diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 75755ab7e7..d2b610d2ee 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -61254,19 +61254,23 @@ components: - DONE - TIMEOUT SecurityMonitoringContentPackActivation: - description: The activation status of a content pack + description: The activation status of a content pack. enum: - never_activated - activated - deactivated example: activated type: string + x-enum-descriptions: + - Pack has never been activated for this organization. + - Pack is currently activated. + - Pack was previously activated but has since been deactivated. x-enum-varnames: - NEVER_ACTIVATED - ACTIVATED - DEACTIVATED SecurityMonitoringContentPackIntegrationStatus: - description: The installation status of the related integration + description: The installation status of the related integration. enum: - installed - available @@ -61275,6 +61279,12 @@ components: - error example: installed type: string + x-enum-descriptions: + - Integration is fully installed. + - Integration exists in the catalog but is not installed. + - Integration is only partially configured. + - Integration detected (for example, logs are flowing) but not explicitly installed. + - Integration is in an error state. x-enum-varnames: - INSTALLED - AVAILABLE @@ -61291,7 +61301,9 @@ components: cp_activation: $ref: "#/components/schemas/SecurityMonitoringContentPackActivation" filters_configured_for_logs: - description: Whether filters (Security Filters or Index Query depending on the pricing model) are configured for logs + description: |- + Whether filters (Security Filters or Index Query depending on the pricing model) are + present and correctly configured to route logs into Cloud SIEM. example: true type: boolean integration_installed_status: @@ -61299,7 +61311,7 @@ components: logs_last_collected: $ref: "#/components/schemas/SecurityMonitoringContentPackTimestampBucket" logs_seen_from_any_index: - description: Whether logs have been seen from any index + description: Whether logs for this content pack have been seen in any Datadog index within the last 72 hours. example: true type: boolean state: @@ -61364,7 +61376,7 @@ components: - meta type: object SecurityMonitoringContentPackStatus: - description: The current status of a content pack + description: The current operational status of a content pack. enum: - install - activate @@ -61374,6 +61386,13 @@ components: - broken example: active type: string + x-enum-descriptions: + - Not activated; no logs detected in the last 72 hours. + - Not activated; logs are flowing into a Datadog index but not yet routed through Cloud SIEM. + - Activated; awaiting first log ingestion. + - Activated; logs received within the last 24 hours. + - Activated; integration not installed or logs last seen 24 to 72 hours ago. + - Activated; no logs for over 72 hours, filter missing, or Cloud SIEM index incorrectly ordered. x-enum-varnames: - INSTALL - ACTIVATE @@ -61382,7 +61401,7 @@ components: - WARNING - BROKEN SecurityMonitoringContentPackTimestampBucket: - description: Timestamp bucket indicating when logs were last collected + description: Timestamp bucket indicating when logs were last collected. enum: - not_seen - within_24_hours @@ -61391,6 +61410,12 @@ components: - over_30d example: within_24_hours type: string + x-enum-descriptions: + - No logs observed. + - Logs received within the last 24 hours. + - Logs last seen 24 to 72 hours ago. + - Logs last seen 3 to 30 days ago. + - Logs last seen more than 30 days ago. x-enum-varnames: - NOT_SEEN - WITHIN_24_HOURS @@ -62481,7 +62506,7 @@ components: - $ref: "#/components/schemas/SecurityMonitoringSignalRulePayload" - $ref: "#/components/schemas/CloudConfigurationRulePayload" SecurityMonitoringSKU: - description: The SIEM pricing model (SKU) for the organization + description: The Cloud SIEM pricing model (SKU) for the organization. enum: - per_gb_analyzed - per_event_in_siem_index_2023 @@ -112316,10 +112341,7 @@ paths: - Security Monitoring /api/v2/security_monitoring/content_packs/states: get: - description: |- - Get the activation and configuration states for all security monitoring content packs. - This endpoint returns status information about each content pack including activation state, - integration status, and log collection status. + description: Get the activation state, integration status, and log collection status for all Cloud SIEM content packs. operationId: GetContentPacksStates responses: "200": @@ -112329,11 +112351,7 @@ paths: $ref: "#/components/schemas/SecurityMonitoringContentPackStatesResponse" description: OK "403": - content: - application/json: - schema: - $ref: "#/components/schemas/JSONAPIErrorResponse" - description: Forbidden + $ref: "#/components/responses/NotAuthorizedResponse" "404": content: application/json: @@ -112342,21 +112360,31 @@ paths: description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_filters_read summary: Get content pack states tags: - Security Monitoring + "x-permission": + operator: OR + permissions: + - security_monitoring_filters_read + - logs_read_index_data x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/security_monitoring/content_packs/{content_pack_id}/activate: put: description: |- - Activate a security monitoring content pack. This operation configures the necessary + Activate a Cloud SIEM content pack. This operation configures the necessary log filters or security filters depending on the pricing model and updates the content pack activation state. operationId: ActivateContentPack parameters: - - description: The ID of the content pack to activate. + - description: The ID of the content pack to activate (for example, `aws-cloudtrail`). in: path name: content_pack_id required: true @@ -112367,11 +112395,7 @@ paths: "202": description: Accepted "403": - content: - application/json: - schema: - $ref: "#/components/schemas/JSONAPIErrorResponse" - description: Forbidden + $ref: "#/components/responses/NotAuthorizedResponse" "404": content: application/json: @@ -112380,20 +112404,30 @@ paths: description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_filters_write summary: Activate content pack tags: - Security Monitoring + "x-permission": + operator: OR + permissions: + - security_monitoring_filters_write + - logs_modify_indexes x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/security_monitoring/content_packs/{content_pack_id}/deactivate: put: description: |- - Deactivate a security monitoring content pack. This operation removes the content pack's + Deactivate a Cloud SIEM content pack. This operation removes the content pack's configuration from log filters or security filters and updates the content pack activation state. operationId: DeactivateContentPack parameters: - - description: The ID of the content pack to deactivate. + - description: The ID of the content pack to deactivate (for example, `aws-cloudtrail`). in: path name: content_pack_id required: true @@ -112404,11 +112438,7 @@ paths: "202": description: Accepted "403": - content: - application/json: - schema: - $ref: "#/components/schemas/JSONAPIErrorResponse" - description: Forbidden + $ref: "#/components/responses/NotAuthorizedResponse" "404": content: application/json: @@ -112417,9 +112447,19 @@ paths: description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_filters_write summary: Deactivate content pack tags: - Security Monitoring + "x-permission": + operator: OR + permissions: + - security_monitoring_filters_write + - logs_modify_indexes x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). diff --git a/src/datadog_api_client/v2/api/security_monitoring_api.py b/src/datadog_api_client/v2/api/security_monitoring_api.py index 3456effdab..89b3787c1f 100644 --- a/src/datadog_api_client/v2/api/security_monitoring_api.py +++ b/src/datadog_api_client/v2/api/security_monitoring_api.py @@ -174,7 +174,7 @@ def __init__(self, api_client=None): self._activate_content_pack_endpoint = _Endpoint( settings={ "response_type": None, - "auth": ["apiKeyAuth", "appKeyAuth"], + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], "endpoint_path": "/api/v2/security_monitoring/content_packs/{content_pack_id}/activate", "operation_id": "activate_content_pack", "http_method": "PUT", @@ -569,7 +569,7 @@ def __init__(self, api_client=None): self._deactivate_content_pack_endpoint = _Endpoint( settings={ "response_type": None, - "auth": ["apiKeyAuth", "appKeyAuth"], + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], "endpoint_path": "/api/v2/security_monitoring/content_packs/{content_pack_id}/deactivate", "operation_id": "deactivate_content_pack", "http_method": "PUT", @@ -880,7 +880,7 @@ def __init__(self, api_client=None): self._get_content_packs_states_endpoint = _Endpoint( settings={ "response_type": (SecurityMonitoringContentPackStatesResponse,), - "auth": ["apiKeyAuth", "appKeyAuth"], + "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], "endpoint_path": "/api/v2/security_monitoring/content_packs/states", "operation_id": "get_content_packs_states", "http_method": "GET", @@ -2777,11 +2777,11 @@ def activate_content_pack( ) -> None: """Activate content pack. - Activate a security monitoring content pack. This operation configures the necessary + Activate a Cloud SIEM content pack. This operation configures the necessary log filters or security filters depending on the pricing model and updates the content pack activation state. - :param content_pack_id: The ID of the content pack to activate. + :param content_pack_id: The ID of the content pack to activate (for example, ``aws-cloudtrail`` ). :type content_pack_id: str :rtype: None """ @@ -3134,10 +3134,10 @@ def deactivate_content_pack( ) -> None: """Deactivate content pack. - Deactivate a security monitoring content pack. This operation removes the content pack's + Deactivate a Cloud SIEM content pack. This operation removes the content pack's configuration from log filters or security filters and updates the content pack activation state. - :param content_pack_id: The ID of the content pack to deactivate. + :param content_pack_id: The ID of the content pack to deactivate (for example, ``aws-cloudtrail`` ). :type content_pack_id: str :rtype: None """ @@ -3375,9 +3375,7 @@ def get_content_packs_states( ) -> SecurityMonitoringContentPackStatesResponse: """Get content pack states. - Get the activation and configuration states for all security monitoring content packs. - This endpoint returns status information about each content pack including activation state, - integration status, and log collection status. + Get the activation state, integration status, and log collection status for all Cloud SIEM content packs. :rtype: SecurityMonitoringContentPackStatesResponse """ diff --git a/src/datadog_api_client/v2/model/security_monitoring_content_pack_activation.py b/src/datadog_api_client/v2/model/security_monitoring_content_pack_activation.py index 735b621113..d6fd274f87 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_content_pack_activation.py +++ b/src/datadog_api_client/v2/model/security_monitoring_content_pack_activation.py @@ -14,7 +14,7 @@ class SecurityMonitoringContentPackActivation(ModelSimple): """ - The activation status of a content pack + The activation status of a content pack. :param value: Must be one of ["never_activated", "activated", "deactivated"]. :type value: str diff --git a/src/datadog_api_client/v2/model/security_monitoring_content_pack_integration_status.py b/src/datadog_api_client/v2/model/security_monitoring_content_pack_integration_status.py index 50ce284b88..67490be7f2 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_content_pack_integration_status.py +++ b/src/datadog_api_client/v2/model/security_monitoring_content_pack_integration_status.py @@ -14,7 +14,7 @@ class SecurityMonitoringContentPackIntegrationStatus(ModelSimple): """ - The installation status of the related integration + The installation status of the related integration. :param value: Must be one of ["installed", "available", "partially_installed", "detected", "error"]. :type value: str diff --git a/src/datadog_api_client/v2/model/security_monitoring_content_pack_state_attributes.py b/src/datadog_api_client/v2/model/security_monitoring_content_pack_state_attributes.py index ed09ca55db..4f9946a2d3 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_content_pack_state_attributes.py +++ b/src/datadog_api_client/v2/model/security_monitoring_content_pack_state_attributes.py @@ -79,22 +79,23 @@ def __init__( :param cloud_siem_index_incorrect: Whether the cloud SIEM index configuration is incorrect (only applies to certain pricing models) :type cloud_siem_index_incorrect: bool - :param cp_activation: The activation status of a content pack + :param cp_activation: The activation status of a content pack. :type cp_activation: SecurityMonitoringContentPackActivation - :param filters_configured_for_logs: Whether filters (Security Filters or Index Query depending on the pricing model) are configured for logs + :param filters_configured_for_logs: Whether filters (Security Filters or Index Query depending on the pricing model) are + present and correctly configured to route logs into Cloud SIEM. :type filters_configured_for_logs: bool - :param integration_installed_status: The installation status of the related integration + :param integration_installed_status: The installation status of the related integration. :type integration_installed_status: SecurityMonitoringContentPackIntegrationStatus, optional - :param logs_last_collected: Timestamp bucket indicating when logs were last collected + :param logs_last_collected: Timestamp bucket indicating when logs were last collected. :type logs_last_collected: SecurityMonitoringContentPackTimestampBucket - :param logs_seen_from_any_index: Whether logs have been seen from any index + :param logs_seen_from_any_index: Whether logs for this content pack have been seen in any Datadog index within the last 72 hours. :type logs_seen_from_any_index: bool - :param state: The current status of a content pack + :param state: The current operational status of a content pack. :type state: SecurityMonitoringContentPackStatus """ if integration_installed_status is not unset: diff --git a/src/datadog_api_client/v2/model/security_monitoring_content_pack_state_meta.py b/src/datadog_api_client/v2/model/security_monitoring_content_pack_state_meta.py index 3b9aac7ffc..4f37a6b107 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_content_pack_state_meta.py +++ b/src/datadog_api_client/v2/model/security_monitoring_content_pack_state_meta.py @@ -37,7 +37,7 @@ def __init__(self_, cloud_siem_index_incorrect: bool, sku: SecurityMonitoringSKU :param cloud_siem_index_incorrect: Whether the cloud SIEM index configuration is incorrect at the organization level :type cloud_siem_index_incorrect: bool - :param sku: The SIEM pricing model (SKU) for the organization + :param sku: The Cloud SIEM pricing model (SKU) for the organization. :type sku: SecurityMonitoringSKU """ super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/security_monitoring_content_pack_status.py b/src/datadog_api_client/v2/model/security_monitoring_content_pack_status.py index a8f83bec1d..efdcbe2da7 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_content_pack_status.py +++ b/src/datadog_api_client/v2/model/security_monitoring_content_pack_status.py @@ -14,7 +14,7 @@ class SecurityMonitoringContentPackStatus(ModelSimple): """ - The current status of a content pack + The current operational status of a content pack. :param value: Must be one of ["install", "activate", "initializing", "active", "warning", "broken"]. :type value: str diff --git a/src/datadog_api_client/v2/model/security_monitoring_content_pack_timestamp_bucket.py b/src/datadog_api_client/v2/model/security_monitoring_content_pack_timestamp_bucket.py index 672ce48dcd..cfec617fb5 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_content_pack_timestamp_bucket.py +++ b/src/datadog_api_client/v2/model/security_monitoring_content_pack_timestamp_bucket.py @@ -14,7 +14,7 @@ class SecurityMonitoringContentPackTimestampBucket(ModelSimple): """ - Timestamp bucket indicating when logs were last collected + Timestamp bucket indicating when logs were last collected. :param value: Must be one of ["not_seen", "within_24_hours", "within_24_to_72_hours", "over_72h_to_30d", "over_30d"]. :type value: str diff --git a/src/datadog_api_client/v2/model/security_monitoring_sku.py b/src/datadog_api_client/v2/model/security_monitoring_sku.py index 82a8815a64..4abab4f991 100644 --- a/src/datadog_api_client/v2/model/security_monitoring_sku.py +++ b/src/datadog_api_client/v2/model/security_monitoring_sku.py @@ -14,7 +14,7 @@ class SecurityMonitoringSKU(ModelSimple): """ - The SIEM pricing model (SKU) for the organization + The Cloud SIEM pricing model (SKU) for the organization. :param value: Must be one of ["per_gb_analyzed", "per_event_in_siem_index_2023", "add_on_2024"]. :type value: str