Regenerate client from commit ff64558 of spec repo

Author: ci.datadog-api-spec

.generator/schemas/v2/openapi.yaml

@@ -44173,6 +44173,16 @@ components:
           items:
             type: string
           type: array
+        triage_state:
+          description: "Current triage state of the indicator: not_reviewed or reviewed."
+          type: string
+        triaged_at:
+          description: Timestamp when the indicator was last triaged.
+          format: date-time
+          type: string
+        triaged_by:
+          description: UUID of the user who last triaged the indicator.
+          type: string
       type: object
     IoCIndicatorDetailed:
       description: An indicator of compromise with extended context from your environment.
@@ -44291,6 +44301,21 @@ components:
           items:
             type: string
           type: array
+        triage_history:
+          description: Full triage history timeline. Returned only when `include_triage_history` is true.
+          items:
+            $ref: "#/components/schemas/IoCTriageEvent"
+          type: array
+        triage_state:
+          description: "Current triage state of the indicator: not_reviewed or reviewed."
+          type: string
+        triaged_at:
+          description: Timestamp when the indicator was last triaged.
+          format: date-time
+          type: string
+        triaged_by:
+          description: UUID of the user who last triaged the indicator.
+          type: string
         users:
           additionalProperties:
             description: List of user identifiers in this category.
@@ -44329,6 +44354,97 @@ components:
           description: Name of the threat intelligence source.
           type: string
       type: object
+    IoCTriageEvent:
+      description: A single entry in an indicator's triage history timeline.
+      properties:
+        triage_state:
+          description: "Triage state set by this action: not_reviewed or reviewed."
+          type: string
+        triaged_at:
+          description: Timestamp when this triage action occurred.
+          format: date-time
+          type: string
+        triaged_by:
+          description: UUID of the user who performed this triage action.
+          type: string
+      type: object
+    IoCTriageWriteRequest:
+      description: Request body for creating or updating an indicator triage state.
+      properties:
+        data:
+          $ref: "#/components/schemas/IoCTriageWriteRequestData"
+      required:
+        - data
+      type: object
+    IoCTriageWriteRequestAttributes:
+      description: Attributes for setting an indicator's triage state.
+      properties:
+        indicator:
+          description: The indicator value to triage (for example, an IP address or domain).
+          example: "192.0.2.1"
+          type: string
+        triage_state:
+          description: "The triage state to set: not_reviewed or reviewed."
+          example: reviewed
+          type: string
+      required:
+        - indicator
+        - triage_state
+      type: object
+    IoCTriageWriteRequestData:
+      description: Data object for the triage write request.
+      properties:
+        attributes:
+          $ref: "#/components/schemas/IoCTriageWriteRequestAttributes"
+        type:
+          default: ioc_triage_state
+          description: Triage state resource type.
+          example: ioc_triage_state
+          type: string
+      required:
+        - type
+        - attributes
+      type: object
+    IoCTriageWriteResponse:
+      description: Response for the create indicator triage state endpoint.
+      properties:
+        data:
+          $ref: "#/components/schemas/IoCTriageWriteResponseData"
+      type: object
+    IoCTriageWriteResponseAttributes:
+      description: Attributes of a created or updated triage state.
+      properties:
+        created_at:
+          description: Timestamp when the triage record was created.
+          format: date-time
+          type: string
+        indicator:
+          description: The indicator value that was triaged.
+          type: string
+        triage_state:
+          description: "The triage state that was set: not_reviewed or reviewed."
+          type: string
+        triaged_at:
+          description: Timestamp when the triage state was set.
+          format: date-time
+          type: string
+        triaged_by:
+          description: UUID of the user who set the triage state.
+          type: string
+      type: object
+    IoCTriageWriteResponseData:
+      description: Data object of the triage write response.
+      properties:
+        attributes:
+          $ref: "#/components/schemas/IoCTriageWriteResponseAttributes"
+        id:
+          description: Unique identifier for the triage state record.
+          type: string
+        type:
+          default: ioc_triage_state
+          description: Triage state resource type.
+          type: string
+      type: object
     Issue:
       description: The issue matching the request.
       properties:
@@ -158508,6 +158624,25 @@ paths:
           schema:
             default: desc
             type: string
+        - description: When true, return only OCSF field-based matches. When false, return regex/message-based matches.
+          in: query
+          name: ocsf
+          required: false
+          schema:
+            default: true
+            type: boolean
+        - description: Filter indicators worked by a specific user UUID.
+          in: query
+          name: worked_by
+          required: false
+          schema:
+            type: string
+        - description: "Filter by triage state: not_reviewed or reviewed."
+          in: query
+          name: triage_state
+          required: false
+          schema:
+            type: string
       responses:
         "200":
           content:
@@ -158559,6 +158694,38 @@ paths:
           required: true
           schema:
             type: string
+        - description: When true, return only OCSF field-based matches. When false, return regex/message-based matches.
+          in: query
+          name: ocsf
+          required: false
+          schema:
+            default: true
+            type: boolean
+        - description: Include full triage history for the indicator.
+          in: query
+          name: include_triage_history
+          required: false
+          schema:
+            default: false
+            type: boolean
+        - description: Maximum number of triage history events returned. Only applied when `include_triage_history` is true.
+          in: query
+          name: triage_history_limit
+          required: false
+          schema:
+            default: 50
+            format: int32
+            maximum: 1000
+            minimum: 1
+            type: integer
+        - description: Pagination offset into the triage history. Only applied when `include_triage_history` is true.
+          in: query
+          name: triage_history_offset
+          required: false
+          schema:
+            default: 0
+            format: int32
+            type: integer
       responses:
         "200":
           content:
@@ -158596,6 +158763,62 @@ paths:
       x-unstable: |-
         **Note**: This endpoint is in beta and may be subject to changes.
         Please check the documentation regularly for updates.
+  /api/v2/security/siem/ioc-explorer/triage:
+    post:
+      description: |-
+        Set the triage state of an indicator of compromise (IoC). This creates or
+        updates the triage state for the indicator in your organization.
+      operationId: CreateIoCTriageState
+      requestBody:
+        content:
+          "application/json":
+            examples:
+              default:
+                value:
+                  data:
+                    attributes:
+                      indicator: "192.0.2.1"
+                      triage_state: reviewed
+                    type: ioc_triage_state
+            schema:
+              $ref: "#/components/schemas/IoCTriageWriteRequest"
+        description: The triage state to set for the indicator.
+        required: true
+      responses:
+        "201":
+          content:
+            "application/json":
+              examples:
+                default:
+                  value:
+                    data:
+                      attributes:
+                        created_at: "2026-06-04T12:00:00Z"
+                        indicator: "192.0.2.1"
+                        triage_state: reviewed
+                        triaged_at: "2026-06-04T12:00:00Z"
+                        triaged_by: 11111111-2222-3333-4444-555555555555
+                      id: abc-123
+                      type: ioc_triage_state
+              schema:
+                $ref: "#/components/schemas/IoCTriageWriteResponse"
+          description: Created
+        "400":
+          $ref: "#/components/responses/BadRequestResponse"
+        "403":
+          $ref: "#/components/responses/NotAuthorizedResponse"
+        "429":
+          $ref: "#/components/responses/TooManyRequestsResponse"
+      security:
+        - apiKeyAuth: []
+          appKeyAuth: []
+        - AuthZ:
+            - security_monitoring_signals_write
+      summary: Create or update an indicator triage state
+      tags: ["Security Monitoring"]
+      x-unstable: |-
+        **Note**: This endpoint is in beta and may be subject to changes.
+        Please check the documentation regularly for updates.
   /api/v2/security/signals/notification_rules:
     get:
       description: Returns the list of notification rules for security signals.

api/datadog/configuration.go

@@ -801,6 +801,7 @@ func NewConfiguration() *Configuration {
 			"v2.CancelHistoricalJob":                              false,
 			"v2.ConvertJobResultToSignal":                         false,
 			"v2.ConvertSecurityMonitoringTerraformResource":       false,
+			"v2.CreateIoCTriageState":                             false,
 			"v2.CreateSampleLogGenerationSubscription":            false,
 			"v2.CreateSecurityMonitoringDataset":                  false,
 			"v2.CreateSecurityMonitoringIntegrationConfig":        false,