Document signals triage update endpoints

.generator/schemas/v2/openapi.yaml

@@ -64574,6 +64574,38 @@ components:
       type: string
       x-enum-varnames:
         - SIGNAL
+    SecurityMonitoringSignalUpdateAttributes:
+      description: Attributes for updating the triage state or assignee of a security signal.
+      properties:
+        archive_comment:
+          $ref: "#/components/schemas/SecurityMonitoringSignalArchiveComment"
+        archive_reason:
+          $ref: "#/components/schemas/SecurityMonitoringSignalArchiveReason"
+        assignee:
+          $ref: "#/components/schemas/SecurityMonitoringTriageUser"
+        state:
+          $ref: "#/components/schemas/SecurityMonitoringSignalState"
+        version:
+          $ref: "#/components/schemas/SecurityMonitoringSignalVersion"
+      type: object
+    SecurityMonitoringSignalUpdateData:
+      description: Data containing the triage state or assignee update for a security signal.
+      properties:
+        attributes:
+          $ref: "#/components/schemas/SecurityMonitoringSignalUpdateAttributes"
+        type:
+          $ref: "#/components/schemas/SecurityMonitoringSignalMetadataType"
+      required:
+        - attributes
+      type: object
+    SecurityMonitoringSignalUpdateRequest:
+      description: Request body for updating the triage state or assignee of a security signal.
+      properties:
+        data:
+          $ref: "#/components/schemas/SecurityMonitoringSignalUpdateData"
+      required:
+        - data
+      type: object
     SecurityMonitoringSignalVersion:
       description: Version of the updated signal. If server side version is higher, update will be rejected.
       format: int64
@@ -64727,6 +64759,33 @@ components:
         - count
         - events
       type: object
+    SecurityMonitoringSignalsBulkUpdateData:
+      description: Data for updating a single security signal in a bulk update operation.
+      properties:
+        attributes:
+          $ref: "#/components/schemas/SecurityMonitoringSignalUpdateAttributes"
+        id:
+          description: The unique ID of the security signal.
+          example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA
+          type: string
+        type:
+          $ref: "#/components/schemas/SecurityMonitoringSignalType"
+      required:
+        - id
+        - attributes
+      type: object
+    SecurityMonitoringSignalsBulkUpdateRequest:
+      description: Request body for updating multiple attributes of multiple security signals.
+      properties:
+        data:
+          description: An array of signal updates.
+          items:
+            $ref: "#/components/schemas/SecurityMonitoringSignalsBulkUpdateData"
+          maxItems: 199
+          type: array
+      required:
+        - data
+      type: object
     SecurityMonitoringSignalsListResponse:
       description: "The response object with all security signals matching the request\nand pagination information."
       properties:
@@ -119533,6 +119592,51 @@ paths:
         operator: OR
         permissions:
           - security_monitoring_signals_write
+  /api/v2/security_monitoring/signals/bulk/update:
+    patch:
+      description: |-
+        Update the triage state or assignee of multiple security signals at once.
+        The maximum number of signals that can be updated in a single request is 199.
+      operationId: BulkEditSecurityMonitoringSignals
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/SecurityMonitoringSignalsBulkUpdateRequest"
+        description: Attributes describing the signal updates.
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/SecurityMonitoringSignalsBulkTriageUpdateResponse"
+          description: OK
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/JSONAPIErrorResponse"
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/JSONAPIErrorResponse"
+          description: Forbidden
+        "429":
+          $ref: "#/components/responses/TooManyRequestsResponse"
+      security:
+        - apiKeyAuth: []
+          appKeyAuth: []
+        - AuthZ: []
+      summary: Bulk update security signals
+      tags: ["Security Monitoring"]
+      x-codegen-request-body-name: body
+      "x-permission":
+        operator: OR
+        permissions:
+          - security_monitoring_signals_write
   /api/v2/security_monitoring/signals/search:
     post:
       description: |-
@@ -119855,6 +119959,58 @@ paths:
         permissions:
           - security_monitoring_rules_read
           - security_monitoring_signals_read
+  /api/v2/security_monitoring/signals/{signal_id}/update:
+    patch:
+      description: |-
+        Update the triage state or assignee of a security signal.
+      operationId: EditSecurityMonitoringSignal
+      parameters:
+        - $ref: "#/components/parameters/SignalID"
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/SecurityMonitoringSignalUpdateRequest"
+        description: Attributes describing the signal triage state or assignee update.
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/SecurityMonitoringSignalTriageUpdateResponse"
+          description: OK
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/JSONAPIErrorResponse"
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/JSONAPIErrorResponse"
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/JSONAPIErrorResponse"
+          description: Not Found
+        "429":
+          $ref: "#/components/responses/TooManyRequestsResponse"
+      security:
+        - apiKeyAuth: []
+          appKeyAuth: []
+        - AuthZ: []
+      summary: Update security signal triage state or assignee
+      tags: ["Security Monitoring"]
+      x-codegen-request-body-name: body
+      "x-permission":
+        operator: OR
+        permissions:
+          - security_monitoring_signals_write
   /api/v2/security_monitoring/terraform/{resource_type}/bulk:
     post:
       description: |-

examples/v2/security-monitoring/BulkEditSecurityMonitoringSignals.rb

@@ -0,0 +1,21 @@
+# Bulk update security signals returns "OK" response
+
+require "datadog_api_client"
+api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
+
+body = DatadogAPIClient::V2::SecurityMonitoringSignalsBulkUpdateRequest.new({
+  data: [
+    DatadogAPIClient::V2::SecurityMonitoringSignalsBulkUpdateData.new({
+      attributes: DatadogAPIClient::V2::SecurityMonitoringSignalUpdateAttributes.new({
+        archive_reason: DatadogAPIClient::V2::SecurityMonitoringSignalArchiveReason::NONE,
+        assignee: DatadogAPIClient::V2::SecurityMonitoringTriageUser.new({
+          uuid: "773b045d-ccf8-4808-bd3b-955ef6a8c940",
+        }),
+        state: DatadogAPIClient::V2::SecurityMonitoringSignalState::OPEN,
+      }),
+      id: "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA",
+      type: DatadogAPIClient::V2::SecurityMonitoringSignalType::SIGNAL,
+    }),
+  ],
+})
+p api_instance.bulk_edit_security_monitoring_signals(body)

examples/v2/security-monitoring/EditSecurityMonitoringSignal.rb

@@ -0,0 +1,18 @@
+# Update security signal triage state or assignee returns "OK" response
+
+require "datadog_api_client"
+api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
+
+body = DatadogAPIClient::V2::SecurityMonitoringSignalUpdateRequest.new({
+  data: DatadogAPIClient::V2::SecurityMonitoringSignalUpdateData.new({
+    attributes: DatadogAPIClient::V2::SecurityMonitoringSignalUpdateAttributes.new({
+      archive_reason: DatadogAPIClient::V2::SecurityMonitoringSignalArchiveReason::NONE,
+      assignee: DatadogAPIClient::V2::SecurityMonitoringTriageUser.new({
+        uuid: "773b045d-ccf8-4808-bd3b-955ef6a8c940",
+      }),
+      state: DatadogAPIClient::V2::SecurityMonitoringSignalState::OPEN,
+    }),
+    type: DatadogAPIClient::V2::SecurityMonitoringSignalMetadataType::SIGNAL_METADATA,
+  }),
+})
+p api_instance.edit_security_monitoring_signal("signal_id", body)

features/scenarios_model_mapping.rb

@@ -1933,6 +1933,9 @@
     "v2.BulkEditSecurityMonitoringSignalsState" => {
             "body" => "SecurityMonitoringSignalsBulkStateUpdateRequest",
     },
+    "v2.BulkEditSecurityMonitoringSignals" => {
+            "body" => "SecurityMonitoringSignalsBulkUpdateRequest",
+    },
     "v2.SearchSecurityMonitoringSignals" => {
             "body" => "SecurityMonitoringSignalListRequest",
     },
@@ -1957,6 +1960,10 @@
     "v2.GetSuggestedActionsMatchingSignal" => {
             "signal_id" => "String",
     },
+    "v2.EditSecurityMonitoringSignal" => {
+            "signal_id" => "String",
+            "body" => "SecurityMonitoringSignalUpdateRequest",
+    },
     "v2.BulkExportSecurityMonitoringTerraformResources" => {
             "resource_type" => "SecurityMonitoringTerraformResourceType",
             "body" => "SecurityMonitoringTerraformBulkExportRequest",

features/v2/security_monitoring.feature

@@ -121,6 +121,20 @@ Feature: Security Monitoring
     When the request is sent
     Then the response status is 200 OK
 
+  @skip @team:DataDog/k9-cloud-siem
+  Scenario: Bulk update security signals returns "Bad Request" response
+    Given new "BulkEditSecurityMonitoringSignals" request
+    And body with value {"data": [{"attributes": {"archive_reason": "none", "assignee": {"uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"}, "state": "open"}, "id": "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA", "type": "signal"}]}
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @skip @team:DataDog/k9-cloud-siem
+  Scenario: Bulk update security signals returns "OK" response
+    Given new "BulkEditSecurityMonitoringSignals" request
+    And body with value {"data": [{"attributes": {"archive_reason": "none", "assignee": {"uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"}, "state": "open"}, "id": "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA", "type": "signal"}]}
+    When the request is sent
+    Then the response status is 200 OK
+
   @skip @team:DataDog/k9-cloud-siem
   Scenario: Bulk update triage assignee of security signals returns "Bad Request" response
     Given operation "BulkEditSecurityMonitoringSignalsAssignee" enabled
@@ -2232,6 +2246,30 @@ Feature: Security Monitoring
     When the request is sent
     Then the response status is 201 OK
 
+  @skip @team:DataDog/k9-cloud-siem
+  Scenario: Update security signal triage state or assignee returns "Bad Request" response
+    Given new "EditSecurityMonitoringSignal" request
+    And request contains "signal_id" parameter from "REPLACE.ME"
+    And body with value {"data": {"attributes": {"archive_reason": "none", "assignee": {"uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"}, "state": "open"}, "type": "signal_metadata"}}
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @skip @team:DataDog/k9-cloud-siem
+  Scenario: Update security signal triage state or assignee returns "Not Found" response
+    Given new "EditSecurityMonitoringSignal" request
+    And request contains "signal_id" parameter from "REPLACE.ME"
+    And body with value {"data": {"attributes": {"archive_reason": "none", "assignee": {"uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"}, "state": "open"}, "type": "signal_metadata"}}
+    When the request is sent
+    Then the response status is 404 Not Found
+
+  @skip @team:DataDog/k9-cloud-siem
+  Scenario: Update security signal triage state or assignee returns "OK" response
+    Given new "EditSecurityMonitoringSignal" request
+    And request contains "signal_id" parameter from "REPLACE.ME"
+    And body with value {"data": {"attributes": {"archive_reason": "none", "assignee": {"uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"}, "state": "open"}, "type": "signal_metadata"}}
+    When the request is sent
+    Then the response status is 200 OK
+
   @skip-go @skip-java @skip-python @skip-ruby @skip-rust @skip-typescript @skip-validation @team:DataDog/k9-cloud-siem
   Scenario: Validate a detection rule returns "Bad Request" response
     Given new "ValidateSecurityMonitoringRule" request

features/v2/undo.json

@@ -5699,6 +5699,12 @@
       "type": "idempotent"
     }
   },
+  "BulkEditSecurityMonitoringSignals": {
+    "tag": "Security Monitoring",
+    "undo": {
+      "type": "idempotent"
+    }
+  },
   "SearchSecurityMonitoringSignals": {
     "tag": "Security Monitoring",
     "undo": {
@@ -5741,6 +5747,12 @@
       "type": "safe"
     }
   },
+  "EditSecurityMonitoringSignal": {
+    "tag": "Security Monitoring",
+    "undo": {
+      "type": "idempotent"
+    }
+  },
   "BulkExportSecurityMonitoringTerraformResources": {
     "tag": "Security Monitoring",
     "undo": {

lib/datadog_api_client/inflector.rb

@@ -5167,6 +5167,8 @@ def overrides
           "v2.security_monitoring_signals_bulk_triage_event_attributes" => "SecurityMonitoringSignalsBulkTriageEventAttributes",
           "v2.security_monitoring_signals_bulk_triage_update_response" => "SecurityMonitoringSignalsBulkTriageUpdateResponse",
           "v2.security_monitoring_signals_bulk_triage_update_result" => "SecurityMonitoringSignalsBulkTriageUpdateResult",
+          "v2.security_monitoring_signals_bulk_update_data" => "SecurityMonitoringSignalsBulkUpdateData",
+          "v2.security_monitoring_signals_bulk_update_request" => "SecurityMonitoringSignalsBulkUpdateRequest",
           "v2.security_monitoring_signals_list_response" => "SecurityMonitoringSignalsListResponse",
           "v2.security_monitoring_signals_list_response_links" => "SecurityMonitoringSignalsListResponseLinks",
           "v2.security_monitoring_signals_list_response_meta" => "SecurityMonitoringSignalsListResponseMeta",
@@ -5184,6 +5186,9 @@ def overrides
           "v2.security_monitoring_signal_triage_update_data" => "SecurityMonitoringSignalTriageUpdateData",
           "v2.security_monitoring_signal_triage_update_response" => "SecurityMonitoringSignalTriageUpdateResponse",
           "v2.security_monitoring_signal_type" => "SecurityMonitoringSignalType",
+          "v2.security_monitoring_signal_update_attributes" => "SecurityMonitoringSignalUpdateAttributes",
+          "v2.security_monitoring_signal_update_data" => "SecurityMonitoringSignalUpdateData",
+          "v2.security_monitoring_signal_update_request" => "SecurityMonitoringSignalUpdateRequest",
           "v2.security_monitoring_sku" => "SecurityMonitoringSKU",
           "v2.security_monitoring_standard_data_source" => "SecurityMonitoringStandardDataSource",
           "v2.security_monitoring_standard_rule_create_payload" => "SecurityMonitoringStandardRuleCreatePayload",