ConnectionMaster · pull · Apr 16, 2026 · Apr 16, 2026 · Apr 16, 2026
diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml
diff --git a/api/datadog/configuration.go b/api/datadog/configuration.go
@@ -706,12 +706,14 @@ func NewConfiguration() *Configuration {
 			"v2.DeleteThreatHuntingJob":                  false,
 			"v2.GetContentPacksStates":                   false,
 			"v2.GetFinding":                              false,
+			"v2.GetIndicatorOfCompromise":                false,
 			"v2.GetRuleVersionHistory":                   false,
 			"v2.GetSecretsRules":                         false,
 			"v2.GetSecurityMonitoringHistsignal":         false,
 			"v2.GetSecurityMonitoringHistsignalsByJobId": false,
 			"v2.GetThreatHuntingJob":                     false,
 			"v2.ListFindings":                            false,
+			"v2.ListIndicatorsOfCompromise":              false,
 			"v2.ListMultipleRulesets":                    false,
 			"v2.ListScannedAssetsMetadata":               false,
 			"v2.ListSecurityMonitoringHistsignals":       false,

diff --git a/api/datadogV2/api_cloud_cost_management.go b/api/datadogV2/api_cloud_cost_management.go
@@ -8,6 +8,7 @@ import (
 	_context "context"
 	_nethttp "net/http"
 	_neturl "net/url"
+	"reflect"
 
 	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
 )
@@ -1836,10 +1837,12 @@ func (a *CloudCostManagementApi) ListCustomAllocationRules(ctx _context.Context)
 
 // ListCustomCostsFilesOptionalParameters holds optional parameters for ListCustomCostsFiles.
 type ListCustomCostsFilesOptionalParameters struct {
-	PageNumber   *int64
-	PageSize     *int64
-	FilterStatus *string
-	Sort         *string
+	PageNumber     *int64
+	PageSize       *int64
+	FilterStatus   *string
+	FilterName     *string
+	FilterProvider *[]string
+	Sort           *string
 }
 
 // NewListCustomCostsFilesOptionalParameters creates an empty struct for parameters.
@@ -1866,6 +1869,18 @@ func (r *ListCustomCostsFilesOptionalParameters) WithFilterStatus(filterStatus s
 	return r
 }
 
+// WithFilterName sets the corresponding parameter name and returns the struct.
+func (r *ListCustomCostsFilesOptionalParameters) WithFilterName(filterName string) *ListCustomCostsFilesOptionalParameters {
+	r.FilterName = &filterName
+	return r
+}
+
+// WithFilterProvider sets the corresponding parameter name and returns the struct.
+func (r *ListCustomCostsFilesOptionalParameters) WithFilterProvider(filterProvider []string) *ListCustomCostsFilesOptionalParameters {
+	r.FilterProvider = &filterProvider
+	return r
+}
+
 // WithSort sets the corresponding parameter name and returns the struct.
 func (r *ListCustomCostsFilesOptionalParameters) WithSort(sort string) *ListCustomCostsFilesOptionalParameters {
 	r.Sort = &sort
@@ -1908,6 +1923,20 @@ func (a *CloudCostManagementApi) ListCustomCostsFiles(ctx _context.Context, o ..
 	if optionalParams.FilterStatus != nil {
 		localVarQueryParams.Add("filter[status]", datadog.ParameterToString(*optionalParams.FilterStatus, ""))
 	}
+	if optionalParams.FilterName != nil {
+		localVarQueryParams.Add("filter[name]", datadog.ParameterToString(*optionalParams.FilterName, ""))
+	}
+	if optionalParams.FilterProvider != nil {
+		t := *optionalParams.FilterProvider
+		if reflect.TypeOf(t).Kind() == reflect.Slice {
+			s := reflect.ValueOf(t)
+			for i := 0; i < s.Len(); i++ {
+				localVarQueryParams.Add("filter[provider]", datadog.ParameterToString(s.Index(i), "multi"))
+			}
+		} else {
+			localVarQueryParams.Add("filter[provider]", datadog.ParameterToString(t, "multi"))
+		}
+	}
 	if optionalParams.Sort != nil {
 		localVarQueryParams.Add("sort", datadog.ParameterToString(*optionalParams.Sort, ""))
 	}

diff --git a/api/datadogV2/api_security_monitoring.go b/api/datadogV2/api_security_monitoring.go
@@ -2910,6 +2910,93 @@ func (a *SecurityMonitoringApi) GetFinding(ctx _context.Context, findingId strin
 	return localVarReturnValue, localVarHTTPResponse, nil
 }
 
+// GetIndicatorOfCompromise Get an indicator of compromise.
+// Get detailed information about a specific indicator of compromise (IoC).
+func (a *SecurityMonitoringApi) GetIndicatorOfCompromise(ctx _context.Context, indicator string) (GetIoCIndicatorResponse, *_nethttp.Response, error) {
+	var (
+		localVarHTTPMethod  = _nethttp.MethodGet
+		localVarPostBody    interface{}
+		localVarReturnValue GetIoCIndicatorResponse
+	)
+
+	operationId := "v2.GetIndicatorOfCompromise"
+	isOperationEnabled := a.Client.Cfg.IsUnstableOperationEnabled(operationId)
+	if !isOperationEnabled {
+		return localVarReturnValue, nil, datadog.GenericOpenAPIError{ErrorMessage: _fmt.Sprintf("Unstable operation '%s' is disabled", operationId)}
+	}
+	if isOperationEnabled && a.Client.Cfg.Debug {
+		_log.Printf("WARNING: Using unstable operation '%s'", operationId)
+	}
+
+	localBasePath, err := a.Client.Cfg.ServerURLWithContext(ctx, "v2.SecurityMonitoringApi.GetIndicatorOfCompromise")
+	if err != nil {
+		return localVarReturnValue, nil, datadog.GenericOpenAPIError{ErrorMessage: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v2/security/siem/ioc-explorer/indicator"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := _neturl.Values{}
+	localVarFormParams := _neturl.Values{}
+	localVarQueryParams.Add("indicator", datadog.ParameterToString(indicator, ""))
+	localVarHeaderParams["Accept"] = "application/json"
+
+	if a.Client.Cfg.DelegatedTokenConfig != nil {
+		err = datadog.UseDelegatedTokenAuth(ctx, &localVarHeaderParams, a.Client.Cfg.DelegatedTokenConfig)
+		if err != nil {
+			return localVarReturnValue, nil, err
+		}
+	} else {
+		datadog.SetAuthKeys(
+			ctx,
+			&localVarHeaderParams,
+			[2]string{"apiKeyAuth", "DD-API-KEY"},
+			[2]string{"appKeyAuth", "DD-APPLICATION-KEY"},
+		)
+	}
+	req, err := a.Client.PrepareRequest(ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, nil)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+
+	localVarHTTPResponse, err := a.Client.CallAPI(req)
+	if err != nil || localVarHTTPResponse == nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	localVarBody, err := datadog.ReadBody(localVarHTTPResponse)
+	if err != nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := datadog.GenericOpenAPIError{
+			ErrorBody:    localVarBody,
+			ErrorMessage: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 || localVarHTTPResponse.StatusCode == 403 || localVarHTTPResponse.StatusCode == 404 || localVarHTTPResponse.StatusCode == 429 {
+			var v APIErrorResponse
+			err = a.Client.Decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				return localVarReturnValue, localVarHTTPResponse, newErr
+			}
+			newErr.ErrorModel = v
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	err = a.Client.Decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := datadog.GenericOpenAPIError{
+			ErrorBody:    localVarBody,
+			ErrorMessage: err.Error(),
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	return localVarReturnValue, localVarHTTPResponse, nil
+}
+
 // GetInvestigationLogQueriesMatchingSignal Get investigation queries for a signal.
 // Get the list of investigation log queries available for a given security signal.
 func (a *SecurityMonitoringApi) GetInvestigationLogQueriesMatchingSignal(ctx _context.Context, signalId string) (SecurityMonitoringSignalSuggestedActionsResponse, *_nethttp.Response, error) {
@@ -5403,6 +5490,160 @@ func (a *SecurityMonitoringApi) ListFindingsWithPagination(ctx _context.Context,
 	return items, cancel
 }
 
+// ListIndicatorsOfCompromiseOptionalParameters holds optional parameters for ListIndicatorsOfCompromise.
+type ListIndicatorsOfCompromiseOptionalParameters struct {
+	Limit      *int32
+	Offset     *int32
+	Query      *string
+	SortColumn *string
+	SortOrder  *string
+}
+
+// NewListIndicatorsOfCompromiseOptionalParameters creates an empty struct for parameters.
+func NewListIndicatorsOfCompromiseOptionalParameters() *ListIndicatorsOfCompromiseOptionalParameters {
+	this := ListIndicatorsOfCompromiseOptionalParameters{}
+	return &this
+}
+
+// WithLimit sets the corresponding parameter name and returns the struct.
+func (r *ListIndicatorsOfCompromiseOptionalParameters) WithLimit(limit int32) *ListIndicatorsOfCompromiseOptionalParameters {
+	r.Limit = &limit
+	return r
+}
+
+// WithOffset sets the corresponding parameter name and returns the struct.
+func (r *ListIndicatorsOfCompromiseOptionalParameters) WithOffset(offset int32) *ListIndicatorsOfCompromiseOptionalParameters {
+	r.Offset = &offset
+	return r
+}
+
+// WithQuery sets the corresponding parameter name and returns the struct.
+func (r *ListIndicatorsOfCompromiseOptionalParameters) WithQuery(query string) *ListIndicatorsOfCompromiseOptionalParameters {
+	r.Query = &query
+	return r
+}
+
+// WithSortColumn sets the corresponding parameter name and returns the struct.
+func (r *ListIndicatorsOfCompromiseOptionalParameters) WithSortColumn(sortColumn string) *ListIndicatorsOfCompromiseOptionalParameters {
+	r.SortColumn = &sortColumn
+	return r
+}
+
+// WithSortOrder sets the corresponding parameter name and returns the struct.
+func (r *ListIndicatorsOfCompromiseOptionalParameters) WithSortOrder(sortOrder string) *ListIndicatorsOfCompromiseOptionalParameters {
+	r.SortOrder = &sortOrder
+	return r
+}
+
+// ListIndicatorsOfCompromise List indicators of compromise.
+// Get a list of indicators of compromise (IoCs) matching the specified filters.
+func (a *SecurityMonitoringApi) ListIndicatorsOfCompromise(ctx _context.Context, o ...ListIndicatorsOfCompromiseOptionalParameters) (IoCExplorerListResponse, *_nethttp.Response, error) {
+	var (
+		localVarHTTPMethod  = _nethttp.MethodGet
+		localVarPostBody    interface{}
+		localVarReturnValue IoCExplorerListResponse
+		optionalParams      ListIndicatorsOfCompromiseOptionalParameters
+	)
+
+	if len(o) > 1 {
+		return localVarReturnValue, nil, datadog.ReportError("only one argument of type ListIndicatorsOfCompromiseOptionalParameters is allowed")
+	}
+	if len(o) == 1 {
+		optionalParams = o[0]
+	}
+
+	operationId := "v2.ListIndicatorsOfCompromise"
+	isOperationEnabled := a.Client.Cfg.IsUnstableOperationEnabled(operationId)
+	if !isOperationEnabled {
+		return localVarReturnValue, nil, datadog.GenericOpenAPIError{ErrorMessage: _fmt.Sprintf("Unstable operation '%s' is disabled", operationId)}
+	}
+	if isOperationEnabled && a.Client.Cfg.Debug {
+		_log.Printf("WARNING: Using unstable operation '%s'", operationId)
+	}
+
+	localBasePath, err := a.Client.Cfg.ServerURLWithContext(ctx, "v2.SecurityMonitoringApi.ListIndicatorsOfCompromise")
+	if err != nil {
+		return localVarReturnValue, nil, datadog.GenericOpenAPIError{ErrorMessage: err.Error()}
+	}
+
+	localVarPath := localBasePath + "/api/v2/security/siem/ioc-explorer"
+
+	localVarHeaderParams := make(map[string]string)
+	localVarQueryParams := _neturl.Values{}
+	localVarFormParams := _neturl.Values{}
+	if optionalParams.Limit != nil {
+		localVarQueryParams.Add("limit", datadog.ParameterToString(*optionalParams.Limit, ""))
+	}
+	if optionalParams.Offset != nil {
+		localVarQueryParams.Add("offset", datadog.ParameterToString(*optionalParams.Offset, ""))
+	}
+	if optionalParams.Query != nil {
+		localVarQueryParams.Add("query", datadog.ParameterToString(*optionalParams.Query, ""))
+	}
+	if optionalParams.SortColumn != nil {
+		localVarQueryParams.Add("sort[column]", datadog.ParameterToString(*optionalParams.SortColumn, ""))
+	}
+	if optionalParams.SortOrder != nil {
+		localVarQueryParams.Add("sort[order]", datadog.ParameterToString(*optionalParams.SortOrder, ""))
+	}
+	localVarHeaderParams["Accept"] = "application/json"
+
+	if a.Client.Cfg.DelegatedTokenConfig != nil {
+		err = datadog.UseDelegatedTokenAuth(ctx, &localVarHeaderParams, a.Client.Cfg.DelegatedTokenConfig)
+		if err != nil {
+			return localVarReturnValue, nil, err
+		}
+	} else {
+		datadog.SetAuthKeys(
+			ctx,
+			&localVarHeaderParams,
+			[2]string{"apiKeyAuth", "DD-API-KEY"},
+			[2]string{"appKeyAuth", "DD-APPLICATION-KEY"},
+		)
+	}
+	req, err := a.Client.PrepareRequest(ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, nil)
+	if err != nil {
+		return localVarReturnValue, nil, err
+	}
+
+	localVarHTTPResponse, err := a.Client.CallAPI(req)
+	if err != nil || localVarHTTPResponse == nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	localVarBody, err := datadog.ReadBody(localVarHTTPResponse)
+	if err != nil {
+		return localVarReturnValue, localVarHTTPResponse, err
+	}
+
+	if localVarHTTPResponse.StatusCode >= 300 {
+		newErr := datadog.GenericOpenAPIError{
+			ErrorBody:    localVarBody,
+			ErrorMessage: localVarHTTPResponse.Status,
+		}
+		if localVarHTTPResponse.StatusCode == 400 || localVarHTTPResponse.StatusCode == 403 || localVarHTTPResponse.StatusCode == 429 {
+			var v APIErrorResponse
+			err = a.Client.Decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+			if err != nil {
+				return localVarReturnValue, localVarHTTPResponse, newErr
+			}
+			newErr.ErrorModel = v
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	err = a.Client.Decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+	if err != nil {
+		newErr := datadog.GenericOpenAPIError{
+			ErrorBody:    localVarBody,
+			ErrorMessage: err.Error(),
+		}
+		return localVarReturnValue, localVarHTTPResponse, newErr
+	}
+
+	return localVarReturnValue, localVarHTTPResponse, nil
+}
+
 // ListMultipleRulesets Ruleset get multiple.
 // Get rules for multiple rulesets in batch.
 func (a *SecurityMonitoringApi) ListMultipleRulesets(ctx _context.Context, body GetMultipleRulesetsRequest) (GetMultipleRulesetsResponse, *_nethttp.Response, error) {

diff --git a/api/datadogV2/doc.go b/api/datadogV2/doc.go
@@ -764,6 +764,7 @@
 //   - [SecurityMonitoringApi.GetCriticalAssetsAffectingRule]
 //   - [SecurityMonitoringApi.GetCustomFramework]
 //   - [SecurityMonitoringApi.GetFinding]
+//   - [SecurityMonitoringApi.GetIndicatorOfCompromise]
 //   - [SecurityMonitoringApi.GetInvestigationLogQueriesMatchingSignal]
 //   - [SecurityMonitoringApi.GetResourceEvaluationFilters]
 //   - [SecurityMonitoringApi.GetRuleVersionHistory]
@@ -787,6 +788,7 @@
 //   - [SecurityMonitoringApi.GetVulnerabilityNotificationRules]
 //   - [SecurityMonitoringApi.ListAssetsSBOMs]
 //   - [SecurityMonitoringApi.ListFindings]
+//   - [SecurityMonitoringApi.ListIndicatorsOfCompromise]
 //   - [SecurityMonitoringApi.ListMultipleRulesets]
 //   - [SecurityMonitoringApi.ListScannedAssetsMetadata]
 //   - [SecurityMonitoringApi.ListSecurityFilters]