diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml
index 75755ab7e79..0686c00df08 100644
--- a/.generator/schemas/v2/openapi.yaml
+++ b/.generator/schemas/v2/openapi.yaml
@@ -61254,19 +61254,23 @@ components:
- DONE
- TIMEOUT
SecurityMonitoringContentPackActivation:
- description: The activation status of a content pack
+ description: The activation status of a content pack.
enum:
- never_activated
- activated
- deactivated
example: activated
type: string
+ x-enum-descriptions:
+ - Pack has never been activated for this organization.
+ - Pack is currently activated.
+ - Pack was previously activated but has since been deactivated.
x-enum-varnames:
- NEVER_ACTIVATED
- ACTIVATED
- DEACTIVATED
SecurityMonitoringContentPackIntegrationStatus:
- description: The installation status of the related integration
+ description: The installation status of the related integration.
enum:
- installed
- available
@@ -61275,6 +61279,12 @@ components:
- error
example: installed
type: string
+ x-enum-descriptions:
+ - Integration is fully installed.
+ - Integration exists in the catalog but is not installed.
+ - Integration is only partially configured.
+ - Integration detected (for example, logs are flowing) but not explicitly installed.
+ - Integration is in an error state.
x-enum-varnames:
- INSTALLED
- AVAILABLE
@@ -61291,7 +61301,9 @@ components:
cp_activation:
$ref: "#/components/schemas/SecurityMonitoringContentPackActivation"
filters_configured_for_logs:
- description: Whether filters (Security Filters or Index Query depending on the pricing model) are configured for logs
+ description: |-
+ Whether filters (Security Filters or Index Query depending on the pricing model) are
+ present and correctly configured to route logs into Cloud SIEM.
example: true
type: boolean
integration_installed_status:
@@ -61299,7 +61311,7 @@ components:
logs_last_collected:
$ref: "#/components/schemas/SecurityMonitoringContentPackTimestampBucket"
logs_seen_from_any_index:
- description: Whether logs have been seen from any index
+ description: Whether logs for this content pack have been seen in any Datadog index within the last 72 hours.
example: true
type: boolean
state:
@@ -61364,7 +61376,7 @@ components:
- meta
type: object
SecurityMonitoringContentPackStatus:
- description: The current status of a content pack
+ description: The current operational status of a content pack.
enum:
- install
- activate
@@ -61374,6 +61386,13 @@ components:
- broken
example: active
type: string
+ x-enum-descriptions:
+ - Not activated; no logs detected in the last 72 hours.
+ - Not activated; logs are flowing into a Datadog index but not yet routed through Cloud SIEM.
+ - Activated; awaiting first log ingestion.
+ - Activated; logs received within the last 24 hours.
+ - Activated; integration not installed or logs last seen 24 to 72 hours ago.
+ - Activated; no logs for over 72 hours, filter missing, or Cloud SIEM index incorrectly ordered.
x-enum-varnames:
- INSTALL
- ACTIVATE
@@ -61382,7 +61401,7 @@ components:
- WARNING
- BROKEN
SecurityMonitoringContentPackTimestampBucket:
- description: Timestamp bucket indicating when logs were last collected
+ description: Timestamp bucket indicating when logs were last collected.
enum:
- not_seen
- within_24_hours
@@ -61391,6 +61410,12 @@ components:
- over_30d
example: within_24_hours
type: string
+ x-enum-descriptions:
+ - No logs observed.
+ - Logs received within the last 24 hours.
+ - Logs last seen 24 to 72 hours ago.
+ - Logs last seen 3 to 30 days ago.
+ - Logs last seen more than 30 days ago.
x-enum-varnames:
- NOT_SEEN
- WITHIN_24_HOURS
@@ -62481,7 +62506,7 @@ components:
- $ref: "#/components/schemas/SecurityMonitoringSignalRulePayload"
- $ref: "#/components/schemas/CloudConfigurationRulePayload"
SecurityMonitoringSKU:
- description: The SIEM pricing model (SKU) for the organization
+ description: The Cloud SIEM pricing model (SKU) for the organization.
enum:
- per_gb_analyzed
- per_event_in_siem_index_2023
@@ -112316,10 +112341,7 @@ paths:
- Security Monitoring
/api/v2/security_monitoring/content_packs/states:
get:
- description: |-
- Get the activation and configuration states for all security monitoring content packs.
- This endpoint returns status information about each content pack including activation state,
- integration status, and log collection status.
+ description: Get the activation state, integration status, and log collection status for all Cloud SIEM content packs.
operationId: GetContentPacksStates
responses:
"200":
@@ -112342,21 +112364,31 @@ paths:
description: Not Found
"429":
$ref: "#/components/responses/TooManyRequestsResponse"
+ security:
+ - apiKeyAuth: []
+ appKeyAuth: []
+ - AuthZ:
+ - security_monitoring_filters_read
summary: Get content pack states
tags:
- Security Monitoring
+ "x-permission":
+ operator: OR
+ permissions:
+ - security_monitoring_filters_read
+ - logs_read_index_data
x-unstable: |-
**Note**: This endpoint is in preview and is subject to change.
If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
/api/v2/security_monitoring/content_packs/{content_pack_id}/activate:
put:
description: |-
- Activate a security monitoring content pack. This operation configures the necessary
+ Activate a Cloud SIEM content pack. This operation configures the necessary
log filters or security filters depending on the pricing model and updates the content
pack activation state.
operationId: ActivateContentPack
parameters:
- - description: The ID of the content pack to activate.
+ - description: The ID of the content pack to activate (for example, `aws-cloudtrail`).
in: path
name: content_pack_id
required: true
@@ -112380,20 +112412,30 @@ paths:
description: Not Found
"429":
$ref: "#/components/responses/TooManyRequestsResponse"
+ security:
+ - apiKeyAuth: []
+ appKeyAuth: []
+ - AuthZ:
+ - security_monitoring_filters_write
summary: Activate content pack
tags:
- Security Monitoring
+ "x-permission":
+ operator: OR
+ permissions:
+ - security_monitoring_filters_write
+ - logs_modify_indexes
x-unstable: |-
**Note**: This endpoint is in preview and is subject to change.
If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
/api/v2/security_monitoring/content_packs/{content_pack_id}/deactivate:
put:
description: |-
- Deactivate a security monitoring content pack. This operation removes the content pack's
+ Deactivate a Cloud SIEM content pack. This operation removes the content pack's
configuration from log filters or security filters and updates the content pack activation state.
operationId: DeactivateContentPack
parameters:
- - description: The ID of the content pack to deactivate.
+ - description: The ID of the content pack to deactivate (for example, `aws-cloudtrail`).
in: path
name: content_pack_id
required: true
@@ -112417,9 +112459,19 @@ paths:
description: Not Found
"429":
$ref: "#/components/responses/TooManyRequestsResponse"
+ security:
+ - apiKeyAuth: []
+ appKeyAuth: []
+ - AuthZ:
+ - security_monitoring_filters_write
summary: Deactivate content pack
tags:
- Security Monitoring
+ "x-permission":
+ operator: OR
+ permissions:
+ - security_monitoring_filters_write
+ - logs_modify_indexes
x-unstable: |-
**Note**: This endpoint is in preview and is subject to change.
If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
diff --git a/src/main/java/com/datadog/api/client/v2/api/SecurityMonitoringApi.java b/src/main/java/com/datadog/api/client/v2/api/SecurityMonitoringApi.java
index f940565e4f8..2676ebb8939 100644
--- a/src/main/java/com/datadog/api/client/v2/api/SecurityMonitoringApi.java
+++ b/src/main/java/com/datadog/api/client/v2/api/SecurityMonitoringApi.java
@@ -150,7 +150,8 @@ public void setApiClient(ApiClient apiClient) {
*
* See {@link #activateContentPackWithHttpInfo}.
*
- * @param contentPackId The ID of the content pack to activate. (required)
+ * @param contentPackId The ID of the content pack to activate (for example, aws-cloudtrail
+ * ). (required)
* @throws ApiException if fails to make API call
*/
public void activateContentPack(String contentPackId) throws ApiException {
@@ -162,7 +163,8 @@ public void activateContentPack(String contentPackId) throws ApiException {
*
*
See {@link #activateContentPackWithHttpInfoAsync}.
*
- * @param contentPackId The ID of the content pack to activate. (required)
+ * @param contentPackId The ID of the content pack to activate (for example, aws-cloudtrail
+ * ). (required)
* @return CompletableFuture
*/
public CompletableFuture activateContentPackAsync(String contentPackId) {
@@ -174,11 +176,11 @@ public CompletableFuture activateContentPackAsync(String contentPackId) {
}
/**
- * Activate a security monitoring content pack. This operation configures the necessary log
- * filters or security filters depending on the pricing model and updates the content pack
- * activation state.
+ * Activate a Cloud SIEM content pack. This operation configures the necessary log filters or
+ * security filters depending on the pricing model and updates the content pack activation state.
*
- * @param contentPackId The ID of the content pack to activate. (required)
+ * @param contentPackId The ID of the content pack to activate (for example, aws-cloudtrail
+ * ). (required)
* @return ApiResponse<Void>
* @throws ApiException if fails to make API call
* @http.response.details
@@ -224,7 +226,7 @@ public ApiResponse activateContentPackWithHttpInfo(String contentPackId)
localVarHeaderParams,
new HashMap(),
new String[] {"*/*"},
- new String[] {"apiKeyAuth", "appKeyAuth"});
+ new String[] {"apiKeyAuth", "appKeyAuth", "AuthZ"});
return apiClient.invokeAPI(
"PUT",
builder,
@@ -241,7 +243,8 @@ public ApiResponse activateContentPackWithHttpInfo(String contentPackId)
*
* See {@link #activateContentPackWithHttpInfo}.
*
- * @param contentPackId The ID of the content pack to activate. (required)
+ * @param contentPackId The ID of the content pack to activate (for example, aws-cloudtrail
+ * ). (required)
* @return CompletableFuture<ApiResponse<Void>>
*/
public CompletableFuture> activateContentPackWithHttpInfoAsync(
@@ -286,7 +289,7 @@ public CompletableFuture> activateContentPackWithHttpInfoAsync
localVarHeaderParams,
new HashMap(),
new String[] {"*/*"},
- new String[] {"apiKeyAuth", "appKeyAuth"});
+ new String[] {"apiKeyAuth", "appKeyAuth", "AuthZ"});
} catch (ApiException ex) {
CompletableFuture> result = new CompletableFuture<>();
result.completeExceptionally(ex);
@@ -2882,7 +2885,8 @@ public ApiResponse createVulnerabilityNotificationRule
*
* See {@link #deactivateContentPackWithHttpInfo}.
*
- * @param contentPackId The ID of the content pack to deactivate. (required)
+ * @param contentPackId The ID of the content pack to deactivate (for example,
+ * aws-cloudtrail). (required)
* @throws ApiException if fails to make API call
*/
public void deactivateContentPack(String contentPackId) throws ApiException {
@@ -2894,7 +2898,8 @@ public void deactivateContentPack(String contentPackId) throws ApiException {
*
*
See {@link #deactivateContentPackWithHttpInfoAsync}.
*
- * @param contentPackId The ID of the content pack to deactivate. (required)
+ * @param contentPackId The ID of the content pack to deactivate (for example,
+ * aws-cloudtrail). (required)
* @return CompletableFuture
*/
public CompletableFuture deactivateContentPackAsync(String contentPackId) {
@@ -2906,11 +2911,11 @@ public CompletableFuture deactivateContentPackAsync(String contentPackId)
}
/**
- * Deactivate a security monitoring content pack. This operation removes the content pack's
- * configuration from log filters or security filters and updates the content pack activation
- * state.
+ * Deactivate a Cloud SIEM content pack. This operation removes the content pack's configuration
+ * from log filters or security filters and updates the content pack activation state.
*
- * @param contentPackId The ID of the content pack to deactivate. (required)
+ * @param contentPackId The ID of the content pack to deactivate (for example,
+ * aws-cloudtrail). (required)
* @return ApiResponse<Void>
* @throws ApiException if fails to make API call
* @http.response.details
@@ -2956,7 +2961,7 @@ public ApiResponse deactivateContentPackWithHttpInfo(String contentPackId)
localVarHeaderParams,
new HashMap(),
new String[] {"*/*"},
- new String[] {"apiKeyAuth", "appKeyAuth"});
+ new String[] {"apiKeyAuth", "appKeyAuth", "AuthZ"});
return apiClient.invokeAPI(
"PUT",
builder,
@@ -2973,7 +2978,8 @@ public ApiResponse deactivateContentPackWithHttpInfo(String contentPackId)
*
* See {@link #deactivateContentPackWithHttpInfo}.
*
- * @param contentPackId The ID of the content pack to deactivate. (required)
+ * @param contentPackId The ID of the content pack to deactivate (for example,
+ * aws-cloudtrail). (required)
* @return CompletableFuture<ApiResponse<Void>>
*/
public CompletableFuture> deactivateContentPackWithHttpInfoAsync(
@@ -3018,7 +3024,7 @@ public CompletableFuture> deactivateContentPackWithHttpInfoAsy
localVarHeaderParams,
new HashMap(),
new String[] {"*/*"},
- new String[] {"apiKeyAuth", "appKeyAuth"});
+ new String[] {"apiKeyAuth", "appKeyAuth", "AuthZ"});
} catch (ApiException ex) {
CompletableFuture> result = new CompletableFuture<>();
result.completeExceptionally(ex);
@@ -4853,9 +4859,8 @@ public SecurityMonitoringContentPackStatesResponse getContentPacksStates() throw
}
/**
- * Get the activation and configuration states for all security monitoring content packs. This
- * endpoint returns status information about each content pack including activation state,
- * integration status, and log collection status.
+ * Get the activation state, integration status, and log collection status for all Cloud SIEM
+ * content packs.
*
* @return ApiResponse<SecurityMonitoringContentPackStatesResponse>
* @throws ApiException if fails to make API call
@@ -4892,7 +4897,7 @@ public SecurityMonitoringContentPackStatesResponse getContentPacksStates() throw
localVarHeaderParams,
new HashMap(),
new String[] {"application/json"},
- new String[] {"apiKeyAuth", "appKeyAuth"});
+ new String[] {"apiKeyAuth", "appKeyAuth", "AuthZ"});
return apiClient.invokeAPI(
"GET",
builder,
@@ -4940,7 +4945,7 @@ public SecurityMonitoringContentPackStatesResponse getContentPacksStates() throw
localVarHeaderParams,
new HashMap(),
new String[] {"application/json"},
- new String[] {"apiKeyAuth", "appKeyAuth"});
+ new String[] {"apiKeyAuth", "appKeyAuth", "AuthZ"});
} catch (ApiException ex) {
CompletableFuture> result =
new CompletableFuture<>();
diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringContentPackActivation.java b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringContentPackActivation.java
index 2d3c0328e92..884450111ad 100644
--- a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringContentPackActivation.java
+++ b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringContentPackActivation.java
@@ -18,7 +18,7 @@
import java.util.HashSet;
import java.util.Set;
-/** The activation status of a content pack */
+/** The activation status of a content pack. */
@JsonSerialize(
using =
SecurityMonitoringContentPackActivation.SecurityMonitoringContentPackActivationSerializer
diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringContentPackIntegrationStatus.java b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringContentPackIntegrationStatus.java
index 93f8867efee..0ab15e018e1 100644
--- a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringContentPackIntegrationStatus.java
+++ b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringContentPackIntegrationStatus.java
@@ -18,7 +18,7 @@
import java.util.HashSet;
import java.util.Set;
-/** The installation status of the related integration */
+/** The installation status of the related integration. */
@JsonSerialize(
using =
SecurityMonitoringContentPackIntegrationStatus
diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringContentPackStateAttributes.java b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringContentPackStateAttributes.java
index c7a04b18143..0754dc5cf31 100644
--- a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringContentPackStateAttributes.java
+++ b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringContentPackStateAttributes.java
@@ -112,7 +112,7 @@ public SecurityMonitoringContentPackStateAttributes cpActivation(
}
/**
- * The activation status of a content pack
+ * The activation status of a content pack.
*
* @return cpActivation
*/
@@ -136,8 +136,8 @@ public SecurityMonitoringContentPackStateAttributes filtersConfiguredForLogs(
}
/**
- * Whether filters (Security Filters or Index Query depending on the pricing model) are configured
- * for logs
+ * Whether filters (Security Filters or Index Query depending on the pricing model) are present
+ * and correctly configured to route logs into Cloud SIEM.
*
* @return filtersConfiguredForLogs
*/
@@ -159,7 +159,7 @@ public SecurityMonitoringContentPackStateAttributes integrationInstalledStatus(
}
/**
- * The installation status of the related integration
+ * The installation status of the related integration.
*
* @return integrationInstalledStatus
*/
@@ -186,7 +186,7 @@ public SecurityMonitoringContentPackStateAttributes logsLastCollected(
}
/**
- * Timestamp bucket indicating when logs were last collected
+ * Timestamp bucket indicating when logs were last collected.
*
* @return logsLastCollected
*/
@@ -210,7 +210,8 @@ public SecurityMonitoringContentPackStateAttributes logsSeenFromAnyIndex(
}
/**
- * Whether logs have been seen from any index
+ * Whether logs for this content pack have been seen in any Datadog index within the last 72
+ * hours.
*
* @return logsSeenFromAnyIndex
*/
@@ -232,7 +233,7 @@ public SecurityMonitoringContentPackStateAttributes state(
}
/**
- * The current status of a content pack
+ * The current operational status of a content pack.
*
* @return state
*/
diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringContentPackStateMeta.java b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringContentPackStateMeta.java
index fc23f9a2738..4cd929eb0ae 100644
--- a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringContentPackStateMeta.java
+++ b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringContentPackStateMeta.java
@@ -73,7 +73,7 @@ public SecurityMonitoringContentPackStateMeta sku(SecurityMonitoringSKU sku) {
}
/**
- * The SIEM pricing model (SKU) for the organization
+ * The Cloud SIEM pricing model (SKU) for the organization.
*
* @return sku
*/
diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringContentPackStatus.java b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringContentPackStatus.java
index 953111c0ad1..9be02f125b9 100644
--- a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringContentPackStatus.java
+++ b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringContentPackStatus.java
@@ -18,7 +18,7 @@
import java.util.HashSet;
import java.util.Set;
-/** The current status of a content pack */
+/** The current operational status of a content pack. */
@JsonSerialize(
using = SecurityMonitoringContentPackStatus.SecurityMonitoringContentPackStatusSerializer.class)
public class SecurityMonitoringContentPackStatus extends ModelEnum {
diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringContentPackTimestampBucket.java b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringContentPackTimestampBucket.java
index 065c1f05ab3..9b3e9e74802 100644
--- a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringContentPackTimestampBucket.java
+++ b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringContentPackTimestampBucket.java
@@ -18,7 +18,7 @@
import java.util.HashSet;
import java.util.Set;
-/** Timestamp bucket indicating when logs were last collected */
+/** Timestamp bucket indicating when logs were last collected. */
@JsonSerialize(
using =
SecurityMonitoringContentPackTimestampBucket
diff --git a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringSKU.java b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringSKU.java
index ecef96592f0..fb7e65e4225 100644
--- a/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringSKU.java
+++ b/src/main/java/com/datadog/api/client/v2/model/SecurityMonitoringSKU.java
@@ -18,7 +18,7 @@
import java.util.HashSet;
import java.util.Set;
-/** The SIEM pricing model (SKU) for the organization */
+/** The Cloud SIEM pricing model (SKU) for the organization. */
@JsonSerialize(using = SecurityMonitoringSKU.SecurityMonitoringSKUSerializer.class)
public class SecurityMonitoringSKU extends ModelEnum {