DataDog
diff --git a/‎.generator/schemas/v2/openapi.yaml‎
Lines changed: 47 additions & 0 deletions b/‎.generator/schemas/v2/openapi.yaml‎
Lines changed: 47 additions & 0 deletions
diff --git a/‎examples/v2/security-monitoring/CreateSecurityMonitoringRule_2899714190.java‎
Lines changed: 99 additions & 0 deletions b/‎examples/v2/security-monitoring/CreateSecurityMonitoringRule_2899714190.java‎
Lines changed: 99 additions & 0 deletions
diff --git a/‎examples/v2/security-monitoring/ValidateSecurityMonitoringRule_4152369508.java‎
Lines changed: 95 additions & 0 deletions b/‎examples/v2/security-monitoring/ValidateSecurityMonitoringRule_4152369508.java‎
Lines changed: 95 additions & 0 deletions
diff --git a/‎src/main/java/com/datadog/api/client/v2/model/HistoricalJobOptions.java‎
Lines changed: 34 additions & 0 deletions b/‎src/main/java/com/datadog/api/client/v2/model/HistoricalJobOptions.java‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringRuleDetectionMethod.java‎
Lines changed: 4 additions & 1 deletion b/‎src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringRuleDetectionMethod.java‎
Lines changed: 4 additions & 1 deletion
@@ -19409,6 +19409,8 @@ components:
           $ref: '#/components/schemas/SecurityMonitoringRuleMaxSignalDuration'
         newValueOptions:
           $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptions'
+        sequenceDetectionOptions:
+          $ref: '#/components/schemas/SecurityMonitoringRuleSequenceDetectionOptions'
         thirdPartyRuleOptions:
           $ref: '#/components/schemas/SecurityMonitoringRuleThirdPartyOptions'
       type: object
@@ -39042,6 +39044,7 @@ components:
       - hardcoded
       - third_party
       - anomaly_threshold
+      - sequence_detection
       type: string
       x-enum-varnames:
       - THRESHOLD
@@ -39051,6 +39054,7 @@ components:
       - HARDCODED
       - THIRD_PARTY
       - ANOMALY_THRESHOLD
+      - SEQUENCE_DETECTION
     SecurityMonitoringRuleEvaluationWindow:
       description: 'A time window is specified to match when at least one of the cases
         matches true. This is a sliding window
@@ -39264,6 +39268,8 @@ components:
           $ref: '#/components/schemas/SecurityMonitoringRuleMaxSignalDuration'
         newValueOptions:
           $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptions'
+        sequenceDetectionOptions:
+          $ref: '#/components/schemas/SecurityMonitoringRuleSequenceDetectionOptions'
         thirdPartyRuleOptions:
           $ref: '#/components/schemas/SecurityMonitoringRuleThirdPartyOptions'
       type: object
@@ -39339,6 +39345,47 @@ components:
       oneOf:
       - $ref: '#/components/schemas/SecurityMonitoringStandardRuleResponse'
       - $ref: '#/components/schemas/SecurityMonitoringSignalRuleResponse'
+    SecurityMonitoringRuleSequenceDetectionOptions:
+      description: Options on sequence detection method.
+      properties:
+        stepTransitions:
+          description: Transitions defining the allowed order of steps and their evaluation
+            windows.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringRuleSequenceDetectionStepTransition'
+          type: array
+        steps:
+          description: Steps that define the conditions to be matched in sequence.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringRuleSequenceDetectionStep'
+          type: array
+      type: object
+    SecurityMonitoringRuleSequenceDetectionStep:
+      description: Step definition for sequence detection containing the step name,
+        condition, and evaluation window.
+      properties:
+        condition:
+          description: Condition referencing rule queries (e.g., `a > 0`).
+          type: string
+        evaluationWindow:
+          $ref: '#/components/schemas/SecurityMonitoringRuleEvaluationWindow'
+        name:
+          description: Unique name identifying the step.
+          type: string
+      type: object
+    SecurityMonitoringRuleSequenceDetectionStepTransition:
+      description: Transition from a parent step to a child step within a sequence
+        detection rule.
+      properties:
+        child:
+          description: Name of the child step.
+          type: string
+        evaluationWindow:
+          $ref: '#/components/schemas/SecurityMonitoringRuleEvaluationWindow'
+        parent:
+          description: Name of the parent step.
+          type: string
+      type: object
     SecurityMonitoringRuleSeverity:
       description: Severity of the Security Signal.
       enum:
 
@@ -0,0 +1,99 @@
+// Create a detection rule with detection method 'sequence_detection' returns "OK" response
+
+import com.datadog.api.client.ApiClient;
+import com.datadog.api.client.ApiException;
+import com.datadog.api.client.v2.api.SecurityMonitoringApi;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleCaseCreate;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleCreatePayload;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleDetectionMethod;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleEvaluationWindow;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleKeepAlive;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleMaxSignalDuration;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleOptions;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleQueryAggregation;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleResponse;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleSequenceDetectionOptions;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleSequenceDetectionStep;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleSequenceDetectionStepTransition;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleSeverity;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleTypeCreate;
+import com.datadog.api.client.v2.model.SecurityMonitoringStandardDataSource;
+import com.datadog.api.client.v2.model.SecurityMonitoringStandardRuleCreatePayload;
+import com.datadog.api.client.v2.model.SecurityMonitoringStandardRuleQuery;
+import java.util.Arrays;
+import java.util.Collections;
+
+public class Example {
+  public static void main(String[] args) {
+    ApiClient defaultClient = ApiClient.getDefaultApiClient();
+    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);
+
+    SecurityMonitoringRuleCreatePayload body =
+        new SecurityMonitoringRuleCreatePayload(
+            new SecurityMonitoringStandardRuleCreatePayload()
+                .name("Example-Security-Monitoring")
+                .type(SecurityMonitoringRuleTypeCreate.LOG_DETECTION)
+                .isEnabled(true)
+                .queries(
+                    Arrays.asList(
+                        new SecurityMonitoringStandardRuleQuery()
+                            .aggregation(SecurityMonitoringRuleQueryAggregation.COUNT)
+                            .dataSource(SecurityMonitoringStandardDataSource.LOGS)
+                            .hasOptionalGroupByFields(false)
+                            .name("")
+                            .query("service:logs-rule-reducer source:paul test2"),
+                        new SecurityMonitoringStandardRuleQuery()
+                            .aggregation(SecurityMonitoringRuleQueryAggregation.COUNT)
+                            .dataSource(SecurityMonitoringStandardDataSource.LOGS)
+                            .hasOptionalGroupByFields(false)
+                            .name("")
+                            .query("service:logs-rule-reducer source:paul test1")))
+                .cases(
+                    Collections.singletonList(
+                        new SecurityMonitoringRuleCaseCreate()
+                            .name("")
+                            .status(SecurityMonitoringRuleSeverity.INFO)
+                            .condition("step_b > 0")))
+                .message("Logs and signals asdf")
+                .options(
+                    new SecurityMonitoringRuleOptions()
+                        .detectionMethod(SecurityMonitoringRuleDetectionMethod.SEQUENCE_DETECTION)
+                        .evaluationWindow(SecurityMonitoringRuleEvaluationWindow.ZERO_MINUTES)
+                        .keepAlive(SecurityMonitoringRuleKeepAlive.FIVE_MINUTES)
+                        .maxSignalDuration(SecurityMonitoringRuleMaxSignalDuration.TEN_MINUTES)
+                        .sequenceDetectionOptions(
+                            new SecurityMonitoringRuleSequenceDetectionOptions()
+                                .stepTransitions(
+                                    Collections.singletonList(
+                                        new SecurityMonitoringRuleSequenceDetectionStepTransition()
+                                            .child("step_b")
+                                            .evaluationWindow(
+                                                SecurityMonitoringRuleEvaluationWindow
+                                                    .FIFTEEN_MINUTES)
+                                            .parent("step_a")))
+                                .steps(
+                                    Arrays.asList(
+                                        new SecurityMonitoringRuleSequenceDetectionStep()
+                                            .condition("a > 0")
+                                            .evaluationWindow(
+                                                SecurityMonitoringRuleEvaluationWindow.ONE_MINUTE)
+                                            .name("step_a"),
+                                        new SecurityMonitoringRuleSequenceDetectionStep()
+                                            .condition("b > 0")
+                                            .evaluationWindow(
+                                                SecurityMonitoringRuleEvaluationWindow.ONE_MINUTE)
+                                            .name("step_b"))))));
+
+    try {
+      SecurityMonitoringRuleResponse result = apiInstance.createSecurityMonitoringRule(body);
+      System.out.println(result);
+    } catch (ApiException e) {
+      System.err.println(
+          "Exception when calling SecurityMonitoringApi#createSecurityMonitoringRule");
+      System.err.println("Status code: " + e.getCode());
+      System.err.println("Reason: " + e.getResponseBody());
+      System.err.println("Response headers: " + e.getResponseHeaders());
+      e.printStackTrace();
+    }
+  }
+}
@@ -0,0 +1,95 @@
+// Validate a detection rule with detection method 'sequence_detection' returns "OK" response
+
+import com.datadog.api.client.ApiClient;
+import com.datadog.api.client.ApiException;
+import com.datadog.api.client.v2.api.SecurityMonitoringApi;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleCaseCreate;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleDetectionMethod;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleEvaluationWindow;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleKeepAlive;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleMaxSignalDuration;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleOptions;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleQueryAggregation;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleSequenceDetectionOptions;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleSequenceDetectionStep;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleSequenceDetectionStepTransition;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleSeverity;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleTypeCreate;
+import com.datadog.api.client.v2.model.SecurityMonitoringRuleValidatePayload;
+import com.datadog.api.client.v2.model.SecurityMonitoringStandardRulePayload;
+import com.datadog.api.client.v2.model.SecurityMonitoringStandardRuleQuery;
+import java.util.Arrays;
+import java.util.Collections;
+
+public class Example {
+  public static void main(String[] args) {
+    ApiClient defaultClient = ApiClient.getDefaultApiClient();
+    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);
+
+    SecurityMonitoringRuleValidatePayload body =
+        new SecurityMonitoringRuleValidatePayload(
+            new SecurityMonitoringStandardRulePayload()
+                .cases(
+                    Collections.singletonList(
+                        new SecurityMonitoringRuleCaseCreate()
+                            .name("")
+                            .status(SecurityMonitoringRuleSeverity.INFO)
+                            .condition("step_b > 0")))
+                .hasExtendedTitle(true)
+                .isEnabled(true)
+                .message("My security monitoring rule")
+                .name("My security monitoring rule")
+                .options(
+                    new SecurityMonitoringRuleOptions()
+                        .evaluationWindow(SecurityMonitoringRuleEvaluationWindow.ZERO_MINUTES)
+                        .keepAlive(SecurityMonitoringRuleKeepAlive.FIVE_MINUTES)
+                        .maxSignalDuration(SecurityMonitoringRuleMaxSignalDuration.TEN_MINUTES)
+                        .detectionMethod(SecurityMonitoringRuleDetectionMethod.SEQUENCE_DETECTION)
+                        .sequenceDetectionOptions(
+                            new SecurityMonitoringRuleSequenceDetectionOptions()
+                                .stepTransitions(
+                                    Collections.singletonList(
+                                        new SecurityMonitoringRuleSequenceDetectionStepTransition()
+                                            .child("step_b")
+                                            .evaluationWindow(
+                                                SecurityMonitoringRuleEvaluationWindow
+                                                    .FIFTEEN_MINUTES)
+                                            .parent("step_a")))
+                                .steps(
+                                    Arrays.asList(
+                                        new SecurityMonitoringRuleSequenceDetectionStep()
+                                            .condition("a > 0")
+                                            .evaluationWindow(
+                                                SecurityMonitoringRuleEvaluationWindow.ONE_MINUTE)
+                                            .name("step_a"),
+                                        new SecurityMonitoringRuleSequenceDetectionStep()
+                                            .condition("b > 0")
+                                            .evaluationWindow(
+                                                SecurityMonitoringRuleEvaluationWindow.ONE_MINUTE)
+                                            .name("step_b")))))
+                .queries(
+                    Arrays.asList(
+                        new SecurityMonitoringStandardRuleQuery()
+                            .query("source:source_here")
+                            .groupByFields(Collections.singletonList("@userIdentity.assumed_role"))
+                            .aggregation(SecurityMonitoringRuleQueryAggregation.COUNT)
+                            .name(""),
+                        new SecurityMonitoringStandardRuleQuery()
+                            .query("source:source_here2")
+                            .aggregation(SecurityMonitoringRuleQueryAggregation.COUNT)
+                            .name("")))
+                .tags(Arrays.asList("env:prod", "team:security"))
+                .type(SecurityMonitoringRuleTypeCreate.LOG_DETECTION));
+
+    try {
+      apiInstance.validateSecurityMonitoringRule(body);
+    } catch (ApiException e) {
+      System.err.println(
+          "Exception when calling SecurityMonitoringApi#validateSecurityMonitoringRule");
+      System.err.println("Status code: " + e.getCode());
+      System.err.println("Reason: " + e.getResponseBody());
+      System.err.println("Response headers: " + e.getResponseHeaders());
+      e.printStackTrace();
+    }
+  }
+}
@@ -24,6 +24,7 @@
   HistoricalJobOptions.JSON_PROPERTY_KEEP_ALIVE,
   HistoricalJobOptions.JSON_PROPERTY_MAX_SIGNAL_DURATION,
   HistoricalJobOptions.JSON_PROPERTY_NEW_VALUE_OPTIONS,
+  HistoricalJobOptions.JSON_PROPERTY_SEQUENCE_DETECTION_OPTIONS,
   HistoricalJobOptions.JSON_PROPERTY_THIRD_PARTY_RULE_OPTIONS
 })
 @jakarta.annotation.Generated(
@@ -48,6 +49,9 @@ public class HistoricalJobOptions {
   public static final String JSON_PROPERTY_NEW_VALUE_OPTIONS = "newValueOptions";
   private SecurityMonitoringRuleNewValueOptions newValueOptions;
 
+  public static final String JSON_PROPERTY_SEQUENCE_DETECTION_OPTIONS = "sequenceDetectionOptions";
+  private SecurityMonitoringRuleSequenceDetectionOptions sequenceDetectionOptions;
+
   public static final String JSON_PROPERTY_THIRD_PARTY_RULE_OPTIONS = "thirdPartyRuleOptions";
   private SecurityMonitoringRuleThirdPartyOptions thirdPartyRuleOptions;
 
@@ -205,6 +209,30 @@ public void setNewValueOptions(SecurityMonitoringRuleNewValueOptions newValueOpt
     this.newValueOptions = newValueOptions;
   }
 
+  public HistoricalJobOptions sequenceDetectionOptions(
+      SecurityMonitoringRuleSequenceDetectionOptions sequenceDetectionOptions) {
+    this.sequenceDetectionOptions = sequenceDetectionOptions;
+    this.unparsed |= sequenceDetectionOptions.unparsed;
+    return this;
+  }
+
+  /**
+   * Options on sequence detection method.
+   *
+   * @return sequenceDetectionOptions
+   */
+  @jakarta.annotation.Nullable
+  @JsonProperty(JSON_PROPERTY_SEQUENCE_DETECTION_OPTIONS)
+  @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS)
+  public SecurityMonitoringRuleSequenceDetectionOptions getSequenceDetectionOptions() {
+    return sequenceDetectionOptions;
+  }
+
+  public void setSequenceDetectionOptions(
+      SecurityMonitoringRuleSequenceDetectionOptions sequenceDetectionOptions) {
+    this.sequenceDetectionOptions = sequenceDetectionOptions;
+  }
+
   public HistoricalJobOptions thirdPartyRuleOptions(
       SecurityMonitoringRuleThirdPartyOptions thirdPartyRuleOptions) {
     this.thirdPartyRuleOptions = thirdPartyRuleOptions;
@@ -292,6 +320,8 @@ public boolean equals(Object o) {
         && Objects.equals(this.keepAlive, historicalJobOptions.keepAlive)
         && Objects.equals(this.maxSignalDuration, historicalJobOptions.maxSignalDuration)
         && Objects.equals(this.newValueOptions, historicalJobOptions.newValueOptions)
+        && Objects.equals(
+            this.sequenceDetectionOptions, historicalJobOptions.sequenceDetectionOptions)
         && Objects.equals(this.thirdPartyRuleOptions, historicalJobOptions.thirdPartyRuleOptions)
         && Objects.equals(this.additionalProperties, historicalJobOptions.additionalProperties);
   }
@@ -305,6 +335,7 @@ public int hashCode() {
         keepAlive,
         maxSignalDuration,
         newValueOptions,
+        sequenceDetectionOptions,
         thirdPartyRuleOptions,
         additionalProperties);
   }
@@ -321,6 +352,9 @@ public String toString() {
     sb.append("    keepAlive: ").append(toIndentedString(keepAlive)).append("\n");
     sb.append("    maxSignalDuration: ").append(toIndentedString(maxSignalDuration)).append("\n");
     sb.append("    newValueOptions: ").append(toIndentedString(newValueOptions)).append("\n");
+    sb.append("    sequenceDetectionOptions: ")
+        .append(toIndentedString(sequenceDetectionOptions))
+        .append("\n");
     sb.append("    thirdPartyRuleOptions: ")
         .append(toIndentedString(thirdPartyRuleOptions))
         .append("\n");
 
@@ -33,7 +33,8 @@ public class SecurityMonitoringRuleDetectionMethod extends ModelEnum<String> {
               "impossible_travel",
               "hardcoded",
               "third_party",
-              "anomaly_threshold"));
+              "anomaly_threshold",
+              "sequence_detection"));
 
   public static final SecurityMonitoringRuleDetectionMethod THRESHOLD =
       new SecurityMonitoringRuleDetectionMethod("threshold");
@@ -49,6 +50,8 @@ public class SecurityMonitoringRuleDetectionMethod extends ModelEnum<String> {
       new SecurityMonitoringRuleDetectionMethod("third_party");
   public static final SecurityMonitoringRuleDetectionMethod ANOMALY_THRESHOLD =
       new SecurityMonitoringRuleDetectionMethod("anomaly_threshold");
+  public static final SecurityMonitoringRuleDetectionMethod SEQUENCE_DETECTION =
+      new SecurityMonitoringRuleDetectionMethod("sequence_detection");
 
   SecurityMonitoringRuleDetectionMethod(String value) {
     super(value, allowedValues);