Regenerate client from commit 897b6dd of spec repo

Author: ci.datadog-api-spec

.generator/schemas/v2/openapi.yaml

@@ -44173,6 +44173,16 @@ components:
           items:
             type: string
           type: array
+        triage_state:
+          description: "Current triage state of the indicator: not_reviewed or reviewed."
+          type: string
+        triaged_at:
+          description: Timestamp when the indicator was last triaged.
+          format: date-time
+          type: string
+        triaged_by:
+          description: UUID of the user who last triaged the indicator.
+          type: string
       type: object
     IoCIndicatorDetailed:
       description: An indicator of compromise with extended context from your environment.
@@ -44291,6 +44301,21 @@ components:
           items:
             type: string
           type: array
+        triage_history:
+          description: Full triage history timeline. Returned only when `include_triage_history` is true.
+          items:
+            $ref: "#/components/schemas/IoCTriageEvent"
+          type: array
+        triage_state:
+          description: "Current triage state of the indicator: not_reviewed or reviewed."
+          type: string
+        triaged_at:
+          description: Timestamp when the indicator was last triaged.
+          format: date-time
+          type: string
+        triaged_by:
+          description: UUID of the user who last triaged the indicator.
+          type: string
         users:
           additionalProperties:
             description: List of user identifiers in this category.
@@ -44329,6 +44354,97 @@ components:
           description: Name of the threat intelligence source.
           type: string
       type: object
+    IoCTriageEvent:
+      description: A single entry in an indicator's triage history timeline.
+      properties:
+        triage_state:
+          description: "Triage state set by this action: not_reviewed or reviewed."
+          type: string
+        triaged_at:
+          description: Timestamp when this triage action occurred.
+          format: date-time
+          type: string
+        triaged_by:
+          description: UUID of the user who performed this triage action.
+          type: string
+      type: object
+    IoCTriageWriteRequest:
+      description: Request body for creating or updating an indicator triage state.
+      properties:
+        data:
+          $ref: "#/components/schemas/IoCTriageWriteRequestData"
+      required:
+        - data
+      type: object
+    IoCTriageWriteRequestAttributes:
+      description: Attributes for setting an indicator's triage state.
+      properties:
+        indicator:
+          description: The indicator value to triage (for example, an IP address or domain).
+          example: "192.0.2.1"
+          type: string
+        triage_state:
+          description: "The triage state to set: not_reviewed or reviewed."
+          example: reviewed
+          type: string
+      required:
+        - indicator
+        - triage_state
+      type: object
+    IoCTriageWriteRequestData:
+      description: Data object for the triage write request.
+      properties:
+        attributes:
+          $ref: "#/components/schemas/IoCTriageWriteRequestAttributes"
+        type:
+          default: ioc_triage_state
+          description: Triage state resource type.
+          example: ioc_triage_state
+          type: string
+      required:
+        - type
+        - attributes
+      type: object
+    IoCTriageWriteResponse:
+      description: Response for the create indicator triage state endpoint.
+      properties:
+        data:
+          $ref: "#/components/schemas/IoCTriageWriteResponseData"
+      type: object
+    IoCTriageWriteResponseAttributes:
+      description: Attributes of a created or updated triage state.
+      properties:
+        created_at:
+          description: Timestamp when the triage record was created.
+          format: date-time
+          type: string
+        indicator:
+          description: The indicator value that was triaged.
+          type: string
+        triage_state:
+          description: "The triage state that was set: not_reviewed or reviewed."
+          type: string
+        triaged_at:
+          description: Timestamp when the triage state was set.
+          format: date-time
+          type: string
+        triaged_by:
+          description: UUID of the user who set the triage state.
+          type: string
+      type: object
+    IoCTriageWriteResponseData:
+      description: Data object of the triage write response.
+      properties:
+        attributes:
+          $ref: "#/components/schemas/IoCTriageWriteResponseAttributes"
+        id:
+          description: Unique identifier for the triage state record.
+          type: string
+        type:
+          default: ioc_triage_state
+          description: Triage state resource type.
+          type: string
+      type: object
     Issue:
       description: The issue matching the request.
       properties:
@@ -158508,6 +158624,25 @@ paths:
           schema:
             default: desc
             type: string
+        - description: When true, return only OCSF field-based matches. When false, return regex/message-based matches.
+          in: query
+          name: ocsf
+          required: false
+          schema:
+            default: true
+            type: boolean
+        - description: Filter indicators whose triage state was updated by a specific user UUID.
+          in: query
+          name: worked_by
+          required: false
+          schema:
+            type: string
+        - description: "Filter by triage state: not_reviewed or reviewed."
+          in: query
+          name: triage_state
+          required: false
+          schema:
+            type: string
       responses:
         "200":
           content:
@@ -158559,6 +158694,38 @@ paths:
           required: true
           schema:
             type: string
+        - description: When true, return only OCSF field-based matches. When false, return regex/message-based matches.
+          in: query
+          name: ocsf
+          required: false
+          schema:
+            default: true
+            type: boolean
+        - description: Include full triage history for the indicator.
+          in: query
+          name: include_triage_history
+          required: false
+          schema:
+            default: false
+            type: boolean
+        - description: Maximum number of triage history events returned. Only applied when `include_triage_history` is true.
+          in: query
+          name: triage_history_limit
+          required: false
+          schema:
+            default: 50
+            format: int32
+            maximum: 1000
+            minimum: 1
+            type: integer
+        - description: Pagination offset into the triage history. Only applied when `include_triage_history` is true.
+          in: query
+          name: triage_history_offset
+          required: false
+          schema:
+            default: 0
+            format: int32
+            type: integer
       responses:
         "200":
           content:
@@ -158596,6 +158763,62 @@ paths:
       x-unstable: |-
         **Note**: This endpoint is in beta and may be subject to changes.
         Please check the documentation regularly for updates.
+  /api/v2/security/siem/ioc-explorer/triage:
+    post:
+      description: |-
+        Set the triage state of an indicator of compromise (IoC). This creates or
+        updates the triage state for the indicator in your organization.
+      operationId: CreateIoCTriageState
+      requestBody:
+        content:
+          "application/json":
+            examples:
+              default:
+                value:
+                  data:
+                    attributes:
+                      indicator: "192.0.2.1"
+                      triage_state: reviewed
+                    type: ioc_triage_state
+            schema:
+              $ref: "#/components/schemas/IoCTriageWriteRequest"
+        description: The triage state to set for the indicator.
+        required: true
+      responses:
+        "201":
+          content:
+            "application/json":
+              examples:
+                default:
+                  value:
+                    data:
+                      attributes:
+                        created_at: "2026-06-04T12:00:00Z"
+                        indicator: "192.0.2.1"
+                        triage_state: reviewed
+                        triaged_at: "2026-06-04T12:00:00Z"
+                        triaged_by: 11111111-2222-3333-4444-555555555555
+                      id: abc-123
+                      type: ioc_triage_state
+              schema:
+                $ref: "#/components/schemas/IoCTriageWriteResponse"
+          description: Created
+        "400":
+          $ref: "#/components/responses/BadRequestResponse"
+        "403":
+          $ref: "#/components/responses/NotAuthorizedResponse"
+        "429":
+          $ref: "#/components/responses/TooManyRequestsResponse"
+      security:
+        - apiKeyAuth: []
+          appKeyAuth: []
+        - AuthZ:
+            - security_monitoring_signals_write
+      summary: Create or update an indicator triage state
+      tags: ["Security Monitoring"]
+      x-unstable: |-
+        **Note**: This endpoint is in beta and may be subject to changes.
+        Please check the documentation regularly for updates.
   /api/v2/security/signals/notification_rules:
     get:
       description: Returns the list of notification rules for security signals.

docs/datadog_api_client.v2.model.rst

@@ -18169,6 +18169,55 @@ datadog\_api\_client.v2.model.io\_c\_source module
    :members:
    :show-inheritance:
 
+datadog\_api\_client.v2.model.io\_c\_triage\_event module
+---------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.io_c_triage_event
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.io\_c\_triage\_write\_request module
+------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.io_c_triage_write_request
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.io\_c\_triage\_write\_request\_attributes module
+------------------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.io_c_triage_write_request_attributes
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.io\_c\_triage\_write\_request\_data module
+------------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.io_c_triage_write_request_data
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.io\_c\_triage\_write\_response module
+-------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.io_c_triage_write_response
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.io\_c\_triage\_write\_response\_attributes module
+-------------------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.io_c_triage_write_response_attributes
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.io\_c\_triage\_write\_response\_data module
+-------------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.io_c_triage_write_response_data
+   :members:
+   :show-inheritance:
+
 datadog\_api\_client.v2.model.ios\_sourcemap\_attributes module
 ---------------------------------------------------------------
 

examples/v2/security-monitoring/CreateIoCTriageState.py

@@ -0,0 +1,27 @@
+"""
+Create or update an indicator triage state returns "Created" response
+"""
+
+from datadog_api_client import ApiClient, Configuration
+from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
+from datadog_api_client.v2.model.io_c_triage_write_request import IoCTriageWriteRequest
+from datadog_api_client.v2.model.io_c_triage_write_request_attributes import IoCTriageWriteRequestAttributes
+from datadog_api_client.v2.model.io_c_triage_write_request_data import IoCTriageWriteRequestData
+
+body = IoCTriageWriteRequest(
+    data=IoCTriageWriteRequestData(
+        attributes=IoCTriageWriteRequestAttributes(
+            indicator="192.0.2.1",
+            triage_state="reviewed",
+        ),
+        type="ioc_triage_state",
+    ),
+)
+
+configuration = Configuration()
+configuration.unstable_operations["create_io_c_triage_state"] = True
+with ApiClient(configuration) as api_client:
+    api_instance = SecurityMonitoringApi(api_client)
+    response = api_instance.create_io_c_triage_state(body=body)
+
+    print(response)

examples/v2/security-monitoring/GetIndicatorOfCompromise.py

@@ -10,7 +10,8 @@
 with ApiClient(configuration) as api_client:
     api_instance = SecurityMonitoringApi(api_client)
     response = api_instance.get_indicator_of_compromise(
-        indicator="masscan/1.3 (https://github.com/robertdavidgraham/masscan)",
+        indicator="192.0.2.1",
+        include_triage_history=True,
     )
 
     print(response)

src/datadog_api_client/configuration.py

@@ -394,6 +394,7 @@ def __init__(
                 "v2.cancel_historical_job": False,
                 "v2.convert_job_result_to_signal": False,
                 "v2.convert_security_monitoring_terraform_resource": False,
+                "v2.create_io_c_triage_state": False,
                 "v2.create_sample_log_generation_subscription": False,
                 "v2.create_security_monitoring_dataset": False,
                 "v2.create_security_monitoring_integration_config": False,