diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 0263793da4..cd37458693 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -62234,19 +62234,23 @@ components: - DONE - TIMEOUT SecurityMonitoringContentPackActivation: - description: The activation status of a content pack + description: The activation status of a content pack. enum: - never_activated - activated - deactivated example: activated type: string + x-enum-descriptions: + - Pack has never been activated for this organization. + - Pack is currently activated. + - Pack was previously activated but has since been deactivated. x-enum-varnames: - NEVER_ACTIVATED - ACTIVATED - DEACTIVATED SecurityMonitoringContentPackIntegrationStatus: - description: The installation status of the related integration + description: The installation status of the related integration. enum: - installed - available @@ -62255,6 +62259,12 @@ components: - error example: installed type: string + x-enum-descriptions: + - Integration is fully installed. + - Integration exists in the catalog but is not installed. + - Integration is only partially configured. + - Integration detected (for example, logs are flowing) but not explicitly installed. + - Integration is in an error state. x-enum-varnames: - INSTALLED - AVAILABLE @@ -62271,7 +62281,9 @@ components: cp_activation: $ref: "#/components/schemas/SecurityMonitoringContentPackActivation" filters_configured_for_logs: - description: Whether filters (Security Filters or Index Query depending on the pricing model) are configured for logs + description: |- + Whether filters (Security Filters or Index Query depending on the pricing model) are + present and correctly configured to route logs into Cloud SIEM. example: true type: boolean integration_installed_status: @@ -62279,7 +62291,7 @@ components: logs_last_collected: $ref: "#/components/schemas/SecurityMonitoringContentPackTimestampBucket" logs_seen_from_any_index: - description: Whether logs have been seen from any index + description: Whether logs for this content pack have been seen in any Datadog index within the last 72 hours. example: true type: boolean state: @@ -62344,7 +62356,7 @@ components: - meta type: object SecurityMonitoringContentPackStatus: - description: The current status of a content pack + description: The current operational status of a content pack. enum: - install - activate @@ -62354,6 +62366,13 @@ components: - broken example: active type: string + x-enum-descriptions: + - Not activated; no logs detected in the last 72 hours. + - Not activated; logs are flowing into a Datadog index but not yet routed through Cloud SIEM. + - Activated; awaiting first log ingestion. + - Activated; logs received within the last 24 hours. + - Activated; integration not installed or logs last seen 24 to 72 hours ago. + - Activated; no logs for over 72 hours, filter missing, or Cloud SIEM index incorrectly ordered. x-enum-varnames: - INSTALL - ACTIVATE @@ -62362,7 +62381,7 @@ components: - WARNING - BROKEN SecurityMonitoringContentPackTimestampBucket: - description: Timestamp bucket indicating when logs were last collected + description: Timestamp bucket indicating when logs were last collected. enum: - not_seen - within_24_hours @@ -62371,6 +62390,12 @@ components: - over_30d example: within_24_hours type: string + x-enum-descriptions: + - No logs observed. + - Logs received within the last 24 hours. + - Logs last seen 24 to 72 hours ago. + - Logs last seen 3 to 30 days ago. + - Logs last seen more than 30 days ago. x-enum-varnames: - NOT_SEEN - WITHIN_24_HOURS @@ -63461,7 +63486,7 @@ components: - $ref: "#/components/schemas/SecurityMonitoringSignalRulePayload" - $ref: "#/components/schemas/CloudConfigurationRulePayload" SecurityMonitoringSKU: - description: The SIEM pricing model (SKU) for the organization + description: The Cloud SIEM pricing model (SKU) for the organization. enum: - per_gb_analyzed - per_event_in_siem_index_2023 @@ -117994,9 +118019,8 @@ paths: /api/v2/security_monitoring/content_packs/states: get: description: |- - Get the activation and configuration states for all security monitoring content packs. - This endpoint returns status information about each content pack including activation state, - integration status, and log collection status. + Get the activation state, integration status, and log collection status + for all Cloud SIEM content packs. operationId: GetContentPacksStates responses: "200": @@ -118019,21 +118043,31 @@ paths: description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_filters_read summary: Get content pack states tags: - Security Monitoring + "x-permission": + operator: OR + permissions: + - security_monitoring_filters_read + - logs_read_index_data x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/security_monitoring/content_packs/{content_pack_id}/activate: put: description: |- - Activate a security monitoring content pack. This operation configures the necessary + Activate a Cloud SIEM content pack. This operation configures the necessary log filters or security filters depending on the pricing model and updates the content pack activation state. operationId: ActivateContentPack parameters: - - description: The ID of the content pack to activate. + - description: The ID of the content pack to activate (for example, `aws-cloudtrail`). in: path name: content_pack_id required: true @@ -118057,20 +118091,30 @@ paths: description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_filters_write summary: Activate content pack tags: - Security Monitoring + "x-permission": + operator: OR + permissions: + - security_monitoring_filters_write + - logs_modify_indexes x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/security_monitoring/content_packs/{content_pack_id}/deactivate: put: description: |- - Deactivate a security monitoring content pack. This operation removes the content pack's + Deactivate a Cloud SIEM content pack. This operation removes the content pack's configuration from log filters or security filters and updates the content pack activation state. operationId: DeactivateContentPack parameters: - - description: The ID of the content pack to deactivate. + - description: The ID of the content pack to deactivate (for example, `aws-cloudtrail`). in: path name: content_pack_id required: true @@ -118094,9 +118138,19 @@ paths: description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_filters_write summary: Deactivate content pack tags: - Security Monitoring + "x-permission": + operator: OR + permissions: + - security_monitoring_filters_write + - logs_modify_indexes x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). diff --git a/src/datadog_api_client/v2/api/security_monitoring_api.py b/src/datadog_api_client/v2/api/security_monitoring_api.py index beae891b36..890b53b4fe 100644 --- a/src/datadog_api_client/v2/api/security_monitoring_api.py +++ b/src/datadog_api_client/v2/api/security_monitoring_api.py @@ -188,7 +188,7 @@ def __init__(self, api_client=None): self._activate_content_pack_endpoint = _Endpoint( settings={ "response_type": None, - "auth": ["apiKeyAuth", "appKeyAuth"], + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], "endpoint_path": "/api/v2/security_monitoring/content_packs/{content_pack_id}/activate", "operation_id": "activate_content_pack", "http_method": "PUT", @@ -635,7 +635,7 @@ def __init__(self, api_client=None): self._deactivate_content_pack_endpoint = _Endpoint( settings={ "response_type": None, - "auth": ["apiKeyAuth", "appKeyAuth"], + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], "endpoint_path": "/api/v2/security_monitoring/content_packs/{content_pack_id}/deactivate", "operation_id": "deactivate_content_pack", "http_method": "PUT", @@ -975,7 +975,7 @@ def __init__(self, api_client=None): self._get_content_packs_states_endpoint = _Endpoint( settings={ "response_type": (SecurityMonitoringContentPackStatesResponse,), - "auth": ["apiKeyAuth", "appKeyAuth"], + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], "endpoint_path": "/api/v2/security_monitoring/content_packs/states", "operation_id": "get_content_packs_states", "http_method": "GET", @@ -2943,11 +2943,11 @@ def activate_content_pack( ) -> None: """Activate content pack. - Activate a security monitoring content pack. This operation configures the necessary + Activate a Cloud SIEM content pack. This operation configures the necessary log filters or security filters depending on the pricing model and updates the content pack activation state. - :param content_pack_id: The ID of the content pack to activate. + :param content_pack_id: The ID of the content pack to activate (for example, ``aws-cloudtrail`` ). :type content_pack_id: str :rtype: None """ @@ -3349,10 +3349,10 @@ def deactivate_content_pack( ) -> None: """Deactivate content pack. - Deactivate a security monitoring content pack. This operation removes the content pack's + Deactivate a Cloud SIEM content pack. This operation removes the content pack's configuration from log filters or security filters and updates the content pack activation state. - :param content_pack_id: The ID of the content pack to deactivate. + :param content_pack_id: The ID of the content pack to deactivate (for example, ``aws-cloudtrail`` ). :type content_pack_id: str :rtype: None """ @@ -3614,9 +3614,8 @@ def get_content_packs_states( ) -> SecurityMonitoringContentPackStatesResponse: """Get content pack states. - Get the activation and configuration states for all security monitoring content packs. - This endpoint returns status information about each content pack including activation state, - integration status, and log collection status. + Get the activation state, integration status, and log collection status + for all Cloud SIEM content packs. :rtype: SecurityMonitoringContentPackStatesResponse """ diff --git a/src/datadog_api_client/v2/model/security_monitoring_content_pack_activation.py b/src/datadog_api_client/v2/model/security_monitoring_content_pack_activation.py index 735b621113..d6fd274f87 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_content_pack_activation.py +++ b/src/datadog_api_client/v2/model/security_monitoring_content_pack_activation.py @@ -14,7 +14,7 @@ class SecurityMonitoringContentPackActivation(ModelSimple): """ - The activation status of a content pack + The activation status of a content pack. :param value: Must be one of ["never_activated", "activated", "deactivated"]. :type value: str diff --git a/src/datadog_api_client/v2/model/security_monitoring_content_pack_integration_status.py b/src/datadog_api_client/v2/model/security_monitoring_content_pack_integration_status.py index 50ce284b88..67490be7f2 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_content_pack_integration_status.py +++ b/src/datadog_api_client/v2/model/security_monitoring_content_pack_integration_status.py @@ -14,7 +14,7 @@ class SecurityMonitoringContentPackIntegrationStatus(ModelSimple): """ - The installation status of the related integration + The installation status of the related integration. :param value: Must be one of ["installed", "available", "partially_installed", "detected", "error"]. :type value: str diff --git a/src/datadog_api_client/v2/model/security_monitoring_content_pack_state_attributes.py b/src/datadog_api_client/v2/model/security_monitoring_content_pack_state_attributes.py index ed09ca55db..4f9946a2d3 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_content_pack_state_attributes.py +++ b/src/datadog_api_client/v2/model/security_monitoring_content_pack_state_attributes.py @@ -79,22 +79,23 @@ def __init__( :param cloud_siem_index_incorrect: Whether the cloud SIEM index configuration is incorrect (only applies to certain pricing models) :type cloud_siem_index_incorrect: bool - :param cp_activation: The activation status of a content pack + :param cp_activation: The activation status of a content pack. :type cp_activation: SecurityMonitoringContentPackActivation - :param filters_configured_for_logs: Whether filters (Security Filters or Index Query depending on the pricing model) are configured for logs + :param filters_configured_for_logs: Whether filters (Security Filters or Index Query depending on the pricing model) are + present and correctly configured to route logs into Cloud SIEM. :type filters_configured_for_logs: bool - :param integration_installed_status: The installation status of the related integration + :param integration_installed_status: The installation status of the related integration. :type integration_installed_status: SecurityMonitoringContentPackIntegrationStatus, optional - :param logs_last_collected: Timestamp bucket indicating when logs were last collected + :param logs_last_collected: Timestamp bucket indicating when logs were last collected. :type logs_last_collected: SecurityMonitoringContentPackTimestampBucket - :param logs_seen_from_any_index: Whether logs have been seen from any index + :param logs_seen_from_any_index: Whether logs for this content pack have been seen in any Datadog index within the last 72 hours. :type logs_seen_from_any_index: bool - :param state: The current status of a content pack + :param state: The current operational status of a content pack. :type state: SecurityMonitoringContentPackStatus """ if integration_installed_status is not unset: diff --git a/src/datadog_api_client/v2/model/security_monitoring_content_pack_state_meta.py b/src/datadog_api_client/v2/model/security_monitoring_content_pack_state_meta.py index 3b9aac7ffc..4f37a6b107 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_content_pack_state_meta.py +++ b/src/datadog_api_client/v2/model/security_monitoring_content_pack_state_meta.py @@ -37,7 +37,7 @@ def __init__(self_, cloud_siem_index_incorrect: bool, sku: SecurityMonitoringSKU :param cloud_siem_index_incorrect: Whether the cloud SIEM index configuration is incorrect at the organization level :type cloud_siem_index_incorrect: bool - :param sku: The SIEM pricing model (SKU) for the organization + :param sku: The Cloud SIEM pricing model (SKU) for the organization. :type sku: SecurityMonitoringSKU """ super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/security_monitoring_content_pack_status.py b/src/datadog_api_client/v2/model/security_monitoring_content_pack_status.py index a8f83bec1d..efdcbe2da7 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_content_pack_status.py +++ b/src/datadog_api_client/v2/model/security_monitoring_content_pack_status.py @@ -14,7 +14,7 @@ class SecurityMonitoringContentPackStatus(ModelSimple): """ - The current status of a content pack + The current operational status of a content pack. :param value: Must be one of ["install", "activate", "initializing", "active", "warning", "broken"]. :type value: str diff --git a/src/datadog_api_client/v2/model/security_monitoring_content_pack_timestamp_bucket.py b/src/datadog_api_client/v2/model/security_monitoring_content_pack_timestamp_bucket.py index 672ce48dcd..cfec617fb5 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_content_pack_timestamp_bucket.py +++ b/src/datadog_api_client/v2/model/security_monitoring_content_pack_timestamp_bucket.py @@ -14,7 +14,7 @@ class SecurityMonitoringContentPackTimestampBucket(ModelSimple): """ - Timestamp bucket indicating when logs were last collected + Timestamp bucket indicating when logs were last collected. :param value: Must be one of ["not_seen", "within_24_hours", "within_24_to_72_hours", "over_72h_to_30d", "over_30d"]. :type value: str diff --git a/src/datadog_api_client/v2/model/security_monitoring_sku.py b/src/datadog_api_client/v2/model/security_monitoring_sku.py index 82a8815a64..4abab4f991 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_sku.py +++ b/src/datadog_api_client/v2/model/security_monitoring_sku.py @@ -14,7 +14,7 @@ class SecurityMonitoringSKU(ModelSimple): """ - The SIEM pricing model (SKU) for the organization + The Cloud SIEM pricing model (SKU) for the organization. :param value: Must be one of ["per_gb_analyzed", "per_event_in_siem_index_2023", "add_on_2024"]. :type value: str