog_api/wrapper_tools/CreateSuppressionRule.json
jottakka f05560bbf4
[MOAR][DATADOG] Adding DataDog starter toolkit (+590) (#633)
Co-authored-by: Francisco Liberal <francisco@arcade.dev>
2025-10-20 15:49:48 -03:00

394 lines
18 KiB
JSON

{
"name": "CreateSuppressionRule",
"fully_qualified_name": "DatadogApi.CreateSuppressionRule@0.1.0",
"description": "Create a new security monitoring suppression rule.\n\nUse this tool to create a new suppression rule in Datadog's security monitoring. It should be called when you need to suppress specific security alerts.",
"toolkit": {
"name": "ArcadeDatadogApi",
"description": null,
"version": "0.1.0"
},
"input": {
"parameters": [
{
"name": "suppression_rule_name",
"required": true,
"description": "The name of the suppression rule to be created.",
"value_schema": {
"val_type": "string",
"inner_val_type": null,
"enum": null,
"properties": null,
"inner_properties": null,
"description": "The name of the suppression rule."
},
"inferrable": true,
"http_endpoint_parameter_name": "data.attributes.name"
},
{
"name": "rule_query",
"required": true,
"description": "The rule criteria for the suppression rule using detection rules syntax.",
"value_schema": {
"val_type": "string",
"inner_val_type": null,
"enum": null,
"properties": null,
"inner_properties": null,
"description": "The rule query of the suppression rule, with the same syntax as the search bar for detection rules."
},
"inferrable": true,
"http_endpoint_parameter_name": "data.attributes.rule_query"
},
{
"name": "resource_type",
"required": true,
"description": "The type of the resource, which should always be `suppressions`.",
"value_schema": {
"val_type": "string",
"inner_val_type": null,
"enum": [
"suppressions"
],
"properties": null,
"inner_properties": null,
"description": "The type of the resource. The value should always be `suppressions`."
},
"inferrable": true,
"http_endpoint_parameter_name": "data.type"
},
{
"name": "enable_suppression_rule",
"required": true,
"description": "Enable the suppression rule. Use true to enable, false to disable.",
"value_schema": {
"val_type": "boolean",
"inner_val_type": null,
"enum": null,
"properties": null,
"inner_properties": null,
"description": "Whether the suppression rule is enabled."
},
"inferrable": true,
"http_endpoint_parameter_name": "data.attributes.enabled"
},
{
"name": "data_exclusion_query",
"required": false,
"description": "An exclusion query for input data to ignore events in suppression rules, applicable to logs, Agent events, etc.",
"value_schema": {
"val_type": "string",
"inner_val_type": null,
"enum": null,
"properties": null,
"inner_properties": null,
"description": "An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule."
},
"inferrable": true,
"http_endpoint_parameter_name": "data.attributes.data_exclusion_query"
},
{
"name": "suppression_rule_description",
"required": false,
"description": "A description for the suppression rule. Provide a clear and concise explanation of the rule's purpose.",
"value_schema": {
"val_type": "string",
"inner_val_type": null,
"enum": null,
"properties": null,
"inner_properties": null,
"description": "A description for the suppression rule."
},
"inferrable": true,
"http_endpoint_parameter_name": "data.attributes.description"
},
{
"name": "expiration_date_unix_ms",
"required": false,
"description": "A Unix millisecond timestamp for rule expiration. After this date, the rule will not suppress signals.",
"value_schema": {
"val_type": "integer",
"inner_val_type": null,
"enum": null,
"properties": null,
"inner_properties": null,
"description": "A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore."
},
"inferrable": true,
"http_endpoint_parameter_name": "data.attributes.expiration_date"
},
{
"name": "start_date_timestamp",
"required": false,
"description": "A Unix millisecond timestamp indicating when the suppression rule begins to suppress signals.",
"value_schema": {
"val_type": "integer",
"inner_val_type": null,
"enum": null,
"properties": null,
"inner_properties": null,
"description": "A Unix millisecond timestamp giving the start date for the suppression rule. After this date, it starts suppressing signals."
},
"inferrable": true,
"http_endpoint_parameter_name": "data.attributes.start_date"
},
{
"name": "suppression_query",
"required": false,
"description": "The query used to suppress signals in the security rule. Matches are not triggered.",
"value_schema": {
"val_type": "string",
"inner_val_type": null,
"enum": null,
"properties": null,
"inner_properties": null,
"description": "The suppression query of the suppression rule. If a signal matches this query, it is suppressed and is not triggered. It uses the same syntax as the queries to search signals in the Signals Explorer."
},
"inferrable": true,
"http_endpoint_parameter_name": "data.attributes.suppression_query"
}
]
},
"output": {
"description": "Response from the API endpoint 'CreateSecurityMonitoringSuppression'.",
"available_modes": [
"value",
"error",
"null"
],
"value_schema": {
"val_type": "json",
"inner_val_type": null,
"enum": null,
"properties": null,
"inner_properties": null,
"description": null
}
},
"requirements": {
"authorization": null,
"secrets": [
{
"key": "DATADOG_API_KEY"
},
{
"key": "DATADOG_APPLICATION_KEY"
},
{
"key": "DATADOG_BASE_URL"
}
],
"metadata": null
},
"deprecation_message": null,
"metadata": {
"object_type": "api_wrapper_tool",
"version": "1.1.0",
"description": "Tools that enable LLMs to interact directly with the Datadog API."
},
"http_endpoint": {
"metadata": {
"object_type": "http_endpoint",
"version": "1.2.0",
"description": ""
},
"url": "https://{datadog_base_url}/api/v2/security_monitoring/configuration/suppressions",
"http_method": "POST",
"headers": {},
"parameters": [
{
"name": "data.attributes.data_exclusion_query",
"tool_parameter_name": "data_exclusion_query",
"description": "An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.",
"value_schema": {
"val_type": "string",
"inner_val_type": null,
"enum": null,
"properties": null,
"inner_properties": null,
"description": "An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule."
},
"accepted_as": "body",
"required": false,
"deprecated": false,
"default": null,
"documentation_urls": []
},
{
"name": "data.attributes.description",
"tool_parameter_name": "suppression_rule_description",
"description": "A description for the suppression rule.",
"value_schema": {
"val_type": "string",
"inner_val_type": null,
"enum": null,
"properties": null,
"inner_properties": null,
"description": "A description for the suppression rule."
},
"accepted_as": "body",
"required": false,
"deprecated": false,
"default": null,
"documentation_urls": []
},
{
"name": "data.attributes.enabled",
"tool_parameter_name": "enable_suppression_rule",
"description": "Whether the suppression rule is enabled.",
"value_schema": {
"val_type": "boolean",
"inner_val_type": null,
"enum": null,
"properties": null,
"inner_properties": null,
"description": "Whether the suppression rule is enabled."
},
"accepted_as": "body",
"required": true,
"deprecated": false,
"default": null,
"documentation_urls": []
},
{
"name": "data.attributes.expiration_date",
"tool_parameter_name": "expiration_date_unix_ms",
"description": "A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore.",
"value_schema": {
"val_type": "integer",
"inner_val_type": null,
"enum": null,
"properties": null,
"inner_properties": null,
"description": "A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore."
},
"accepted_as": "body",
"required": false,
"deprecated": false,
"default": null,
"documentation_urls": []
},
{
"name": "data.attributes.name",
"tool_parameter_name": "suppression_rule_name",
"description": "The name of the suppression rule.",
"value_schema": {
"val_type": "string",
"inner_val_type": null,
"enum": null,
"properties": null,
"inner_properties": null,
"description": "The name of the suppression rule."
},
"accepted_as": "body",
"required": true,
"deprecated": false,
"default": null,
"documentation_urls": []
},
{
"name": "data.attributes.rule_query",
"tool_parameter_name": "rule_query",
"description": "The rule query of the suppression rule, with the same syntax as the search bar for detection rules.",
"value_schema": {
"val_type": "string",
"inner_val_type": null,
"enum": null,
"properties": null,
"inner_properties": null,
"description": "The rule query of the suppression rule, with the same syntax as the search bar for detection rules."
},
"accepted_as": "body",
"required": true,
"deprecated": false,
"default": null,
"documentation_urls": []
},
{
"name": "data.attributes.start_date",
"tool_parameter_name": "start_date_timestamp",
"description": "A Unix millisecond timestamp giving the start date for the suppression rule. After this date, it starts suppressing signals.",
"value_schema": {
"val_type": "integer",
"inner_val_type": null,
"enum": null,
"properties": null,
"inner_properties": null,
"description": "A Unix millisecond timestamp giving the start date for the suppression rule. After this date, it starts suppressing signals."
},
"accepted_as": "body",
"required": false,
"deprecated": false,
"default": null,
"documentation_urls": []
},
{
"name": "data.attributes.suppression_query",
"tool_parameter_name": "suppression_query",
"description": "The suppression query of the suppression rule. If a signal matches this query, it is suppressed and is not triggered. It uses the same syntax as the queries to search signals in the Signals Explorer.",
"value_schema": {
"val_type": "string",
"inner_val_type": null,
"enum": null,
"properties": null,
"inner_properties": null,
"description": "The suppression query of the suppression rule. If a signal matches this query, it is suppressed and is not triggered. It uses the same syntax as the queries to search signals in the Signals Explorer."
},
"accepted_as": "body",
"required": false,
"deprecated": false,
"default": null,
"documentation_urls": []
},
{
"name": "data.type",
"tool_parameter_name": "resource_type",
"description": "The type of the resource. The value should always be `suppressions`.",
"value_schema": {
"val_type": "string",
"inner_val_type": null,
"enum": [
"suppressions"
],
"properties": null,
"inner_properties": null,
"description": "The type of the resource. The value should always be `suppressions`."
},
"accepted_as": "body",
"required": true,
"deprecated": false,
"default": "suppressions",
"documentation_urls": []
}
],
"documentation_urls": [],
"secrets": [
{
"arcade_key": "DATADOG_API_KEY",
"parameter_name": "DD-API-KEY",
"accepted_as": "header",
"formatted_value": null,
"description": "",
"is_auth_token": false
},
{
"arcade_key": "DATADOG_APPLICATION_KEY",
"parameter_name": "DD-APPLICATION-KEY",
"accepted_as": "header",
"formatted_value": null,
"description": "",
"is_auth_token": false
},
{
"arcade_key": "DATADOG_BASE_URL",
"parameter_name": "datadog_base_url",
"accepted_as": "path",
"formatted_value": null,
"description": "",
"is_auth_token": false
}
],
"request_body_spec": "{\n \"content\": {\n \"application/json\": {\n \"schema\": {\n \"description\": \"Request object that includes the suppression rule that you would like to create.\",\n \"properties\": {\n \"data\": {\n \"description\": \"Object for a single suppression rule.\",\n \"properties\": {\n \"attributes\": {\n \"description\": \"Object containing the attributes of the suppression rule to be created.\",\n \"properties\": {\n \"data_exclusion_query\": {\n \"description\": \"An exclusion query on the input data of the security rules, which could be logs, Agent events, or other types of data based on the security rule. Events matching this query are ignored by any detection rules referenced in the suppression rule.\",\n \"example\": \"source:cloudtrail account_id:12345\",\n \"type\": \"string\"\n },\n \"description\": {\n \"description\": \"A description for the suppression rule.\",\n \"example\": \"This rule suppresses low-severity signals in staging environments.\",\n \"type\": \"string\"\n },\n \"enabled\": {\n \"description\": \"Whether the suppression rule is enabled.\",\n \"example\": true,\n \"type\": \"boolean\"\n },\n \"expiration_date\": {\n \"description\": \"A Unix millisecond timestamp giving an expiration date for the suppression rule. After this date, it won't suppress signals anymore.\",\n \"example\": 1703187336000,\n \"format\": \"int64\",\n \"type\": \"integer\"\n },\n \"name\": {\n \"description\": \"The name of the suppression rule.\",\n \"example\": \"Custom suppression\",\n \"type\": \"string\"\n },\n \"rule_query\": {\n \"description\": \"The rule query of the suppression rule, with the same syntax as the search bar for detection rules.\",\n \"example\": \"type:log_detection source:cloudtrail\",\n \"type\": \"string\"\n },\n \"start_date\": {\n \"description\": \"A Unix millisecond timestamp giving the start date for the suppression rule. After this date, it starts suppressing signals.\",\n \"example\": 1703187336000,\n \"format\": \"int64\",\n \"type\": \"integer\"\n },\n \"suppression_query\": {\n \"description\": \"The suppression query of the suppression rule. If a signal matches this query, it is suppressed and is not triggered. It uses the same syntax as the queries to search signals in the Signals Explorer.\",\n \"example\": \"env:staging status:low\",\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"name\",\n \"enabled\",\n \"rule_query\"\n ],\n \"type\": \"object\"\n },\n \"type\": {\n \"default\": \"suppressions\",\n \"description\": \"The type of the resource. The value should always be `suppressions`.\",\n \"enum\": [\n \"suppressions\"\n ],\n \"example\": \"suppressions\",\n \"type\": \"string\",\n \"x-enum-varnames\": [\n \"SUPPRESSIONS\"\n ]\n }\n },\n \"required\": [\n \"type\",\n \"attributes\"\n ],\n \"type\": \"object\"\n }\n },\n \"required\": [\n \"data\"\n ],\n \"type\": \"object\"\n }\n }\n },\n \"description\": \"The definition of the new suppression rule.\",\n \"required\": true\n}",
"use_request_body_schema_mode": false,
"validate_request_body_schema": false
}
}