Security Monitoring - Validation Endpoint for Suppressions (#2642)

Co-authored-by: ci.datadog-api-spec <packages@datadoghq.com>

Author: api-clients-generation-pipeline[bot]

.generator/schemas/v2/openapi.yaml

@@ -64816,6 +64816,38 @@ paths:
       summary: Get suppressions affecting a specific rule
       tags:
       - Security Monitoring
+  /api/v2/security_monitoring/configuration/suppressions/validation:
+    post:
+      description: Validate a suppression rule.
+      operationId: ValidateSecurityMonitoringSuppression
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SecurityMonitoringSuppressionUpdateRequest'
+        required: true
+      responses:
+        '204':
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_suppressions_write
+      summary: Validate a suppression rule
+      tags:
+      - Security Monitoring
+      x-codegen-request-body-name: body
+      x-permission:
+        operator: OR
+        permissions:
+        - security_monitoring_suppressions_write
   /api/v2/security_monitoring/configuration/suppressions/{suppression_id}:
     delete:
       description: Delete a specific suppression rule.

cassettes/features/v2/security_monitoring/Validate-a-suppression-rule-returns-Bad-Request-response.frozen

@@ -0,0 +1 @@
+2025-09-01T21:36:42.334Z

cassettes/features/v2/security_monitoring/Validate-a-suppression-rule-returns-Bad-Request-response.yml

@@ -0,0 +1 @@
+2025-09-01T21:36:20.593Z

cassettes/features/v2/security_monitoring/Validate-a-suppression-rule-returns-OK-response.frozen

@@ -0,0 +1,18 @@
+# Validate a suppression rule returns "OK" response
+
+require "datadog_api_client"
+api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
+
+body = DatadogAPIClient::V2::SecurityMonitoringSuppressionUpdateRequest.new({
+  data: DatadogAPIClient::V2::SecurityMonitoringSuppressionUpdateData.new({
+    attributes: DatadogAPIClient::V2::SecurityMonitoringSuppressionUpdateAttributes.new({
+      data_exclusion_query: "source:cloudtrail account_id:12345",
+      description: "This rule suppresses low-severity signals in staging environments.",
+      enabled: true,
+      name: "Custom suppression",
+      rule_query: "type:log_detection source:cloudtrail",
+    }),
+    type: DatadogAPIClient::V2::SecurityMonitoringSuppressionType::SUPPRESSIONS,
+  }),
+})
+api_instance.validate_security_monitoring_suppression(body)

cassettes/features/v2/security_monitoring/Validate-a-suppression-rule-returns-OK-response.yml

@@ -1360,6 +1360,9 @@
     "v2.GetSuppressionsAffectingRule" => {
             "rule_id" => "String",
     },
+    "v2.ValidateSecurityMonitoringSuppression" => {
+            "body" => "SecurityMonitoringSuppressionUpdateRequest",
+    },
     "v2.DeleteSecurityMonitoringSuppression" => {
             "suppression_id" => "String",
     },

examples/v2/security-monitoring/ValidateSecurityMonitoringSuppression.rb

@@ -1389,3 +1389,17 @@ Feature: Security Monitoring
     And body with value {"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 0"}],"hasExtendedTitle":true,"isEnabled":true,"message":"My security monitoring rule","name":"My security monitoring rule","options":{"evaluationWindow":1800,"keepAlive":1800,"maxSignalDuration":1800,"detectionMethod":"threshold"},"queries":[{"query":"source:source_here","groupByFields":["@userIdentity.assumed_role"],"distinctFields":[],"aggregation":"count","name":""}],"tags":["env:prod","team:security"],"type":"log_detection"}
     When the request is sent
     Then the response status is 204 OK
+
+  @team:DataDog/k9-cloud-security-platform
+  Scenario: Validate a suppression rule returns "Bad Request" response
+    Given new "ValidateSecurityMonitoringSuppression" request
+    And body with value {"data": {"attributes": {"data_exclusion_query": "not enough attributes"}, "type": "suppressions"}}
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @team:DataDog/k9-cloud-security-platform
+  Scenario: Validate a suppression rule returns "OK" response
+    Given new "ValidateSecurityMonitoringSuppression" request
+    And body with value {"data": {"attributes": {"data_exclusion_query": "source:cloudtrail account_id:12345", "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail"}, "type": "suppressions"}}
+    When the request is sent
+    Then the response status is 204 OK

features/scenarios_model_mapping.rb

@@ -3024,6 +3024,12 @@
       "type": "safe"
     }
   },
+  "ValidateSecurityMonitoringSuppression": {
+    "tag": "Security Monitoring",
+    "undo": {
+      "type": "idempotent"
+    }
+  },
   "DeleteSecurityMonitoringSuppression": {
     "tag": "Security Monitoring",
     "undo": {

features/v2/security_monitoring.feature

@@ -4468,5 +4468,72 @@ def validate_security_monitoring_rule_with_http_info(body, opts = {})
       end
       return data, status_code, headers
     end
+
+    # Validate a suppression rule.
+    #
+    # @see #validate_security_monitoring_suppression_with_http_info
+    def validate_security_monitoring_suppression(body, opts = {})
+      validate_security_monitoring_suppression_with_http_info(body, opts)
+      nil
+    end
+
+    # Validate a suppression rule.
+    #
+    # Validate a suppression rule.
+    #
+    # @param body [SecurityMonitoringSuppressionUpdateRequest] 
+    # @param opts [Hash] the optional parameters
+    # @return [Array<(nil, Integer, Hash)>] nil, response status code and response headers
+    def validate_security_monitoring_suppression_with_http_info(body, opts = {})
+
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: SecurityMonitoringAPI.validate_security_monitoring_suppression ...'
+      end
+      # verify the required parameter 'body' is set
+      if @api_client.config.client_side_validation && body.nil?
+        fail ArgumentError, "Missing the required parameter 'body' when calling SecurityMonitoringAPI.validate_security_monitoring_suppression"
+      end
+      # resource path
+      local_var_path = '/api/v2/security_monitoring/configuration/suppressions/validation'
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['*/*'])
+      # HTTP header 'Content-Type'
+      header_params['Content-Type'] = @api_client.select_header_content_type(['application/json'])
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body] || @api_client.object_to_http_body(body)
+
+      # return_type
+      return_type = opts[:debug_return_type]
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth, :AuthZ]
+
+      new_options = opts.merge(
+        :operation => :validate_security_monitoring_suppression,
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type,
+        :api_version => "V2"
+      )
+
+      data, status_code, headers = @api_client.call_api(Net::HTTP::Post, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: SecurityMonitoringAPI#validate_security_monitoring_suppression\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
   end
 end