Regenerate client from commit b82392a of spec repo

Author: ci.datadog-api-spec

.generator/schemas/v2/openapi.yaml

@@ -60787,7 +60787,11 @@ components:
         - DONE
         - TIMEOUT
     SecurityMonitoringContentPackActivation:
-      description: The activation status of a content pack
+      description: |-
+        The activation lifecycle state of a content pack:
+        - `never_activated`: Pack has never been activated for this organization.
+        - `activated`: Pack is currently active.
+        - `deactivated`: Pack was previously activated but is now deactivated.
       enum:
         - never_activated
         - activated
@@ -60799,7 +60803,13 @@ components:
         - ACTIVATED
         - DEACTIVATED
     SecurityMonitoringContentPackIntegrationStatus:
-      description: The installation status of the related integration
+      description: |-
+        The installation status of the related Datadog integration:
+        - `installed`: Integration is fully installed.
+        - `available`: Integration exists in catalog but not installed.
+        - `partially_installed`: Integration is partially configured.
+        - `detected`: Integration detected (for example, logs flowing) but not explicitly installed.
+        - `error`: Integration in error state.
       enum:
         - installed
         - available
@@ -60818,21 +60828,24 @@ components:
       description: Attributes of a content pack state
       properties:
         cloud_siem_index_incorrect:
-          description: Whether the cloud SIEM index configuration is incorrect (only applies to certain pricing models)
+          description: >-
+            Whether the Cloud SIEM index is incorrectly configured at the content pack level, for example positioned below the catch-all `*` index so it cannot receive logs. Only meaningful for Standalone SKU. When `true`, the content pack status is `broken` regardless of other fields.
           example: false
           type: boolean
         cp_activation:
           $ref: "#/components/schemas/SecurityMonitoringContentPackActivation"
         filters_configured_for_logs:
-          description: Whether filters (Security Filters or Index Query depending on the pricing model) are configured for logs
+          description: >-
+            Whether the content pack's index query (Legacy SKU) or security filter (Standalone/Add-On SKU) is present and correctly configured to route logs into Cloud SIEM.
           example: true
           type: boolean
         integration_installed_status:
           $ref: "#/components/schemas/SecurityMonitoringContentPackIntegrationStatus"
         logs_last_collected:
           $ref: "#/components/schemas/SecurityMonitoringContentPackTimestampBucket"
         logs_seen_from_any_index:
-          description: Whether logs have been seen from any index
+          description: >-
+            Whether logs for this content pack have been seen in any Datadog index within the last 72 hours, regardless of whether the Cloud SIEM index or security filter is configured. Used to distinguish `install` (no logs anywhere) from `activate` (logs detected but pack not yet enabled).
           example: true
           type: boolean
         state:
@@ -60897,7 +60910,19 @@ components:
         - meta
       type: object
     SecurityMonitoringContentPackStatus:
-      description: The current status of a content pack
+      description: |-
+        The current operational status of a content pack:
+        - `install`: Pack is not activated and no logs have been detected in any index within the last 72 hours.
+        - `activate`: Pack is not activated but logs are already flowing into a Datadog index, indicating the integration
+          is sending data. Activating the pack will route those logs through Cloud SIEM.
+        - `initializing`: Pack has been activated and the security filter or index query is configured correctly,
+          but no logs have been received yet. Typically a transient state after first activation.
+        - `active`: Pack is activated and logs were received within the last 24 hours.
+        - `warning`: Pack is activated but degraded — either the integration tile is not installed and no logs have
+          been seen, or logs were last seen between 24 and 72 hours ago.
+        - `broken`: Pack is activated but not functioning — logs have not been seen for over 72 hours, the security
+          filter or index query is missing, or the Cloud SIEM index is positioned below the catch-all `*` index
+          (Standalone SKU only).
       enum:
         - install
         - activate
@@ -60915,7 +60940,14 @@ components:
         - WARNING
         - BROKEN
     SecurityMonitoringContentPackTimestampBucket:
-      description: Timestamp bucket indicating when logs were last collected
+      description: |-
+        Timestamp bucket indicating when logs were last collected through the content pack's Cloud SIEM filter or index query.
+        This field drives the `state` value for activated packs:
+        - `not_seen`: No logs observed through Cloud SIEM. Contributes to `initializing`, `warning`, or `broken` state.
+        - `within_24_hours`: Logs received within the last 24 hours. Contributes to `active` state.
+        - `within_24_to_72_hours`: Logs last seen 24 to 72 hours ago. Contributes to `warning` state.
+        - `over_72h_to_30d`: Logs last seen 3 to 30 days ago. Contributes to `broken` state.
+        - `over_30d`: Logs last seen more than 30 days ago. Contributes to `install` (Legacy SKU) or `broken` state.
       enum:
         - not_seen
         - within_24_hours
@@ -62014,7 +62046,11 @@ components:
         - $ref: "#/components/schemas/SecurityMonitoringSignalRulePayload"
         - $ref: "#/components/schemas/CloudConfigurationRulePayload"
     SecurityMonitoringSKU:
-      description: The SIEM pricing model (SKU) for the organization
+      description: |-
+        The SIEM pricing model (SKU) for the organization:
+        - `per_gb_analyzed`: Legacy per-GB analyzed pricing.
+        - `per_event_in_siem_index_2023`: 2023 per-indexed-event pricing.
+        - `add_on_2024`: 2024 add-on pricing.
       enum:
         - per_gb_analyzed
         - per_event_in_siem_index_2023
@@ -111563,8 +111599,13 @@ paths:
     get:
       description: |-
         Get the activation and configuration states for all security monitoring content packs.
-        This endpoint returns status information about each content pack including activation state,
-        integration status, and log collection status.
+
+        Each content pack state includes:
+        - **Activation state**: whether the pack has been activated (`never_activated`, `activated`, or `deactivated`).
+        - **Operational status**: current health of the pack (`install`, `activate`, `initializing`, `active`, `warning`, or `broken`).
+        - **Log ingestion signals**: whether logs have been seen from any index and how recently they were last collected.
+        - **Configuration health**: whether the Cloud SIEM index is correctly configured and whether filters are set up for the logs.
+        - **Integration status**: whether the relevant Datadog integration is installed.
       operationId: GetContentPacksStates
       responses:
         "200":
@@ -111574,11 +111615,7 @@ paths:
                 $ref: "#/components/schemas/SecurityMonitoringContentPackStatesResponse"
           description: OK
         "403":
-          content:
-            application/json:
-              schema:
-                $ref: "#/components/schemas/JSONAPIErrorResponse"
-          description: Forbidden
+          $ref: "#/components/responses/NotAuthorizedResponse"
         "404":
           content:
             application/json:
@@ -111587,21 +111624,33 @@ paths:
           description: Not Found
         "429":
           $ref: "#/components/responses/TooManyRequestsResponse"
+      security:
+        - apiKeyAuth: []
+          appKeyAuth: []
+        - AuthZ:
+            - security_monitoring_filters_read
       summary: Get content pack states
       tags:
         - Security Monitoring
+      "x-permission":
+        operator: OR
+        permissions:
+          - security_monitoring_filters_read
+          - logs_read_index_data
       x-unstable: |-
         **Note**: This endpoint is in preview and is subject to change.
         If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
   /api/v2/security_monitoring/content_packs/{content_pack_id}/activate:
     put:
       description: |-
-        Activate a security monitoring content pack. This operation configures the necessary
-        log filters or security filters depending on the pricing model and updates the content
-        pack activation state.
+        Activate a security monitoring content pack for the authenticated organization.
+
+        Activation creates the underlying SIEM security filters and index routing configuration
+        for the content pack's log source. The Security Monitoring product must be enabled
+        for the organization.
       operationId: ActivateContentPack
       parameters:
-        - description: The ID of the content pack to activate.
+        - description: The ID of the content pack to activate (for example, `aws-cloudtrail`).
           in: path
           name: content_pack_id
           required: true
@@ -111612,11 +111661,7 @@ paths:
         "202":
           description: Accepted
         "403":
-          content:
-            application/json:
-              schema:
-                $ref: "#/components/schemas/JSONAPIErrorResponse"
-          description: Forbidden
+          $ref: "#/components/responses/NotAuthorizedResponse"
         "404":
           content:
             application/json:
@@ -111625,20 +111670,33 @@ paths:
           description: Not Found
         "429":
           $ref: "#/components/responses/TooManyRequestsResponse"
+      security:
+        - apiKeyAuth: []
+          appKeyAuth: []
+        - AuthZ:
+            - security_monitoring_filters_write
       summary: Activate content pack
       tags:
         - Security Monitoring
+      "x-permission":
+        operator: OR
+        permissions:
+          - security_monitoring_filters_write
+          - logs_modify_indexes
       x-unstable: |-
         **Note**: This endpoint is in preview and is subject to change.
         If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
   /api/v2/security_monitoring/content_packs/{content_pack_id}/deactivate:
     put:
       description: |-
-        Deactivate a security monitoring content pack. This operation removes the content pack's
-        configuration from log filters or security filters and updates the content pack activation state.
+        Deactivate a security monitoring content pack for the authenticated organization.
+
+        Deactivation removes the SIEM security filters and index routing configuration
+        for the content pack's log source. The Security Monitoring product must be enabled
+        for the organization.
       operationId: DeactivateContentPack
       parameters:
-        - description: The ID of the content pack to deactivate.
+        - description: The ID of the content pack to deactivate (for example, `aws-cloudtrail`).
           in: path
           name: content_pack_id
           required: true
@@ -111649,11 +111707,7 @@ paths:
         "202":
           description: Accepted
         "403":
-          content:
-            application/json:
-              schema:
-                $ref: "#/components/schemas/JSONAPIErrorResponse"
-          description: Forbidden
+          $ref: "#/components/responses/NotAuthorizedResponse"
         "404":
           content:
             application/json:
@@ -111662,9 +111716,19 @@ paths:
           description: Not Found
         "429":
           $ref: "#/components/responses/TooManyRequestsResponse"
+      security:
+        - apiKeyAuth: []
+          appKeyAuth: []
+        - AuthZ:
+            - security_monitoring_filters_write
       summary: Deactivate content pack
       tags:
         - Security Monitoring
+      "x-permission":
+        operator: OR
+        permissions:
+          - security_monitoring_filters_write
+          - logs_modify_indexes
       x-unstable: |-
         **Note**: This endpoint is in preview and is subject to change.
         If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).

src/datadog_api_client/v2/api/security_monitoring_api.py

@@ -174,7 +174,7 @@ def __init__(self, api_client=None):
         self._activate_content_pack_endpoint = _Endpoint(
             settings={
                 "response_type": None,
-                "auth": ["apiKeyAuth", "appKeyAuth"],
+                "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"],
                 "endpoint_path": "/api/v2/security_monitoring/content_packs/{content_pack_id}/activate",
                 "operation_id": "activate_content_pack",
                 "http_method": "PUT",
@@ -569,7 +569,7 @@ def __init__(self, api_client=None):
         self._deactivate_content_pack_endpoint = _Endpoint(
             settings={
                 "response_type": None,
-                "auth": ["apiKeyAuth", "appKeyAuth"],
+                "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"],
                 "endpoint_path": "/api/v2/security_monitoring/content_packs/{content_pack_id}/deactivate",
                 "operation_id": "deactivate_content_pack",
                 "http_method": "PUT",
@@ -880,7 +880,7 @@ def __init__(self, api_client=None):
         self._get_content_packs_states_endpoint = _Endpoint(
             settings={
                 "response_type": (SecurityMonitoringContentPackStatesResponse,),
-                "auth": ["apiKeyAuth", "appKeyAuth"],
+                "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"],
                 "endpoint_path": "/api/v2/security_monitoring/content_packs/states",
                 "operation_id": "get_content_packs_states",
                 "http_method": "GET",
@@ -2777,11 +2777,13 @@ def activate_content_pack(
     ) -> None:
         """Activate content pack.
 
-        Activate a security monitoring content pack. This operation configures the necessary
-        log filters or security filters depending on the pricing model and updates the content
-        pack activation state.
+        Activate a security monitoring content pack for the authenticated organization.
+
+        Activation creates the underlying SIEM security filters and index routing configuration
+        for the content pack's log source. The Security Monitoring product must be enabled
+        for the organization.
 
-        :param content_pack_id: The ID of the content pack to activate.
+        :param content_pack_id: The ID of the content pack to activate (for example, ``aws-cloudtrail`` ).
         :type content_pack_id: str
         :rtype: None
         """
@@ -3134,10 +3136,13 @@ def deactivate_content_pack(
     ) -> None:
         """Deactivate content pack.
 
-        Deactivate a security monitoring content pack. This operation removes the content pack's
-        configuration from log filters or security filters and updates the content pack activation state.
+        Deactivate a security monitoring content pack for the authenticated organization.
+
+        Deactivation removes the SIEM security filters and index routing configuration
+        for the content pack's log source. The Security Monitoring product must be enabled
+        for the organization.
 
-        :param content_pack_id: The ID of the content pack to deactivate.
+        :param content_pack_id: The ID of the content pack to deactivate (for example, ``aws-cloudtrail`` ).
         :type content_pack_id: str
         :rtype: None
         """
@@ -3376,8 +3381,14 @@ def get_content_packs_states(
         """Get content pack states.
 
         Get the activation and configuration states for all security monitoring content packs.
-        This endpoint returns status information about each content pack including activation state,
-        integration status, and log collection status.
+
+        Each content pack state includes:
+
+        * **Activation state** : whether the pack has been activated ( ``never_activated`` , ``activated`` , or ``deactivated`` ).
+        * **Operational status** : current health of the pack ( ``install`` , ``activate`` , ``initializing`` , ``active`` , ``warning`` , or ``broken`` ).
+        * **Log ingestion signals** : whether logs have been seen from any index and how recently they were last collected.
+        * **Configuration health** : whether the Cloud SIEM index is correctly configured and whether filters are set up for the logs.
+        * **Integration status** : whether the relevant Datadog integration is installed.
 
         :rtype: SecurityMonitoringContentPackStatesResponse
         """

src/datadog_api_client/v2/model/security_monitoring_content_pack_activation.py

@@ -14,7 +14,10 @@
 
 class SecurityMonitoringContentPackActivation(ModelSimple):
     """
-    The activation status of a content pack
+    The activation lifecycle state of a content pack:
+        - `never_activated`: Pack has never been activated for this organization.
+        - `activated`: Pack is currently active.
+        - `deactivated`: Pack was previously activated but is now deactivated.
 
     :param value: Must be one of ["never_activated", "activated", "deactivated"].
     :type value: str

src/datadog_api_client/v2/model/security_monitoring_content_pack_integration_status.py

@@ -14,7 +14,12 @@
 
 class SecurityMonitoringContentPackIntegrationStatus(ModelSimple):
     """
-    The installation status of the related integration
+    The installation status of the related Datadog integration:
+        - `installed`: Integration is fully installed.
+        - `available`: Integration exists in catalog but not installed.
+        - `partially_installed`: Integration is partially configured.
+        - `detected`: Integration detected (for example, logs flowing) but not explicitly installed.
+        - `error`: Integration in error state.
 
     :param value: Must be one of ["installed", "available", "partially_installed", "detected", "error"].
     :type value: str