DataDog
diff --git a/‎.generator/schemas/v1/openapi.yaml‎
Lines changed: 3 additions & 0 deletions b/‎.generator/schemas/v1/openapi.yaml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.generator/schemas/v2/openapi.yaml‎
Lines changed: 17 additions & 68 deletions b/‎.generator/schemas/v2/openapi.yaml‎
Lines changed: 17 additions & 68 deletions
diff --git a/‎lib/datadog_api_client/configuration.rb‎
Lines changed: 10 additions & 5 deletions b/‎lib/datadog_api_client/configuration.rb‎
Lines changed: 10 additions & 5 deletions
diff --git a/‎lib/datadog_api_client/v2/api/security_monitoring_api.rb‎
Lines changed: 10 additions & 9 deletions b/‎lib/datadog_api_client/v2/api/security_monitoring_api.rb‎
Lines changed: 10 additions & 9 deletions
diff --git a/‎lib/datadog_api_client/v2/models/security_monitoring_content_pack_activation.rb‎
Lines changed: 1 addition & 1 deletion b/‎lib/datadog_api_client/v2/models/security_monitoring_content_pack_activation.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/datadog_api_client/v2/models/security_monitoring_content_pack_integration_status.rb‎
Lines changed: 1 addition & 1 deletion b/‎lib/datadog_api_client/v2/models/security_monitoring_content_pack_integration_status.rb‎
Lines changed: 1 addition & 1 deletion
@@ -26513,6 +26513,7 @@ paths:
                 - ap2.datadoghq.com
                 - datadoghq.eu
                 - ddog-gov.com
+                - us2.fed.dog
             subdomain:
               default: ip-ranges
               description: The subdomain where the API is deployed.
@@ -39887,6 +39888,7 @@ paths:
                 - ap2.datadoghq.com
                 - datadoghq.eu
                 - ddog-gov.com
+                - us2.fed.dog
             subdomain:
               default: http-intake.logs
               description: The subdomain where the API is deployed.
@@ -39927,6 +39929,7 @@ servers:
           - ap2.datadoghq.com
           - datadoghq.eu
           - ddog-gov.com
+          - us2.fed.dog
       subdomain:
         default: api
         description: The subdomain where the API is deployed.
 
@@ -62654,23 +62654,19 @@ components:
         - DONE
         - TIMEOUT
     SecurityMonitoringContentPackActivation:
-      description: The activation status of a content pack.
+      description: The activation status of a content pack
       enum:
         - never_activated
         - activated
         - deactivated
       example: activated
       type: string
-      x-enum-descriptions:
-        - Pack has never been activated for this organization.
-        - Pack is currently activated.
-        - Pack was previously activated but has since been deactivated.
       x-enum-varnames:
         - NEVER_ACTIVATED
         - ACTIVATED
         - DEACTIVATED
     SecurityMonitoringContentPackIntegrationStatus:
-      description: The installation status of the related integration.
+      description: The installation status of the related integration
       enum:
         - installed
         - available
@@ -62679,12 +62675,6 @@ components:
         - error
       example: installed
       type: string
-      x-enum-descriptions:
-        - Integration is fully installed.
-        - Integration exists in the catalog but is not installed.
-        - Integration is only partially configured.
-        - Integration detected (for example, logs are flowing) but not explicitly installed.
-        - Integration is in an error state.
       x-enum-varnames:
         - INSTALLED
         - AVAILABLE
@@ -62701,17 +62691,15 @@ components:
         cp_activation:
           $ref: "#/components/schemas/SecurityMonitoringContentPackActivation"
         filters_configured_for_logs:
-          description: |-
-            Whether filters (Security Filters or Index Query depending on the pricing model) are
-            present and correctly configured to route logs into Cloud SIEM.
+          description: Whether filters (Security Filters or Index Query depending on the pricing model) are configured for logs
           example: true
           type: boolean
         integration_installed_status:
           $ref: "#/components/schemas/SecurityMonitoringContentPackIntegrationStatus"
         logs_last_collected:
           $ref: "#/components/schemas/SecurityMonitoringContentPackTimestampBucket"
         logs_seen_from_any_index:
-          description: Whether logs for this content pack have been seen in any Datadog index within the last 72 hours.
+          description: Whether logs have been seen from any index
           example: true
           type: boolean
         state:
@@ -62776,7 +62764,7 @@ components:
         - meta
       type: object
     SecurityMonitoringContentPackStatus:
-      description: The current operational status of a content pack.
+      description: The current status of a content pack
       enum:
         - install
         - activate
@@ -62786,13 +62774,6 @@ components:
         - broken
       example: active
       type: string
-      x-enum-descriptions:
-        - Not activated; no logs detected in the last 72 hours.
-        - Not activated; logs are flowing into a Datadog index but not yet routed through Cloud SIEM.
-        - Activated; awaiting first log ingestion.
-        - Activated; logs received within the last 24 hours.
-        - Activated; integration not installed or logs last seen 24 to 72 hours ago.
-        - Activated; no logs for over 72 hours, filter missing, or Cloud SIEM index incorrectly ordered.
       x-enum-varnames:
         - INSTALL
         - ACTIVATE
@@ -62801,7 +62782,7 @@ components:
         - WARNING
         - BROKEN
     SecurityMonitoringContentPackTimestampBucket:
-      description: Timestamp bucket indicating when logs were last collected.
+      description: Timestamp bucket indicating when logs were last collected
       enum:
         - not_seen
         - within_24_hours
@@ -62810,12 +62791,6 @@ components:
         - over_30d
       example: within_24_hours
       type: string
-      x-enum-descriptions:
-        - No logs observed.
-        - Logs received within the last 24 hours.
-        - Logs last seen 24 to 72 hours ago.
-        - Logs last seen 3 to 30 days ago.
-        - Logs last seen more than 30 days ago.
       x-enum-varnames:
         - NOT_SEEN
         - WITHIN_24_HOURS
@@ -63906,7 +63881,7 @@ components:
         - $ref: "#/components/schemas/SecurityMonitoringSignalRulePayload"
         - $ref: "#/components/schemas/CloudConfigurationRulePayload"
     SecurityMonitoringSKU:
-      description: The Cloud SIEM pricing model (SKU) for the organization.
+      description: The SIEM pricing model (SKU) for the organization
       enum:
         - per_gb_analyzed
         - per_event_in_siem_index_2023
@@ -93370,6 +93345,7 @@ paths:
                 - ap2.datadoghq.com
                 - datadoghq.eu
                 - ddog-gov.com
+                - us2.fed.dog
             subdomain:
               default: event-management-intake
               description: The subdomain where the API is deployed.
@@ -102542,6 +102518,7 @@ paths:
                 - ap2.datadoghq.com
                 - datadoghq.eu
                 - ddog-gov.com
+                - us2.fed.dog
             subdomain:
               default: http-intake.logs
               description: The subdomain where the API is deployed.
@@ -118729,8 +118706,9 @@ paths:
   /api/v2/security_monitoring/content_packs/states:
     get:
       description: |-
-        Get the activation state, integration status, and log collection status
-        for all Cloud SIEM content packs.
+        Get the activation and configuration states for all security monitoring content packs.
+        This endpoint returns status information about each content pack including activation state,
+        integration status, and log collection status.
       operationId: GetContentPacksStates
       responses:
         "200":
@@ -118753,31 +118731,21 @@ paths:
           description: Not Found
         "429":
           $ref: "#/components/responses/TooManyRequestsResponse"
-      security:
-        - apiKeyAuth: []
-          appKeyAuth: []
-        - AuthZ:
-            - security_monitoring_filters_read
       summary: Get content pack states
       tags:
         - Security Monitoring
-      "x-permission":
-        operator: OR
-        permissions:
-          - security_monitoring_filters_read
-          - logs_read_index_data
       x-unstable: |-
         **Note**: This endpoint is in preview and is subject to change.
         If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
   /api/v2/security_monitoring/content_packs/{content_pack_id}/activate:
     put:
       description: |-
-        Activate a Cloud SIEM content pack. This operation configures the necessary
+        Activate a security monitoring content pack. This operation configures the necessary
         log filters or security filters depending on the pricing model and updates the content
         pack activation state.
       operationId: ActivateContentPack
       parameters:
-        - description: The ID of the content pack to activate (for example, `aws-cloudtrail`).
+        - description: The ID of the content pack to activate.
           in: path
           name: content_pack_id
           required: true
@@ -118801,30 +118769,20 @@ paths:
           description: Not Found
         "429":
           $ref: "#/components/responses/TooManyRequestsResponse"
-      security:
-        - apiKeyAuth: []
-          appKeyAuth: []
-        - AuthZ:
-            - security_monitoring_filters_write
       summary: Activate content pack
       tags:
         - Security Monitoring
-      "x-permission":
-        operator: OR
-        permissions:
-          - security_monitoring_filters_write
-          - logs_modify_indexes
       x-unstable: |-
         **Note**: This endpoint is in preview and is subject to change.
         If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
   /api/v2/security_monitoring/content_packs/{content_pack_id}/deactivate:
     put:
       description: |-
-        Deactivate a Cloud SIEM content pack. This operation removes the content pack's
+        Deactivate a security monitoring content pack. This operation removes the content pack's
         configuration from log filters or security filters and updates the content pack activation state.
       operationId: DeactivateContentPack
       parameters:
-        - description: The ID of the content pack to deactivate (for example, `aws-cloudtrail`).
+        - description: The ID of the content pack to deactivate.
           in: path
           name: content_pack_id
           required: true
@@ -118848,19 +118806,9 @@ paths:
           description: Not Found
         "429":
           $ref: "#/components/responses/TooManyRequestsResponse"
-      security:
-        - apiKeyAuth: []
-          appKeyAuth: []
-        - AuthZ:
-            - security_monitoring_filters_write
       summary: Deactivate content pack
       tags:
         - Security Monitoring
-      "x-permission":
-        operator: OR
-        permissions:
-          - security_monitoring_filters_write
-          - logs_modify_indexes
       x-unstable: |-
         **Note**: This endpoint is in preview and is subject to change.
         If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
@@ -129839,6 +129787,7 @@ servers:
           - ap2.datadoghq.com
           - datadoghq.eu
           - ddog-gov.com
+          - us2.fed.dog
       subdomain:
         default: api
         description: The subdomain where the API is deployed.
 
@@ -586,7 +586,8 @@ def server_settings
                 "ap1.datadoghq.com",
                 "ap2.datadoghq.com",
                 "datadoghq.eu",
-                "ddog-gov.com"
+                "ddog-gov.com",
+                "us2.fed.dog"
               ]
             },
             subdomain: {
@@ -643,7 +644,8 @@ def operation_server_settings
                   "ap1.datadoghq.com",
                   "ap2.datadoghq.com",
                   "datadoghq.eu",
-                  "ddog-gov.com"
+                  "ddog-gov.com",
+                  "us2.fed.dog"
                 ]
               },
               subdomain: {
@@ -692,7 +694,8 @@ def operation_server_settings
                   "ap1.datadoghq.com",
                   "ap2.datadoghq.com",
                   "datadoghq.eu",
-                  "ddog-gov.com"
+                  "ddog-gov.com",
+                  "us2.fed.dog"
                 ]
               },
               subdomain: {
@@ -745,7 +748,8 @@ def operation_server_settings
                   "ap1.datadoghq.com",
                   "ap2.datadoghq.com",
                   "datadoghq.eu",
-                  "ddog-gov.com"
+                  "ddog-gov.com",
+                  "us2.fed.dog"
                 ]
               },
               subdomain: {
@@ -798,7 +802,8 @@ def operation_server_settings
                   "ap1.datadoghq.com",
                   "ap2.datadoghq.com",
                   "datadoghq.eu",
-                  "ddog-gov.com"
+                  "ddog-gov.com",
+                  "us2.fed.dog"
                 ]
               },
               subdomain: {
 
@@ -33,11 +33,11 @@ def activate_content_pack(content_pack_id, opts = {})
 
     # Activate content pack.
     #
-    # Activate a Cloud SIEM content pack. This operation configures the necessary
+    # Activate a security monitoring content pack. This operation configures the necessary
     # log filters or security filters depending on the pricing model and updates the content
     # pack activation state.
     #
-    # @param content_pack_id [String] The ID of the content pack to activate (for example, `aws-cloudtrail`).
+    # @param content_pack_id [String] The ID of the content pack to activate.
     # @param opts [Hash] the optional parameters
     # @return [Array<(nil, Integer, Hash)>] nil, response status code and response headers
     def activate_content_pack_with_http_info(content_pack_id, opts = {})
@@ -76,7 +76,7 @@ def activate_content_pack_with_http_info(content_pack_id, opts = {})
       return_type = opts[:debug_return_type]
 
       # auth_names
-      auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth, :AuthZ]
+      auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth]
 
       new_options = opts.merge(
         :operation => :activate_content_pack,
@@ -1587,10 +1587,10 @@ def deactivate_content_pack(content_pack_id, opts = {})
 
     # Deactivate content pack.
     #
-    # Deactivate a Cloud SIEM content pack. This operation removes the content pack's
+    # Deactivate a security monitoring content pack. This operation removes the content pack's
     # configuration from log filters or security filters and updates the content pack activation state.
     #
-    # @param content_pack_id [String] The ID of the content pack to deactivate (for example, `aws-cloudtrail`).
+    # @param content_pack_id [String] The ID of the content pack to deactivate.
     # @param opts [Hash] the optional parameters
     # @return [Array<(nil, Integer, Hash)>] nil, response status code and response headers
     def deactivate_content_pack_with_http_info(content_pack_id, opts = {})
@@ -1629,7 +1629,7 @@ def deactivate_content_pack_with_http_info(content_pack_id, opts = {})
       return_type = opts[:debug_return_type]
 
       # auth_names
-      auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth, :AuthZ]
+      auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth]
 
       new_options = opts.merge(
         :operation => :deactivate_content_pack,
@@ -2629,8 +2629,9 @@ def get_content_packs_states(opts = {})
 
     # Get content pack states.
     #
-    # Get the activation state, integration status, and log collection status
-    # for all Cloud SIEM content packs.
+    # Get the activation and configuration states for all security monitoring content packs.
+    # This endpoint returns status information about each content pack including activation state,
+    # integration status, and log collection status.
     #
     # @param opts [Hash] the optional parameters
     # @return [Array<(SecurityMonitoringContentPackStatesResponse, Integer, Hash)>] SecurityMonitoringContentPackStatesResponse data, response status code and response headers
@@ -2666,7 +2667,7 @@ def get_content_packs_states_with_http_info(opts = {})
       return_type = opts[:debug_return_type] || 'SecurityMonitoringContentPackStatesResponse'
 
       # auth_names
-      auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth, :AuthZ]
+      auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth]
 
       new_options = opts.merge(
         :operation => :get_content_packs_states,
 
@@ -17,7 +17,7 @@
 require 'time'
 
 module DatadogAPIClient::V2
-  # The activation status of a content pack.
+  # The activation status of a content pack
   class SecurityMonitoringContentPackActivation
     include BaseEnumModel
 
 
@@ -17,7 +17,7 @@
 require 'time'
 
 module DatadogAPIClient::V2
-  # The installation status of the related integration.
+  # The installation status of the related integration
   class SecurityMonitoringContentPackIntegrationStatus
     include BaseEnumModel