Update docs for Security Finding API endpoints (DataDog#3592)

api-clients-generation-pipeline[bot] · ci.datadog-api-spec · web-flow · commit 9fc2eb5b4ab0 · 2026-01-12T22:36:02.000Z
Co-authored-by: ci.datadog-api-spec &lt;packages@datadoghq.com&gt;
diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml
@@ -78107,7 +78107,13 @@ paths:
         cursorPath: meta.page.cursor
         limitParam: page[limit]
         resultsPath: data
-      x-unstable: '**Note**: This endpoint is in public beta.
+      x-unstable: '**Note**: This endpoint uses the legacy security findings data
+        model and is planned for deprecation.
+
+        Use the [search security findings endpoint](https://docs.datadoghq.com/api/latest/security-monitoring/#search-security-findings),
+
+        which is based on the [new security findings schema](https://docs.datadoghq.com/security/guide/findings-schema/),
+        to search security findings.
 
         If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
     patch:
@@ -78207,7 +78213,13 @@ paths:
       summary: Get a finding
       tags:
       - Security Monitoring
-      x-unstable: '**Note**: This endpoint is in public beta.
+      x-unstable: '**Note**: This endpoint uses the legacy security findings data
+        model and is planned for deprecation.
+
+        Use the [search security findings endpoint](https://docs.datadoghq.com/api/latest/security-monitoring/#search-security-findings),
+
+        which is based on the [new security findings schema](https://docs.datadoghq.com/security/guide/findings-schema/),
+        to search security findings.
 
         If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
   /api/v2/powerpacks:
@@ -82153,15 +82165,16 @@ paths:
         - security_monitoring_cws_agent_rules_read
   /api/v2/security/findings:
     get:
-      description: 'Get a list of security findings that match a search query.
+      description: 'Get a list of security findings that match a search query. [See
+        the schema for security findings](https://docs.datadoghq.com/security/guide/findings-schema/).
 
 
         ### Query Syntax
 
 
         This endpoint uses the logs query syntax. Findings attributes (living in the
-        custom. namespace) are prefixed by @ when queried. Tags are queried without
-        a prefix.
+        attributes.attributes. namespace) are prefixed by @ when queried. Tags are
+        queried without a prefix.
 
 
         Example: `@severity:(critical OR high) @status:open team:platform`'
@@ -82452,13 +82465,14 @@ paths:
         Please check the documentation regularly for updates.'
   /api/v2/security/findings/search:
     post:
-      description: 'Get a list of security findings that match a search query.
+      description: 'Get a list of security findings that match a search query. [See
+        the schema for security findings](https://docs.datadoghq.com/security/guide/findings-schema/).
 
 
         ### Query Syntax
 
 
-        The API uses the logs query syntax. Findings attributes (living in the custom.
+        The API uses the logs query syntax. Findings attributes (living in the attributes.attributes.
         namespace) are prefixed by @ when queried. Tags are queried without a prefix.
 
 
diff --git a/api/datadogV2/api_security_monitoring.go b/api/datadogV2/api_security_monitoring.go
@@ -4873,11 +4873,11 @@ func (r *ListSecurityFindingsOptionalParameters) WithSort(sort SecurityFindingsS
 }
 
 // ListSecurityFindings List security findings.
-// Get a list of security findings that match a search query.
+// Get a list of security findings that match a search query. [See the schema for security findings](https://docs.datadoghq.com/security/guide/findings-schema/).
 //
 // ### Query Syntax
 //
-// This endpoint uses the logs query syntax. Findings attributes (living in the custom. namespace) are prefixed by @ when queried. Tags are queried without a prefix.
+// This endpoint uses the logs query syntax. Findings attributes (living in the attributes.attributes. namespace) are prefixed by @ when queried. Tags are queried without a prefix.
 //
 // Example: `@severity:(critical OR high) @status:open team:platform`
 func (a *SecurityMonitoringApi) ListSecurityFindings(ctx _context.Context, o ...ListSecurityFindingsOptionalParameters) (ListSecurityFindingsResponse, *_nethttp.Response, error) {
@@ -7064,11 +7064,11 @@ func (a *SecurityMonitoringApi) RunThreatHuntingJob(ctx _context.Context, body R
 }
 
 // SearchSecurityFindings Search security findings.
-// Get a list of security findings that match a search query.
+// Get a list of security findings that match a search query. [See the schema for security findings](https://docs.datadoghq.com/security/guide/findings-schema/).
 //
 // ### Query Syntax
 //
-// The API uses the logs query syntax. Findings attributes (living in the custom. namespace) are prefixed by @ when queried. Tags are queried without a prefix.
+// The API uses the logs query syntax. Findings attributes (living in the attributes.attributes. namespace) are prefixed by @ when queried. Tags are queried without a prefix.
 //
 // Example: `@severity:(critical OR high) @status:open team:platform`
 func (a *SecurityMonitoringApi) SearchSecurityFindings(ctx _context.Context, body SecurityFindingsSearchRequest) (ListSecurityFindingsResponse, *_nethttp.Response, error) {
