DataDog
diff --git a/‎.generator/schemas/v2/openapi.yaml‎
Lines changed: 377 additions & 0 deletions b/‎.generator/schemas/v2/openapi.yaml‎
Lines changed: 377 additions & 0 deletions
@@ -48629,6 +48629,263 @@ components:
       type: string
       x-enum-varnames:
       - SECRET_RULE
+    SecurityEntityConfigRisks:
+      description: Configuration risks associated with the entity
+      properties:
+        hasIdentityRisk:
+          description: Whether the entity has identity risks
+          example: false
+          type: boolean
+        hasMisconfiguration:
+          description: Whether the entity has misconfigurations
+          example: true
+          type: boolean
+        hasPrivilegedRole:
+          description: Whether the entity has privileged roles
+          example: true
+          type: boolean
+        isPrivileged:
+          description: Whether the entity has privileged access
+          example: false
+          type: boolean
+        isProduction:
+          description: Whether the entity is in a production environment
+          example: true
+          type: boolean
+        isPubliclyAccessible:
+          description: Whether the entity is publicly accessible
+          example: true
+          type: boolean
+      required:
+      - hasMisconfiguration
+      - hasIdentityRisk
+      - isPubliclyAccessible
+      - isProduction
+      - hasPrivilegedRole
+      - isPrivileged
+      type: object
+    SecurityEntityMetadata:
+      description: Metadata about the entity from cloud providers
+      properties:
+        accountID:
+          description: Cloud account ID (AWS)
+          example: '123456789012'
+          type: string
+        environments:
+          description: Environment tags associated with the entity
+          example:
+          - production
+          - us-east-1
+          items:
+            type: string
+          type: array
+        mitreTactics:
+          description: MITRE ATT&CK tactics detected
+          example:
+          - Credential Access
+          - Privilege Escalation
+          items:
+            type: string
+          type: array
+        mitreTechniques:
+          description: MITRE ATT&CK techniques detected
+          example:
+          - T1078
+          - T1098
+          items:
+            type: string
+          type: array
+        projectID:
+          description: Cloud project ID (GCP)
+          example: my-gcp-project
+          type: string
+        services:
+          description: Services associated with the entity
+          example:
+          - api-gateway
+          - lambda
+          items:
+            type: string
+          type: array
+        sources:
+          description: Data sources that detected this entity
+          example:
+          - cloudtrail
+          - cloud-security-posture-management
+          items:
+            type: string
+          type: array
+        subscriptionID:
+          description: Cloud subscription ID (Azure)
+          example: a1b2c3d4-e5f6-7890-abcd-ef1234567890
+          type: string
+      required:
+      - sources
+      - environments
+      - services
+      - mitreTactics
+      - mitreTechniques
+      type: object
+    SecurityEntityRiskScore:
+      description: An entity risk score containing security risk assessment information
+      properties:
+        attributes:
+          $ref: '#/components/schemas/SecurityEntityRiskScoreAttributes'
+        id:
+          description: Unique identifier for the entity
+          example: arn:aws:iam::123456789012:user/john.doe
+          type: string
+        type:
+          $ref: '#/components/schemas/SecurityEntityRiskScoreType'
+      required:
+      - id
+      - type
+      - attributes
+      type: object
+    SecurityEntityRiskScoreAttributes:
+      description: Attributes of an entity risk score
+      properties:
+        configRisks:
+          $ref: '#/components/schemas/SecurityEntityConfigRisks'
+        entityID:
+          description: Unique identifier for the entity
+          example: arn:aws:iam::123456789012:user/john.doe
+          type: string
+        entityMetadata:
+          $ref: '#/components/schemas/SecurityEntityMetadata'
+        entityName:
+          description: Human-readable name of the entity
+          example: john.doe
+          type: string
+        entityProviders:
+          description: Cloud providers associated with the entity
+          example:
+          - aws
+          items:
+            type: string
+          type: array
+        entityRoles:
+          description: Roles associated with the entity
+          example:
+          - Admin
+          - Developer
+          items:
+            type: string
+          type: array
+        entityType:
+          description: Type of the entity (e.g., aws_iam_user, aws_ec2_instance)
+          example: aws_iam_user
+          type: string
+        firstDetected:
+          description: Timestamp when the entity was first detected (Unix milliseconds)
+          example: 1704067200000
+          format: int64
+          type: integer
+        lastActivityTitle:
+          description: Title of the most recent signal detected for this entity
+          example: Suspicious API call detected
+          type: string
+        lastDetected:
+          description: Timestamp when the entity was last detected (Unix milliseconds)
+          example: 1705276800000
+          format: int64
+          type: integer
+        riskScore:
+          description: Current risk score for the entity
+          example: 85.5
+          format: double
+          type: number
+        riskScoreEvolution:
+          description: Change in risk score compared to previous period
+          example: 12.3
+          format: double
+          type: number
+        severity:
+          $ref: '#/components/schemas/SecurityEntityRiskScoreAttributesSeverity'
+        signalsDetected:
+          description: Number of security signals detected for this entity
+          example: 15
+          format: int64
+          type: integer
+      required:
+      - entityID
+      - entityType
+      - entityProviders
+      - riskScore
+      - riskScoreEvolution
+      - severity
+      - firstDetected
+      - lastDetected
+      - lastActivityTitle
+      - signalsDetected
+      - configRisks
+      - entityMetadata
+      type: object
+    SecurityEntityRiskScoreAttributesSeverity:
+      description: Severity level based on risk score
+      enum:
+      - critical
+      - high
+      - medium
+      - low
+      - info
+      example: critical
+      type: string
+      x-enum-varnames:
+      - CRITICAL
+      - HIGH
+      - MEDIUM
+      - LOW
+      - INFO
+    SecurityEntityRiskScoreType:
+      description: Resource type
+      enum:
+      - security_entity_risk_score
+      example: security_entity_risk_score
+      type: string
+      x-enum-varnames:
+      - SECURITY_ENTITY_RISK_SCORE
+    SecurityEntityRiskScoresMeta:
+      description: Metadata for pagination
+      properties:
+        pageNumber:
+          description: Current page number (1-indexed)
+          example: 1
+          format: int64
+          type: integer
+        pageSize:
+          description: Number of items per page
+          example: 10
+          format: int64
+          type: integer
+        queryId:
+          description: Query ID for pagination consistency
+          example: abc123def456
+          type: string
+        totalRowCount:
+          description: Total number of entities matching the query
+          example: 150
+          format: int64
+          type: integer
+      required:
+      - queryId
+      - totalRowCount
+      - pageSize
+      - pageNumber
+      type: object
+    SecurityEntityRiskScoresResponse:
+      description: Response containing a list of entity risk scores
+      properties:
+        data:
+          items:
+            $ref: '#/components/schemas/SecurityEntityRiskScore'
+          type: array
+        meta:
+          $ref: '#/components/schemas/SecurityEntityRiskScoresMeta'
+      required:
+      - data
+      - meta
+      type: object
     SecurityFilter:
       description: The security filter's properties.
       properties:
@@ -83558,6 +83815,124 @@ paths:
       x-codegen-request-body-name: body
       x-unstable: '**Note**: This endpoint is in public beta.
 
+        If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
+  /api/v2/security-entities/risk-scores:
+    get:
+      description: Get a list of entity risk scores for your organization. Entity
+        risk scores provide security risk assessment for entities like cloud resources,
+        identities, or services based on detected signals, misconfigurations, and
+        identity risks.
+      operationId: ListEntityRiskScores
+      parameters:
+      - description: Start time for the query in Unix timestamp (milliseconds). Defaults
+          to 2 weeks ago.
+        in: query
+        name: from
+        required: false
+        schema:
+          example: 1704067200000
+          format: int64
+          type: integer
+      - description: End time for the query in Unix timestamp (milliseconds). Defaults
+          to now.
+        in: query
+        name: to
+        required: false
+        schema:
+          example: 1705276800000
+          format: int64
+          type: integer
+      - description: Size of the page to return. Maximum is 1000.
+        in: query
+        name: page[size]
+        required: false
+        schema:
+          default: 10
+          example: 10
+          type: integer
+      - description: Page number to return (1-indexed).
+        in: query
+        name: page[number]
+        required: false
+        schema:
+          default: 1
+          example: 1
+          type: integer
+      - description: Query ID for pagination consistency.
+        in: query
+        name: page[queryId]
+        required: false
+        schema:
+          example: abc123def456
+          type: string
+      - description: 'Sort order for results. Format: `field:direction` where direction
+          is `asc` or `desc`.
+
+          Supported fields: `riskScore`, `lastDetected`, `firstDetected`, `entityName`,
+          `signalsDetected`.'
+        in: query
+        name: filter[sort]
+        required: false
+        schema:
+          example: riskScore:desc
+          type: string
+      - description: 'Supports filtering by entity attributes, risk scores, severity,
+          and more.
+
+          Example: `severity:critical AND entityType:aws_iam_user`'
+        in: query
+        name: filter[query]
+        required: false
+        schema:
+          example: severity:critical
+          type: string
+      - description: Filter by entity type(s). Can specify multiple values.
+        explode: true
+        in: query
+        name: entityType
+        required: false
+        schema:
+          example:
+          - aws_iam_user
+          - aws_ec2_instance
+          items:
+            example: aws_iam_user
+            type: string
+          type: array
+        style: form
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SecurityEntityRiskScoresResponse'
+          description: OK
+        '400':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JSONAPIErrorResponse'
+          description: Bad Request
+        '401':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JSONAPIErrorResponse'
+          description: Unauthorized
+        '403':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JSONAPIErrorResponse'
+          description: Forbidden
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: List Entity Risk Scores
+      tags:
+      - Entity Risk Scores
+      x-unstable: '**Note**: This endpoint is in public beta and it''s subject to
+        change.
+
         If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
   /api/v2/security/cloud_workload/policy/download:
     get:
@@ -92576,6 +92951,8 @@ tags:
 
     end times, prevent all alerting related to specified Datadog tags.'
   name: Downtimes
+- description: Retrieves security risk scores for entities in your organization.
+  name: Entity Risk Scores
 - description: View and manage issues within Error Tracking. See the [Error Tracking
     page](https://docs.datadoghq.com/error_tracking/) for more information.
   name: Error Tracking