Add dd_security_events option to spec (#17737)

Author: clarkb7

win32_event_log/assets/configuration/spec.yaml

@@ -80,8 +80,27 @@ files:
         channel (you cannot subscribe to Analytic or Debug channels).
 
         The path is required if `legacy_mode` is set to `false`.
+
+        The `path` option cannot be used with the `dd_security_events` option.
       value:
         type: string
+    - name: dd_security_events
+      description: |
+        Starting with Agent 7.54, you can automatically send Security Events to Datadog as Logs
+        by using the `dd_security_events` option.
+
+        Supported values:
+          - `low`: sends only the most important and crtical Security events
+          - `high`: sends a higher volume of Security events
+
+        The `dd_security_events` option cannot be used with the `path` option.
+      value:
+        type: string
+        display_default:
+        example: high
+        enum:
+        - high
+        - low
     - name: start
       description: |
         The point at which to start the event subscription.

win32_event_log/datadog_checks/win32_event_log/check.py

@@ -59,6 +59,8 @@ class Win32EventLogCheck(AgentCheck, ConfigMixin):
         'event_format',
     )
 
+    NEW_PARAMS = ('dd_security_events',)
+
     # https://docs.microsoft.com/en-us/windows/win32/wes/eventmanifestschema-leveltype-complextype#remarks
     #
     # From
@@ -154,6 +156,10 @@ def __init__(self, name, init_config, instances):
                     "%s config option is ignored unless running legacy mode. Please remove it", legacy_param
                 )
 
+        for new_param in self.NEW_PARAMS:
+            if new_param in self.instance:
+                self.warning("%s config option is ignored when running legacy_mode_v2. Please remove it", new_param)
+
     def check(self, _):
         for event in self.consume_events():
             try:

win32_event_log/datadog_checks/win32_event_log/config_models/instance.py

@@ -49,6 +49,7 @@ class InstanceConfig(BaseModel):
     )
     auth_type: Optional[Literal['default', 'negotiate', 'kerberos', 'ntlm']] = None
     bookmark_frequency: Optional[int] = None
+    dd_security_events: Optional[Literal['high', 'low']] = None
     disable_generic_tags: Optional[bool] = None
     domain: Optional[str] = None
     empty_default_hostname: Optional[bool] = None

win32_event_log/datadog_checks/win32_event_log/data/conf.yaml.example

@@ -72,9 +72,23 @@ instances:
     ## channel (you cannot subscribe to Analytic or Debug channels).
     ##
     ## The path is required if `legacy_mode` is set to `false`.
+    ##
+    ## The `path` option cannot be used with the `dd_security_events` option.
     #
     # path: <PATH>
 
+    ## @param dd_security_events - string - optional
+    ## Starting with Agent 7.54, you can automatically send Security Events to Datadog as Logs
+    ## by using the `dd_security_events` option.
+    ##
+    ## Supported values:
+    ##   - `low`: sends only the most important and crtical Security events
+    ##   - `high`: sends a higher volume of Security events
+    ##
+    ## The `dd_security_events` option cannot be used with the `path` option.
+    #
+    # dd_security_events: high
+
     ## @param start - string - optional - default: now
     ## The point at which to start the event subscription.
     ##

win32_event_log/datadog_checks/win32_event_log/legacy/win32_event_log.py

@@ -38,6 +38,7 @@ class Win32EventLogWMI(WinWMICheck):
         'timeout',
         'payload_size',
         'bookmark_frequency',
+        'dd_security_events',
     )
 
     def __init__(self, name, init_config, instances):

win32_event_log/tests/test_config.py

@@ -16,3 +16,18 @@ def test_invalid_message_filter_regular_expression(dd_run_check, new_check, inst
         match='Error compiling pattern for option `{}`: invalid group reference 1 at position 1'.format(option),
     ):
         dd_run_check(check)
+
+
+def test_legacy_v2_params_notice(dd_run_check, new_check, instance):
+    instance['dd_security_events'] = 'high'
+    check = new_check(instance)
+    dd_run_check(check)
+    assert (
+        'dd_security_events config option is ignored when running legacy_mode_v2. Please remove it'
+    ) in check.get_warnings()
+
+
+def test_legacy_v2_params_defaults_dont_notice(dd_run_check, new_check, instance):
+    check = new_check(instance)
+    dd_run_check(check)
+    assert not check.get_warnings()