Regenerate client from commit 07b13d4 of spec repo

Author: ci.datadog-api-spec

.generator/schemas/v2/openapi.yaml

@@ -60787,7 +60787,11 @@ components:
         - DONE
         - TIMEOUT
     SecurityMonitoringContentPackActivation:
-      description: The activation status of a content pack
+      description: |-
+        The activation lifecycle state of a content pack:
+        - `never_activated`: Pack has never been activated for this organization.
+        - `activated`: Pack is currently active.
+        - `deactivated`: Pack was previously activated but is now deactivated.
       enum:
         - never_activated
         - activated
@@ -60799,7 +60803,13 @@ components:
         - ACTIVATED
         - DEACTIVATED
     SecurityMonitoringContentPackIntegrationStatus:
-      description: The installation status of the related integration
+      description: |-
+        The installation status of the related Datadog integration:
+        - `installed`: Integration is fully installed.
+        - `available`: Integration exists in catalog but not installed.
+        - `partially_installed`: Integration is partially configured.
+        - `detected`: Integration detected (for example, logs flowing) but not explicitly installed.
+        - `error`: Integration in error state.
       enum:
         - installed
         - available
@@ -60897,7 +60907,14 @@ components:
         - meta
       type: object
     SecurityMonitoringContentPackStatus:
-      description: The current status of a content pack
+      description: |-
+        The current operational status of a content pack:
+        - `install`: Content pack not yet activated; awaiting user action.
+        - `activate`: Pack installed/configured but not yet activated by user.
+        - `initializing`: Activation in progress; logs pipeline being configured.
+        - `active`: Pack is fully operational and receiving logs.
+        - `warning`: Pack activated but potential issues detected.
+        - `broken`: Pack is activated but not functioning correctly.
       enum:
         - install
         - activate
@@ -60915,7 +60932,13 @@ components:
         - WARNING
         - BROKEN
     SecurityMonitoringContentPackTimestampBucket:
-      description: Timestamp bucket indicating when logs were last collected
+      description: |-
+        Timestamp bucket indicating when logs were last collected for a content pack:
+        - `not_seen`: No logs observed.
+        - `within_24_hours`: Logs seen in the last 24 hours.
+        - `within_24_to_72_hours`: Logs seen 24 to 72 hours ago.
+        - `over_72h_to_30d`: Logs seen 3 to 30 days ago.
+        - `over_30d`: Logs last seen more than 30 days ago.
       enum:
         - not_seen
         - within_24_hours
@@ -62014,7 +62037,11 @@ components:
         - $ref: "#/components/schemas/SecurityMonitoringSignalRulePayload"
         - $ref: "#/components/schemas/CloudConfigurationRulePayload"
     SecurityMonitoringSKU:
-      description: The SIEM pricing model (SKU) for the organization
+      description: |-
+        The SIEM pricing model (SKU) for the organization:
+        - `per_gb_analyzed`: Legacy per-GB analyzed pricing.
+        - `per_event_in_siem_index_2023`: 2023 per-indexed-event pricing.
+        - `add_on_2024`: 2024 add-on pricing.
       enum:
         - per_gb_analyzed
         - per_event_in_siem_index_2023
@@ -111563,8 +111590,13 @@ paths:
     get:
       description: |-
         Get the activation and configuration states for all security monitoring content packs.
-        This endpoint returns status information about each content pack including activation state,
-        integration status, and log collection status.
+
+        Each content pack state includes:
+        - **Activation state**: whether the pack has been activated (`never_activated`, `activated`, or `deactivated`).
+        - **Operational status**: current health of the pack (`install`, `activate`, `initializing`, `active`, `warning`, or `broken`).
+        - **Log ingestion signals**: whether logs have been seen from any index and how recently they were last collected.
+        - **Configuration health**: whether the Cloud SIEM index is correctly configured and whether filters are set up for the logs.
+        - **Integration status**: whether the relevant Datadog integration is installed.
       operationId: GetContentPacksStates
       responses:
         "200":
@@ -111574,11 +111606,7 @@ paths:
                 $ref: "#/components/schemas/SecurityMonitoringContentPackStatesResponse"
           description: OK
         "403":
-          content:
-            application/json:
-              schema:
-                $ref: "#/components/schemas/JSONAPIErrorResponse"
-          description: Forbidden
+          $ref: "#/components/responses/NotAuthorizedResponse"
         "404":
           content:
             application/json:
@@ -111587,21 +111615,33 @@ paths:
           description: Not Found
         "429":
           $ref: "#/components/responses/TooManyRequestsResponse"
+      security:
+        - apiKeyAuth: []
+          appKeyAuth: []
+        - AuthZ:
+            - security_monitoring_filters_read
       summary: Get content pack states
       tags:
         - Security Monitoring
+      "x-permission":
+        operator: OR
+        permissions:
+          - security_monitoring_filters_read
+          - logs_read_index_data
       x-unstable: |-
         **Note**: This endpoint is in preview and is subject to change.
         If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
   /api/v2/security_monitoring/content_packs/{content_pack_id}/activate:
     put:
       description: |-
-        Activate a security monitoring content pack. This operation configures the necessary
-        log filters or security filters depending on the pricing model and updates the content
-        pack activation state.
+        Activate a security monitoring content pack for the authenticated organization.
+
+        Activation creates the underlying SIEM security filters and index routing configuration
+        for the content pack's log source. The Security Monitoring product must be enabled
+        for the organization.
       operationId: ActivateContentPack
       parameters:
-        - description: The ID of the content pack to activate.
+        - description: The ID of the content pack to activate (for example, `aws-cloudtrail`).
           in: path
           name: content_pack_id
           required: true
@@ -111612,11 +111652,7 @@ paths:
         "202":
           description: Accepted
         "403":
-          content:
-            application/json:
-              schema:
-                $ref: "#/components/schemas/JSONAPIErrorResponse"
-          description: Forbidden
+          $ref: "#/components/responses/NotAuthorizedResponse"
         "404":
           content:
             application/json:
@@ -111625,20 +111661,33 @@ paths:
           description: Not Found
         "429":
           $ref: "#/components/responses/TooManyRequestsResponse"
+      security:
+        - apiKeyAuth: []
+          appKeyAuth: []
+        - AuthZ:
+            - security_monitoring_filters_write
       summary: Activate content pack
       tags:
         - Security Monitoring
+      "x-permission":
+        operator: OR
+        permissions:
+          - security_monitoring_filters_write
+          - logs_modify_indexes
       x-unstable: |-
         **Note**: This endpoint is in preview and is subject to change.
         If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
   /api/v2/security_monitoring/content_packs/{content_pack_id}/deactivate:
     put:
       description: |-
-        Deactivate a security monitoring content pack. This operation removes the content pack's
-        configuration from log filters or security filters and updates the content pack activation state.
+        Deactivate a security monitoring content pack for the authenticated organization.
+
+        Deactivation removes the SIEM security filters and index routing configuration
+        for the content pack's log source. The Security Monitoring product must be enabled
+        for the organization.
       operationId: DeactivateContentPack
       parameters:
-        - description: The ID of the content pack to deactivate.
+        - description: The ID of the content pack to deactivate (for example, `aws-cloudtrail`).
           in: path
           name: content_pack_id
           required: true
@@ -111649,11 +111698,7 @@ paths:
         "202":
           description: Accepted
         "403":
-          content:
-            application/json:
-              schema:
-                $ref: "#/components/schemas/JSONAPIErrorResponse"
-          description: Forbidden
+          $ref: "#/components/responses/NotAuthorizedResponse"
         "404":
           content:
             application/json:
@@ -111662,9 +111707,19 @@ paths:
           description: Not Found
         "429":
           $ref: "#/components/responses/TooManyRequestsResponse"
+      security:
+        - apiKeyAuth: []
+          appKeyAuth: []
+        - AuthZ:
+            - security_monitoring_filters_write
       summary: Deactivate content pack
       tags:
         - Security Monitoring
+      "x-permission":
+        operator: OR
+        permissions:
+          - security_monitoring_filters_write
+          - logs_modify_indexes
       x-unstable: |-
         **Note**: This endpoint is in preview and is subject to change.
         If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).