Regenerate client from commit 6849118 of spec repo

Author: ci.datadog-api-spec

.generator/schemas/v2/openapi.yaml

@@ -61254,19 +61254,23 @@ components:
         - DONE
         - TIMEOUT
     SecurityMonitoringContentPackActivation:
-      description: The activation status of a content pack
+      description: The activation status of a content pack.
       enum:
         - never_activated
         - activated
         - deactivated
       example: activated
       type: string
+      x-enum-descriptions:
+        - Pack has never been activated for this organization.
+        - Pack is currently activated.
+        - Pack was previously activated but has since been deactivated.
       x-enum-varnames:
         - NEVER_ACTIVATED
         - ACTIVATED
         - DEACTIVATED
     SecurityMonitoringContentPackIntegrationStatus:
-      description: The installation status of the related integration
+      description: The installation status of the related integration.
       enum:
         - installed
         - available
@@ -61275,6 +61279,12 @@ components:
         - error
       example: installed
       type: string
+      x-enum-descriptions:
+        - Integration is fully installed.
+        - Integration exists in the catalog but is not installed.
+        - Integration is only partially configured.
+        - Integration detected (for example, logs are flowing) but not explicitly installed.
+        - Integration is in an error state.
       x-enum-varnames:
         - INSTALLED
         - AVAILABLE
@@ -61291,15 +61301,17 @@ components:
         cp_activation:
           $ref: "#/components/schemas/SecurityMonitoringContentPackActivation"
         filters_configured_for_logs:
-          description: Whether filters (Security Filters or Index Query depending on the pricing model) are configured for logs
+          description: |-
+            Whether filters (Security Filters or Index Query depending on the pricing model) are
+            present and correctly configured to route logs into Cloud SIEM.
           example: true
           type: boolean
         integration_installed_status:
           $ref: "#/components/schemas/SecurityMonitoringContentPackIntegrationStatus"
         logs_last_collected:
           $ref: "#/components/schemas/SecurityMonitoringContentPackTimestampBucket"
         logs_seen_from_any_index:
-          description: Whether logs have been seen from any index
+          description: Whether logs for this content pack have been seen in any Datadog index within the last 72 hours.
           example: true
           type: boolean
         state:
@@ -61364,7 +61376,7 @@ components:
         - meta
       type: object
     SecurityMonitoringContentPackStatus:
-      description: The current status of a content pack
+      description: The current operational status of a content pack.
       enum:
         - install
         - activate
@@ -61374,6 +61386,13 @@ components:
         - broken
       example: active
       type: string
+      x-enum-descriptions:
+        - Not activated; no logs detected in the last 72 hours.
+        - Not activated; logs are flowing into a Datadog index but not yet routed through Cloud SIEM.
+        - Activated; awaiting first log ingestion.
+        - Activated; logs received within the last 24 hours.
+        - Activated; integration not installed or logs last seen 24 to 72 hours ago.
+        - Activated; no logs for over 72 hours, filter missing, or Cloud SIEM index incorrectly ordered.
       x-enum-varnames:
         - INSTALL
         - ACTIVATE
@@ -61382,7 +61401,7 @@ components:
         - WARNING
         - BROKEN
     SecurityMonitoringContentPackTimestampBucket:
-      description: Timestamp bucket indicating when logs were last collected
+      description: Timestamp bucket indicating when logs were last collected.
       enum:
         - not_seen
         - within_24_hours
@@ -61391,6 +61410,12 @@ components:
         - over_30d
       example: within_24_hours
       type: string
+      x-enum-descriptions:
+        - No logs observed.
+        - Logs received within the last 24 hours.
+        - Logs last seen 24 to 72 hours ago.
+        - Logs last seen 3 to 30 days ago.
+        - Logs last seen more than 30 days ago.
       x-enum-varnames:
         - NOT_SEEN
         - WITHIN_24_HOURS
@@ -62481,7 +62506,7 @@ components:
         - $ref: "#/components/schemas/SecurityMonitoringSignalRulePayload"
         - $ref: "#/components/schemas/CloudConfigurationRulePayload"
     SecurityMonitoringSKU:
-      description: The SIEM pricing model (SKU) for the organization
+      description: The Cloud SIEM pricing model (SKU) for the organization.
       enum:
         - per_gb_analyzed
         - per_event_in_siem_index_2023
@@ -112316,10 +112341,7 @@ paths:
         - Security Monitoring
   /api/v2/security_monitoring/content_packs/states:
     get:
-      description: |-
-        Get the activation and configuration states for all security monitoring content packs.
-        This endpoint returns status information about each content pack including activation state,
-        integration status, and log collection status.
+      description: Get the activation state, integration status, and log collection status for all Cloud SIEM content packs.
       operationId: GetContentPacksStates
       responses:
         "200":
@@ -112329,11 +112351,7 @@ paths:
                 $ref: "#/components/schemas/SecurityMonitoringContentPackStatesResponse"
           description: OK
         "403":
-          content:
-            application/json:
-              schema:
-                $ref: "#/components/schemas/JSONAPIErrorResponse"
-          description: Forbidden
+          $ref: "#/components/responses/NotAuthorizedResponse"
         "404":
           content:
             application/json:
@@ -112342,21 +112360,31 @@ paths:
           description: Not Found
         "429":
           $ref: "#/components/responses/TooManyRequestsResponse"
+      security:
+        - apiKeyAuth: []
+          appKeyAuth: []
+        - AuthZ:
+            - security_monitoring_filters_read
       summary: Get content pack states
       tags:
         - Security Monitoring
+      "x-permission":
+        operator: OR
+        permissions:
+          - security_monitoring_filters_read
+          - logs_read_index_data
       x-unstable: |-
         **Note**: This endpoint is in preview and is subject to change.
         If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
   /api/v2/security_monitoring/content_packs/{content_pack_id}/activate:
     put:
       description: |-
-        Activate a security monitoring content pack. This operation configures the necessary
+        Activate a Cloud SIEM content pack. This operation configures the necessary
         log filters or security filters depending on the pricing model and updates the content
         pack activation state.
       operationId: ActivateContentPack
       parameters:
-        - description: The ID of the content pack to activate.
+        - description: The ID of the content pack to activate (for example, `aws-cloudtrail`).
           in: path
           name: content_pack_id
           required: true
@@ -112367,11 +112395,7 @@ paths:
         "202":
           description: Accepted
         "403":
-          content:
-            application/json:
-              schema:
-                $ref: "#/components/schemas/JSONAPIErrorResponse"
-          description: Forbidden
+          $ref: "#/components/responses/NotAuthorizedResponse"
         "404":
           content:
             application/json:
@@ -112380,20 +112404,30 @@ paths:
           description: Not Found
         "429":
           $ref: "#/components/responses/TooManyRequestsResponse"
+      security:
+        - apiKeyAuth: []
+          appKeyAuth: []
+        - AuthZ:
+            - security_monitoring_filters_write
       summary: Activate content pack
       tags:
         - Security Monitoring
+      "x-permission":
+        operator: OR
+        permissions:
+          - security_monitoring_filters_write
+          - logs_modify_indexes
       x-unstable: |-
         **Note**: This endpoint is in preview and is subject to change.
         If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
   /api/v2/security_monitoring/content_packs/{content_pack_id}/deactivate:
     put:
       description: |-
-        Deactivate a security monitoring content pack. This operation removes the content pack's
+        Deactivate a Cloud SIEM content pack. This operation removes the content pack's
         configuration from log filters or security filters and updates the content pack activation state.
       operationId: DeactivateContentPack
       parameters:
-        - description: The ID of the content pack to deactivate.
+        - description: The ID of the content pack to deactivate (for example, `aws-cloudtrail`).
           in: path
           name: content_pack_id
           required: true
@@ -112404,11 +112438,7 @@ paths:
         "202":
           description: Accepted
         "403":
-          content:
-            application/json:
-              schema:
-                $ref: "#/components/schemas/JSONAPIErrorResponse"
-          description: Forbidden
+          $ref: "#/components/responses/NotAuthorizedResponse"
         "404":
           content:
             application/json:
@@ -112417,9 +112447,19 @@ paths:
           description: Not Found
         "429":
           $ref: "#/components/responses/TooManyRequestsResponse"
+      security:
+        - apiKeyAuth: []
+          appKeyAuth: []
+        - AuthZ:
+            - security_monitoring_filters_write
       summary: Deactivate content pack
       tags:
         - Security Monitoring
+      "x-permission":
+        operator: OR
+        permissions:
+          - security_monitoring_filters_write
+          - logs_modify_indexes
       x-unstable: |-
         **Note**: This endpoint is in preview and is subject to change.
         If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).

api/datadogV2/api_security_monitoring.go

@@ -21,7 +21,7 @@ import (
 type SecurityMonitoringApi datadog.Service
 
 // ActivateContentPack Activate content pack.
-// Activate a security monitoring content pack. This operation configures the necessary
+// Activate a Cloud SIEM content pack. This operation configures the necessary
 // log filters or security filters depending on the pricing model and updates the content
 // pack activation state.
 func (a *SecurityMonitoringApi) ActivateContentPack(ctx _context.Context, contentPackId string) (*_nethttp.Response, error) {
@@ -85,17 +85,17 @@ func (a *SecurityMonitoringApi) ActivateContentPack(ctx _context.Context, conten
 			ErrorBody:    localVarBody,
 			ErrorMessage: localVarHTTPResponse.Status,
 		}
-		if localVarHTTPResponse.StatusCode == 403 || localVarHTTPResponse.StatusCode == 404 {
-			var v JSONAPIErrorResponse
+		if localVarHTTPResponse.StatusCode == 403 || localVarHTTPResponse.StatusCode == 429 {
+			var v APIErrorResponse
 			err = a.Client.Decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
 			if err != nil {
 				return localVarHTTPResponse, newErr
 			}
 			newErr.ErrorModel = v
 			return localVarHTTPResponse, newErr
 		}
-		if localVarHTTPResponse.StatusCode == 429 {
-			var v APIErrorResponse
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v JSONAPIErrorResponse
 			err = a.Client.Decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
 			if err != nil {
 				return localVarHTTPResponse, newErr
@@ -1577,7 +1577,7 @@ func (a *SecurityMonitoringApi) CreateVulnerabilityNotificationRule(ctx _context
 }
 
 // DeactivateContentPack Deactivate content pack.
-// Deactivate a security monitoring content pack. This operation removes the content pack's
+// Deactivate a Cloud SIEM content pack. This operation removes the content pack's
 // configuration from log filters or security filters and updates the content pack activation state.
 func (a *SecurityMonitoringApi) DeactivateContentPack(ctx _context.Context, contentPackId string) (*_nethttp.Response, error) {
 	var (
@@ -1640,17 +1640,17 @@ func (a *SecurityMonitoringApi) DeactivateContentPack(ctx _context.Context, cont
 			ErrorBody:    localVarBody,
 			ErrorMessage: localVarHTTPResponse.Status,
 		}
-		if localVarHTTPResponse.StatusCode == 403 || localVarHTTPResponse.StatusCode == 404 {
-			var v JSONAPIErrorResponse
+		if localVarHTTPResponse.StatusCode == 403 || localVarHTTPResponse.StatusCode == 429 {
+			var v APIErrorResponse
 			err = a.Client.Decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
 			if err != nil {
 				return localVarHTTPResponse, newErr
 			}
 			newErr.ErrorModel = v
 			return localVarHTTPResponse, newErr
 		}
-		if localVarHTTPResponse.StatusCode == 429 {
-			var v APIErrorResponse
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v JSONAPIErrorResponse
 			err = a.Client.Decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
 			if err != nil {
 				return localVarHTTPResponse, newErr
@@ -2542,9 +2542,7 @@ func (a *SecurityMonitoringApi) EditSecurityMonitoringSignalState(ctx _context.C
 }
 
 // GetContentPacksStates Get content pack states.
-// Get the activation and configuration states for all security monitoring content packs.
-// This endpoint returns status information about each content pack including activation state,
-// integration status, and log collection status.
+// Get the activation state, integration status, and log collection status for all Cloud SIEM content packs.
 func (a *SecurityMonitoringApi) GetContentPacksStates(ctx _context.Context) (SecurityMonitoringContentPackStatesResponse, *_nethttp.Response, error) {
 	var (
 		localVarHTTPMethod  = _nethttp.MethodGet
@@ -2606,17 +2604,17 @@ func (a *SecurityMonitoringApi) GetContentPacksStates(ctx _context.Context) (Sec
 			ErrorBody:    localVarBody,
 			ErrorMessage: localVarHTTPResponse.Status,
 		}
-		if localVarHTTPResponse.StatusCode == 403 || localVarHTTPResponse.StatusCode == 404 {
-			var v JSONAPIErrorResponse
+		if localVarHTTPResponse.StatusCode == 403 || localVarHTTPResponse.StatusCode == 429 {
+			var v APIErrorResponse
 			err = a.Client.Decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
 			if err != nil {
 				return localVarReturnValue, localVarHTTPResponse, newErr
 			}
 			newErr.ErrorModel = v
 			return localVarReturnValue, localVarHTTPResponse, newErr
 		}
-		if localVarHTTPResponse.StatusCode == 429 {
-			var v APIErrorResponse
+		if localVarHTTPResponse.StatusCode == 404 {
+			var v JSONAPIErrorResponse
 			err = a.Client.Decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
 			if err != nil {
 				return localVarReturnValue, localVarHTTPResponse, newErr

api/datadogV2/model_security_monitoring_content_pack_activation.go

@@ -10,7 +10,7 @@ import (
 	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
 )
 
-// SecurityMonitoringContentPackActivation The activation status of a content pack
+// SecurityMonitoringContentPackActivation The activation status of a content pack.
 type SecurityMonitoringContentPackActivation string
 
 // List of SecurityMonitoringContentPackActivation.

api/datadogV2/model_security_monitoring_content_pack_integration_status.go

@@ -10,7 +10,7 @@ import (
 	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
 )
 
-// SecurityMonitoringContentPackIntegrationStatus The installation status of the related integration
+// SecurityMonitoringContentPackIntegrationStatus The installation status of the related integration.
 type SecurityMonitoringContentPackIntegrationStatus string
 
 // List of SecurityMonitoringContentPackIntegrationStatus.

api/datadogV2/model_security_monitoring_content_pack_state_attributes.go

@@ -14,17 +14,18 @@ import (
 type SecurityMonitoringContentPackStateAttributes struct {
 	// Whether the cloud SIEM index configuration is incorrect (only applies to certain pricing models)
 	CloudSiemIndexIncorrect bool `json:"cloud_siem_index_incorrect"`
-	// The activation status of a content pack
+	// The activation status of a content pack.
 	CpActivation SecurityMonitoringContentPackActivation `json:"cp_activation"`
-	// Whether filters (Security Filters or Index Query depending on the pricing model) are configured for logs
+	// Whether filters (Security Filters or Index Query depending on the pricing model) are
+	// present and correctly configured to route logs into Cloud SIEM.
 	FiltersConfiguredForLogs bool `json:"filters_configured_for_logs"`
-	// The installation status of the related integration
+	// The installation status of the related integration.
 	IntegrationInstalledStatus *SecurityMonitoringContentPackIntegrationStatus `json:"integration_installed_status,omitempty"`
-	// Timestamp bucket indicating when logs were last collected
+	// Timestamp bucket indicating when logs were last collected.
 	LogsLastCollected SecurityMonitoringContentPackTimestampBucket `json:"logs_last_collected"`
-	// Whether logs have been seen from any index
+	// Whether logs for this content pack have been seen in any Datadog index within the last 72 hours.
 	LogsSeenFromAnyIndex bool `json:"logs_seen_from_any_index"`
-	// The current status of a content pack
+	// The current operational status of a content pack.
 	State SecurityMonitoringContentPackStatus `json:"state"`
 	// UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct
 	UnparsedObject       map[string]interface{} `json:"-"`

api/datadogV2/model_security_monitoring_content_pack_state_meta.go

@@ -14,7 +14,7 @@ import (
 type SecurityMonitoringContentPackStateMeta struct {
 	// Whether the cloud SIEM index configuration is incorrect at the organization level
 	CloudSiemIndexIncorrect bool `json:"cloud_siem_index_incorrect"`
-	// The SIEM pricing model (SKU) for the organization
+	// The Cloud SIEM pricing model (SKU) for the organization.
 	Sku SecurityMonitoringSKU `json:"sku"`
 	// UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct
 	UnparsedObject       map[string]interface{} `json:"-"`