diff --git a/.generator/schemas/v1/openapi.yaml b/.generator/schemas/v1/openapi.yaml index 06889282417..ce0a0f2f0e7 100644 --- a/.generator/schemas/v1/openapi.yaml +++ b/.generator/schemas/v1/openapi.yaml @@ -26513,6 +26513,7 @@ paths: - ap2.datadoghq.com - datadoghq.eu - ddog-gov.com + - us2.ddog-gov.com subdomain: default: ip-ranges description: The subdomain where the API is deployed. @@ -39887,6 +39888,7 @@ paths: - ap2.datadoghq.com - datadoghq.eu - ddog-gov.com + - us2.ddog-gov.com subdomain: default: http-intake.logs description: The subdomain where the API is deployed. @@ -39927,6 +39929,7 @@ servers: - ap2.datadoghq.com - datadoghq.eu - ddog-gov.com + - us2.ddog-gov.com subdomain: default: api description: The subdomain where the API is deployed. diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 2994c0bb30b..3df325ff500 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -62654,19 +62654,23 @@ components: - DONE - TIMEOUT SecurityMonitoringContentPackActivation: - description: The activation status of a content pack + description: The activation status of a content pack. enum: - never_activated - activated - deactivated example: activated type: string + x-enum-descriptions: + - Pack has never been activated for this organization. + - Pack is currently activated. + - Pack was previously activated but has since been deactivated. x-enum-varnames: - NEVER_ACTIVATED - ACTIVATED - DEACTIVATED SecurityMonitoringContentPackIntegrationStatus: - description: The installation status of the related integration + description: The installation status of the related integration. enum: - installed - available @@ -62675,6 +62679,12 @@ components: - error example: installed type: string + x-enum-descriptions: + - Integration is fully installed. + - Integration exists in the catalog but is not installed. + - Integration is only partially configured. + - Integration detected (for example, logs are flowing) but not explicitly installed. + - Integration is in an error state. x-enum-varnames: - INSTALLED - AVAILABLE @@ -62691,7 +62701,9 @@ components: cp_activation: $ref: "#/components/schemas/SecurityMonitoringContentPackActivation" filters_configured_for_logs: - description: Whether filters (Security Filters or Index Query depending on the pricing model) are configured for logs + description: |- + Whether filters (Security Filters or Index Query depending on the pricing model) are + present and correctly configured to route logs into Cloud SIEM. example: true type: boolean integration_installed_status: @@ -62699,7 +62711,7 @@ components: logs_last_collected: $ref: "#/components/schemas/SecurityMonitoringContentPackTimestampBucket" logs_seen_from_any_index: - description: Whether logs have been seen from any index + description: Whether logs for this content pack have been seen in any Datadog index within the last 72 hours. example: true type: boolean state: @@ -62764,7 +62776,7 @@ components: - meta type: object SecurityMonitoringContentPackStatus: - description: The current status of a content pack + description: The current operational status of a content pack. enum: - install - activate @@ -62774,6 +62786,13 @@ components: - broken example: active type: string + x-enum-descriptions: + - Not activated; no logs detected in the last 72 hours. + - Not activated; logs are flowing into a Datadog index but not yet routed through Cloud SIEM. + - Activated; awaiting first log ingestion. + - Activated; logs received within the last 24 hours. + - Activated; integration not installed or logs last seen 24 to 72 hours ago. + - Activated; no logs for over 72 hours, filter missing, or Cloud SIEM index incorrectly ordered. x-enum-varnames: - INSTALL - ACTIVATE @@ -62782,7 +62801,7 @@ components: - WARNING - BROKEN SecurityMonitoringContentPackTimestampBucket: - description: Timestamp bucket indicating when logs were last collected + description: Timestamp bucket indicating when logs were last collected. enum: - not_seen - within_24_hours @@ -62791,6 +62810,12 @@ components: - over_30d example: within_24_hours type: string + x-enum-descriptions: + - No logs observed. + - Logs received within the last 24 hours. + - Logs last seen 24 to 72 hours ago. + - Logs last seen 3 to 30 days ago. + - Logs last seen more than 30 days ago. x-enum-varnames: - NOT_SEEN - WITHIN_24_HOURS @@ -63881,7 +63906,7 @@ components: - $ref: "#/components/schemas/SecurityMonitoringSignalRulePayload" - $ref: "#/components/schemas/CloudConfigurationRulePayload" SecurityMonitoringSKU: - description: The SIEM pricing model (SKU) for the organization + description: The Cloud SIEM pricing model (SKU) for the organization. enum: - per_gb_analyzed - per_event_in_siem_index_2023 @@ -93388,6 +93413,7 @@ paths: - ap2.datadoghq.com - datadoghq.eu - ddog-gov.com + - us2.ddog-gov.com subdomain: default: event-management-intake description: The subdomain where the API is deployed. @@ -102595,6 +102621,7 @@ paths: - ap2.datadoghq.com - datadoghq.eu - ddog-gov.com + - us2.ddog-gov.com subdomain: default: http-intake.logs description: The subdomain where the API is deployed. @@ -118804,9 +118831,8 @@ paths: /api/v2/security_monitoring/content_packs/states: get: description: |- - Get the activation and configuration states for all security monitoring content packs. - This endpoint returns status information about each content pack including activation state, - integration status, and log collection status. + Get the activation state, integration status, and log collection status + for all Cloud SIEM content packs. operationId: GetContentPacksStates responses: "200": @@ -118829,21 +118855,31 @@ paths: description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_filters_read summary: Get content pack states tags: - Security Monitoring + "x-permission": + operator: OR + permissions: + - security_monitoring_filters_read + - logs_read_index_data x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/security_monitoring/content_packs/{content_pack_id}/activate: put: description: |- - Activate a security monitoring content pack. This operation configures the necessary + Activate a Cloud SIEM content pack. This operation configures the necessary log filters or security filters depending on the pricing model and updates the content pack activation state. operationId: ActivateContentPack parameters: - - description: The ID of the content pack to activate. + - description: The ID of the content pack to activate (for example, `aws-cloudtrail`). in: path name: content_pack_id required: true @@ -118867,20 +118903,30 @@ paths: description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_filters_write summary: Activate content pack tags: - Security Monitoring + "x-permission": + operator: OR + permissions: + - security_monitoring_filters_write + - logs_modify_indexes x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/security_monitoring/content_packs/{content_pack_id}/deactivate: put: description: |- - Deactivate a security monitoring content pack. This operation removes the content pack's + Deactivate a Cloud SIEM content pack. This operation removes the content pack's configuration from log filters or security filters and updates the content pack activation state. operationId: DeactivateContentPack parameters: - - description: The ID of the content pack to deactivate. + - description: The ID of the content pack to deactivate (for example, `aws-cloudtrail`). in: path name: content_pack_id required: true @@ -118904,9 +118950,19 @@ paths: description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_filters_write summary: Deactivate content pack tags: - Security Monitoring + "x-permission": + operator: OR + permissions: + - security_monitoring_filters_write + - logs_modify_indexes x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). @@ -130088,6 +130144,7 @@ servers: - ap2.datadoghq.com - datadoghq.eu - ddog-gov.com + - us2.ddog-gov.com subdomain: default: api description: The subdomain where the API is deployed. diff --git a/api/datadog/configuration.go b/api/datadog/configuration.go index 31a81e73467..96a125be58f 100644 --- a/api/datadog/configuration.go +++ b/api/datadog/configuration.go @@ -161,6 +161,7 @@ func NewConfiguration() *Configuration { "ap2.datadoghq.com", "datadoghq.eu", "ddog-gov.com", + "us2.ddog-gov.com", }, }, "subdomain": { @@ -215,6 +216,7 @@ func NewConfiguration() *Configuration { "ap2.datadoghq.com", "datadoghq.eu", "ddog-gov.com", + "us2.ddog-gov.com", }, }, "subdomain": { @@ -264,6 +266,7 @@ func NewConfiguration() *Configuration { "ap2.datadoghq.com", "datadoghq.eu", "ddog-gov.com", + "us2.ddog-gov.com", }, }, "subdomain": { @@ -317,6 +320,7 @@ func NewConfiguration() *Configuration { "ap2.datadoghq.com", "datadoghq.eu", "ddog-gov.com", + "us2.ddog-gov.com", }, }, "subdomain": { @@ -370,6 +374,7 @@ func NewConfiguration() *Configuration { "ap2.datadoghq.com", "datadoghq.eu", "ddog-gov.com", + "us2.ddog-gov.com", }, }, "subdomain": { diff --git a/api/datadogV2/api_security_monitoring.go b/api/datadogV2/api_security_monitoring.go index 1955be167ba..d0fcf5e6674 100644 --- a/api/datadogV2/api_security_monitoring.go +++ b/api/datadogV2/api_security_monitoring.go @@ -21,7 +21,7 @@ import ( type SecurityMonitoringApi datadog.Service // ActivateContentPack Activate content pack. -// Activate a security monitoring content pack. This operation configures the necessary +// Activate a Cloud SIEM content pack. This operation configures the necessary // log filters or security filters depending on the pricing model and updates the content // pack activation state. func (a *SecurityMonitoringApi) ActivateContentPack(ctx _context.Context, contentPackId string) (*_nethttp.Response, error) { @@ -1844,7 +1844,7 @@ func (a *SecurityMonitoringApi) CreateVulnerabilityNotificationRule(ctx _context } // DeactivateContentPack Deactivate content pack. -// Deactivate a security monitoring content pack. This operation removes the content pack's +// Deactivate a Cloud SIEM content pack. This operation removes the content pack's // configuration from log filters or security filters and updates the content pack activation state. func (a *SecurityMonitoringApi) DeactivateContentPack(ctx _context.Context, contentPackId string) (*_nethttp.Response, error) { var ( @@ -2989,9 +2989,8 @@ func (a *SecurityMonitoringApi) ExportSecurityMonitoringTerraformResource(ctx _c } // GetContentPacksStates Get content pack states. -// Get the activation and configuration states for all security monitoring content packs. -// This endpoint returns status information about each content pack including activation state, -// integration status, and log collection status. +// Get the activation state, integration status, and log collection status +// for all Cloud SIEM content packs. func (a *SecurityMonitoringApi) GetContentPacksStates(ctx _context.Context) (SecurityMonitoringContentPackStatesResponse, *_nethttp.Response, error) { var ( localVarHTTPMethod = _nethttp.MethodGet diff --git a/api/datadogV2/model_security_monitoring_content_pack_activation.go b/api/datadogV2/model_security_monitoring_content_pack_activation.go index 673d8e2ba50..e70f331478d 100644 --- a/api/datadogV2/model_security_monitoring_content_pack_activation.go +++ b/api/datadogV2/model_security_monitoring_content_pack_activation.go @@ -10,7 +10,7 @@ import ( "github.com/DataDog/datadog-api-client-go/v2/api/datadog" ) -// SecurityMonitoringContentPackActivation The activation status of a content pack +// SecurityMonitoringContentPackActivation The activation status of a content pack. type SecurityMonitoringContentPackActivation string // List of SecurityMonitoringContentPackActivation. diff --git a/api/datadogV2/model_security_monitoring_content_pack_integration_status.go b/api/datadogV2/model_security_monitoring_content_pack_integration_status.go index d7c5f09baec..1b4ea318a38 100644 --- a/api/datadogV2/model_security_monitoring_content_pack_integration_status.go +++ b/api/datadogV2/model_security_monitoring_content_pack_integration_status.go @@ -10,7 +10,7 @@ import ( "github.com/DataDog/datadog-api-client-go/v2/api/datadog" ) -// SecurityMonitoringContentPackIntegrationStatus The installation status of the related integration +// SecurityMonitoringContentPackIntegrationStatus The installation status of the related integration. type SecurityMonitoringContentPackIntegrationStatus string // List of SecurityMonitoringContentPackIntegrationStatus. diff --git a/api/datadogV2/model_security_monitoring_content_pack_state_attributes.go b/api/datadogV2/model_security_monitoring_content_pack_state_attributes.go index 7d001030df4..36e01cd2669 100644 --- a/api/datadogV2/model_security_monitoring_content_pack_state_attributes.go +++ b/api/datadogV2/model_security_monitoring_content_pack_state_attributes.go @@ -14,17 +14,18 @@ import ( type SecurityMonitoringContentPackStateAttributes struct { // Whether the cloud SIEM index configuration is incorrect (only applies to certain pricing models) CloudSiemIndexIncorrect bool `json:"cloud_siem_index_incorrect"` - // The activation status of a content pack + // The activation status of a content pack. CpActivation SecurityMonitoringContentPackActivation `json:"cp_activation"` - // Whether filters (Security Filters or Index Query depending on the pricing model) are configured for logs + // Whether filters (Security Filters or Index Query depending on the pricing model) are + // present and correctly configured to route logs into Cloud SIEM. FiltersConfiguredForLogs bool `json:"filters_configured_for_logs"` - // The installation status of the related integration + // The installation status of the related integration. IntegrationInstalledStatus *SecurityMonitoringContentPackIntegrationStatus `json:"integration_installed_status,omitempty"` - // Timestamp bucket indicating when logs were last collected + // Timestamp bucket indicating when logs were last collected. LogsLastCollected SecurityMonitoringContentPackTimestampBucket `json:"logs_last_collected"` - // Whether logs have been seen from any index + // Whether logs for this content pack have been seen in any Datadog index within the last 72 hours. LogsSeenFromAnyIndex bool `json:"logs_seen_from_any_index"` - // The current status of a content pack + // The current operational status of a content pack. State SecurityMonitoringContentPackStatus `json:"state"` // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct UnparsedObject map[string]interface{} `json:"-"` diff --git a/api/datadogV2/model_security_monitoring_content_pack_state_meta.go b/api/datadogV2/model_security_monitoring_content_pack_state_meta.go index dace8bc6df1..1bff5e8ac5f 100644 --- a/api/datadogV2/model_security_monitoring_content_pack_state_meta.go +++ b/api/datadogV2/model_security_monitoring_content_pack_state_meta.go @@ -14,7 +14,7 @@ import ( type SecurityMonitoringContentPackStateMeta struct { // Whether the cloud SIEM index configuration is incorrect at the organization level CloudSiemIndexIncorrect bool `json:"cloud_siem_index_incorrect"` - // The SIEM pricing model (SKU) for the organization + // The Cloud SIEM pricing model (SKU) for the organization. Sku SecurityMonitoringSKU `json:"sku"` // UnparsedObject contains the raw value of the object if there was an error when deserializing into the struct UnparsedObject map[string]interface{} `json:"-"` diff --git a/api/datadogV2/model_security_monitoring_content_pack_status.go b/api/datadogV2/model_security_monitoring_content_pack_status.go index 6f335fe55da..850ff7bc235 100644 --- a/api/datadogV2/model_security_monitoring_content_pack_status.go +++ b/api/datadogV2/model_security_monitoring_content_pack_status.go @@ -10,7 +10,7 @@ import ( "github.com/DataDog/datadog-api-client-go/v2/api/datadog" ) -// SecurityMonitoringContentPackStatus The current status of a content pack +// SecurityMonitoringContentPackStatus The current operational status of a content pack. type SecurityMonitoringContentPackStatus string // List of SecurityMonitoringContentPackStatus. diff --git a/api/datadogV2/model_security_monitoring_content_pack_timestamp_bucket.go b/api/datadogV2/model_security_monitoring_content_pack_timestamp_bucket.go index a3add18c230..bb2975dde6c 100644 --- a/api/datadogV2/model_security_monitoring_content_pack_timestamp_bucket.go +++ b/api/datadogV2/model_security_monitoring_content_pack_timestamp_bucket.go @@ -10,7 +10,7 @@ import ( "github.com/DataDog/datadog-api-client-go/v2/api/datadog" ) -// SecurityMonitoringContentPackTimestampBucket Timestamp bucket indicating when logs were last collected +// SecurityMonitoringContentPackTimestampBucket Timestamp bucket indicating when logs were last collected. type SecurityMonitoringContentPackTimestampBucket string // List of SecurityMonitoringContentPackTimestampBucket. diff --git a/api/datadogV2/model_security_monitoring_sku.go b/api/datadogV2/model_security_monitoring_sku.go index 0db8c66d549..24e83bbce3f 100644 --- a/api/datadogV2/model_security_monitoring_sku.go +++ b/api/datadogV2/model_security_monitoring_sku.go @@ -10,7 +10,7 @@ import ( "github.com/DataDog/datadog-api-client-go/v2/api/datadog" ) -// SecurityMonitoringSKU The SIEM pricing model (SKU) for the organization +// SecurityMonitoringSKU The Cloud SIEM pricing model (SKU) for the organization. type SecurityMonitoringSKU string // List of SecurityMonitoringSKU.