Document SendSecurityMonitoringNotificationPreview endpoint

.generator/schemas/v2/openapi.yaml

@@ -23518,6 +23518,8 @@ components:
           $ref: "#/components/schemas/Enabled"
         name:
           $ref: "#/components/schemas/RuleName"
+        routing:
+          $ref: "#/components/schemas/NotificationRuleRouting"
         selectors:
           $ref: "#/components/schemas/Selectors"
         targets:
@@ -59051,6 +59053,76 @@ components:
         - targets
         - version
       type: object
+    NotificationRulePreviewNotificationStatus:
+      description: The notification status for the given rule type. `SUCCESS` means a matching event was found and the notification was sent successfully. `DEFAULT` means no matching event was found and a default placeholder notification was sent instead. `ERROR` means an error occurred while sending the notification.
+      enum:
+        - SUCCESS
+        - DEFAULT
+        - ERROR
+      example: SUCCESS
+      type: string
+      x-enum-varnames:
+        - SUCCESS
+        - DEFAULT
+        - ERROR
+    NotificationRulePreviewResponse:
+      description: Response from the notification preview request.
+      properties:
+        data:
+          $ref: "#/components/schemas/NotificationRulePreviewResponseData"
+      required:
+        - data
+      type: object
+    NotificationRulePreviewResponseAttributes:
+      description: Attributes of the notification preview response.
+      properties:
+        preview_results:
+          $ref: "#/components/schemas/NotificationRulePreviewResults"
+      required:
+        - preview_results
+      type: object
+    NotificationRulePreviewResponseData:
+      description: The notification preview response data.
+      properties:
+        attributes:
+          $ref: "#/components/schemas/NotificationRulePreviewResponseAttributes"
+        id:
+          description: The ID of the notification preview response.
+          example: rka-loa-zwu
+          type: string
+        type:
+          $ref: "#/components/schemas/NotificationRulePreviewResponseType"
+      required:
+        - type
+        - attributes
+      type: object
+    NotificationRulePreviewResponseType:
+      description: The type of the notification preview response.
+      enum:
+        - notification_preview_response
+      example: notification_preview_response
+      type: string
+      x-enum-varnames:
+        - NOTIFICATION_PREVIEW_RESPONSE
+    NotificationRulePreviewResult:
+      description: The preview result for a single rule type.
+      properties:
+        notification_status:
+          $ref: "#/components/schemas/NotificationRulePreviewNotificationStatus"
+        rule_type:
+          $ref: "#/components/schemas/RuleTypesItems"
+      required:
+        - rule_type
+        - notification_status
+      type: object
+    NotificationRulePreviewResults:
+      description: List of preview results for each rule type matched by the notification rule.
+      example:
+        - notification_status: DEFAULT
+          rule_type: log_detection
+      items:
+        $ref: "#/components/schemas/NotificationRulePreviewResult"
+      type: array
     NotificationRuleQuery:
       description: The query is composed of one or several key:value pairs, which can be used to filter security issues on tags and attributes.
       example: (source:production_service OR env:prod)
@@ -59061,6 +59133,22 @@ components:
         data:
           $ref: "#/components/schemas/NotificationRule"
       type: object
+    NotificationRuleRouting:
+      description: Routing configuration for the notification rule.
+      properties:
+        mode:
+          $ref: "#/components/schemas/NotificationRuleRoutingMode"
+      required:
+        - mode
+      type: object
+    NotificationRuleRoutingMode:
+      description: The routing mode for the notification rule. `manual` sends notifications to the configured targets.
+      enum:
+        - manual
+      example: manual
+      type: string
+      x-enum-varnames:
+        - MANUAL
     NotificationRulesListResponse:
       description: The list of notification rules.
       properties:
@@ -68865,6 +68953,8 @@ components:
           $ref: "#/components/schemas/Enabled"
         name:
           $ref: "#/components/schemas/RuleName"
+        routing:
+          $ref: "#/components/schemas/NotificationRuleRouting"
         selectors:
           $ref: "#/components/schemas/Selectors"
         targets:
@@ -75175,6 +75265,7 @@ components:
         - iac_misconfiguration
         - sast_vulnerability
         - secret_vulnerability
+      example: log_detection
       type: string
       x-enum-varnames:
         - APPLICATION_SECURITY
@@ -164024,6 +164115,73 @@ paths:
       x-unstable: |-
         **Note**: This endpoint is in preview and is subject to change.
         If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
+  /api/v2/security_monitoring/configuration/notification_rules/send_notification_preview:
+    post:
+      description: Send a notification preview to test that a notification rule's targets are properly configured.
+      operationId: SendSecurityMonitoringNotificationPreview
+      requestBody:
+        content:
+          application/json:
+            examples:
+              default:
+                value:
+                  data:
+                    attributes:
+                      enabled: true
+                      name: Rule 1
+                      selectors:
+                        query: env:prod
+                        rule_types:
+                          - log_detection
+                        severities:
+                          - critical
+                        trigger_source: security_signals
+                      targets:
+                        - "@john.doe@email.com"
+                    type: notification_rules
+            schema:
+              $ref: "#/components/schemas/CreateNotificationRuleParameters"
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              examples:
+                default:
+                  value:
+                    data:
+                      attributes:
+                        preview_results:
+                          - notification_status: DEFAULT
+                            rule_type: log_detection
+                      id: rka-loa-zwu
+                      type: notification_preview_response
+              schema:
+                $ref: "#/components/schemas/NotificationRulePreviewResponse"
+          description: OK
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/JSONAPIErrorResponse"
+          description: Bad Request
+        "403":
+          $ref: "#/components/responses/NotAuthorizedResponse"
+        "429":
+          $ref: "#/components/responses/TooManyRequestsResponse"
+      security:
+        - apiKeyAuth: []
+          appKeyAuth: []
+        - AuthZ:
+            - security_monitoring_notification_profiles_write
+      summary: Test a notification rule
+      tags:
+        - Security Monitoring
+      x-codegen-request-body-name: body
+      "x-permission":
+        operator: OR
+        permissions:
+          - security_monitoring_notification_profiles_write
   /api/v2/security_monitoring/configuration/security_filters:
     get:
       description: Get the list of configured security filters with their definitions.

cassettes/features/v2/security_monitoring/Test-a-notification-rule-returns-OK-response.frozen

@@ -0,0 +1 @@
+2026-06-10T09:27:59.116Z

examples/v2/security-monitoring/SendSecurityMonitoringNotificationPreview.rb

@@ -0,0 +1,28 @@
+# Test a notification rule returns "OK" response
+
+require "datadog_api_client"
+api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
+
+body = DatadogAPIClient::V2::CreateNotificationRuleParameters.new({
+  data: DatadogAPIClient::V2::CreateNotificationRuleParametersData.new({
+    attributes: DatadogAPIClient::V2::CreateNotificationRuleParametersDataAttributes.new({
+      enabled: true,
+      name: "Rule 1",
+      selectors: DatadogAPIClient::V2::Selectors.new({
+        query: "env:prod",
+        rule_types: [
+          DatadogAPIClient::V2::RuleTypesItems::LOG_DETECTION,
+        ],
+        severities: [
+          DatadogAPIClient::V2::RuleSeverity::CRITICAL,
+        ],
+        trigger_source: DatadogAPIClient::V2::TriggerSource::SECURITY_SIGNALS,
+      }),
+      targets: [
+        "@john.doe@email.com",
+      ],
+    }),
+    type: DatadogAPIClient::V2::NotificationRulesType::NOTIFICATION_RULES,
+  }),
+})
+p api_instance.send_security_monitoring_notification_preview(body)

features/scenarios_model_mapping.rb

@@ -2212,6 +2212,9 @@
     "v2.ValidateSecurityMonitoringIntegrationConfig" => {
             "integration_config_id" => "String",
     },
+    "v2.SendSecurityMonitoringNotificationPreview" => {
+            "body" => "CreateNotificationRuleParameters",
+    },
     "v2.CreateSecurityFilter" => {
             "body" => "SecurityFilterCreateRequest",
     },

features/v2/security_monitoring.feature

@@ -759,7 +759,7 @@ Feature: Security Monitoring
   @generated @skip @team:DataDog/cloud-security-posture-management
   Scenario: Create a new signal-based notification rule returns "Bad Request" response
     Given new "CreateSignalNotificationRule" request
-    And body with value {"data": {"attributes": {"enabled": true, "name": "Rule 1", "selectors": {"query": "(source:production_service OR env:prod)", "rule_types": ["misconfiguration", "attack_path"], "severities": ["critical"], "trigger_source": "security_findings"}, "targets": ["@john.doe@email.com"], "time_aggregation": 86400}, "type": "notification_rules"}}
+    And body with value {"data": {"attributes": {"enabled": true, "name": "Rule 1", "routing": {"mode": "manual"}, "selectors": {"query": "(source:production_service OR env:prod)", "rule_types": ["misconfiguration", "attack_path"], "severities": ["critical"], "trigger_source": "security_findings"}, "targets": ["@john.doe@email.com"], "time_aggregation": 86400}, "type": "notification_rules"}}
     When the request is sent
     Then the response status is 400 Bad Request
 
@@ -773,7 +773,7 @@ Feature: Security Monitoring
   @generated @skip @team:DataDog/cloud-security-posture-management
   Scenario: Create a new vulnerability-based notification rule returns "Bad Request" response
     Given new "CreateVulnerabilityNotificationRule" request
-    And body with value {"data": {"attributes": {"enabled": true, "name": "Rule 1", "selectors": {"query": "(source:production_service OR env:prod)", "rule_types": ["misconfiguration", "attack_path"], "severities": ["critical"], "trigger_source": "security_findings"}, "targets": ["@john.doe@email.com"], "time_aggregation": 86400}, "type": "notification_rules"}}
+    And body with value {"data": {"attributes": {"enabled": true, "name": "Rule 1", "routing": {"mode": "manual"}, "selectors": {"query": "(source:production_service OR env:prod)", "rule_types": ["misconfiguration", "attack_path"], "severities": ["critical"], "trigger_source": "security_findings"}, "targets": ["@john.doe@email.com"], "time_aggregation": 86400}, "type": "notification_rules"}}
     When the request is sent
     Then the response status is 400 Bad Request
 
@@ -2470,7 +2470,7 @@ Feature: Security Monitoring
   Scenario: Patch a signal-based notification rule returns "The server cannot process the request because it contains invalid data." response
     Given new "PatchSignalNotificationRule" request
     And request contains "id" parameter from "REPLACE.ME"
-    And body with value {"data": {"attributes": {"enabled": true, "name": "Rule 1", "selectors": {"query": "(source:production_service OR env:prod)", "rule_types": ["misconfiguration", "attack_path"], "severities": ["critical"], "trigger_source": "security_findings"}, "targets": ["@john.doe@email.com"], "time_aggregation": 86400, "version": 1}, "id": "aaa-bbb-ccc", "type": "notification_rules"}}
+    And body with value {"data": {"attributes": {"enabled": true, "name": "Rule 1", "routing": {"mode": "manual"}, "selectors": {"query": "(source:production_service OR env:prod)", "rule_types": ["misconfiguration", "attack_path"], "severities": ["critical"], "trigger_source": "security_findings"}, "targets": ["@john.doe@email.com"], "time_aggregation": 86400, "version": 1}, "id": "aaa-bbb-ccc", "type": "notification_rules"}}
     When the request is sent
     Then the response status is 422 The server cannot process the request because it contains invalid data.
 
@@ -2504,7 +2504,7 @@ Feature: Security Monitoring
   Scenario: Patch a vulnerability-based notification rule returns "The server cannot process the request because it contains invalid data." response
     Given new "PatchVulnerabilityNotificationRule" request
     And request contains "id" parameter from "REPLACE.ME"
-    And body with value {"data": {"attributes": {"enabled": true, "name": "Rule 1", "selectors": {"query": "(source:production_service OR env:prod)", "rule_types": ["misconfiguration", "attack_path"], "severities": ["critical"], "trigger_source": "security_findings"}, "targets": ["@john.doe@email.com"], "time_aggregation": 86400, "version": 1}, "id": "aaa-bbb-ccc", "type": "notification_rules"}}
+    And body with value {"data": {"attributes": {"enabled": true, "name": "Rule 1", "routing": {"mode": "manual"}, "selectors": {"query": "(source:production_service OR env:prod)", "rule_types": ["misconfiguration", "attack_path"], "severities": ["critical"], "trigger_source": "security_findings"}, "targets": ["@john.doe@email.com"], "time_aggregation": 86400, "version": 1}, "id": "aaa-bbb-ccc", "type": "notification_rules"}}
     When the request is sent
     Then the response status is 422 The server cannot process the request because it contains invalid data.
 
@@ -2611,6 +2611,20 @@ Feature: Security Monitoring
     When the request is sent
     Then the response status is 200 OK
 
+  @generated @skip @team:DataDog/k9-cloud-siem
+  Scenario: Test a notification rule returns "Bad Request" response
+    Given new "SendSecurityMonitoringNotificationPreview" request
+    And body with value {"data": {"attributes": {"enabled": true, "name": "Rule 1", "routing": {"mode": "manual"}, "selectors": {"query": "(source:production_service OR env:prod)", "rule_types": ["misconfiguration", "attack_path"], "severities": ["critical"], "trigger_source": "security_findings"}, "targets": ["@john.doe@email.com"], "time_aggregation": 86400}, "type": "notification_rules"}}
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @team:DataDog/k9-cloud-siem
+  Scenario: Test a notification rule returns "OK" response
+    Given new "SendSecurityMonitoringNotificationPreview" request
+    And body with value {"data": {"attributes": {"enabled": true, "name": "Rule 1", "selectors": {"query": "env:prod", "rule_types": ["log_detection"], "severities": ["critical"], "trigger_source": "security_signals"}, "targets": ["@john.doe@email.com"]}, "type": "notification_rules"}}
+    When the request is sent
+    Then the response status is 200 OK
+
   @skip @team:DataDog/k9-cloud-siem
   Scenario: Test a rule returns "Bad Request" response
     Given new "TestSecurityMonitoringRule" request

features/v2/undo.json

@@ -7025,6 +7025,12 @@
       "type": "safe"
     }
   },
+  "SendSecurityMonitoringNotificationPreview": {
+    "tag": "Security Monitoring",
+    "undo": {
+      "type": "safe"
+    }
+  },
   "ListSecurityFilters": {
     "tag": "Security Monitoring",
     "undo": {

lib/datadog_api_client/inflector.rb

@@ -4655,7 +4655,15 @@ def overrides
           "v2.notification_channel_type" => "NotificationChannelType",
           "v2.notification_rule" => "NotificationRule",
           "v2.notification_rule_attributes" => "NotificationRuleAttributes",
+          "v2.notification_rule_preview_notification_status" => "NotificationRulePreviewNotificationStatus",
+          "v2.notification_rule_preview_response" => "NotificationRulePreviewResponse",
+          "v2.notification_rule_preview_response_attributes" => "NotificationRulePreviewResponseAttributes",
+          "v2.notification_rule_preview_response_data" => "NotificationRulePreviewResponseData",
+          "v2.notification_rule_preview_response_type" => "NotificationRulePreviewResponseType",
+          "v2.notification_rule_preview_result" => "NotificationRulePreviewResult",
           "v2.notification_rule_response" => "NotificationRuleResponse",
+          "v2.notification_rule_routing" => "NotificationRuleRouting",
+          "v2.notification_rule_routing_mode" => "NotificationRuleRoutingMode",
           "v2.notification_rules_list_response" => "NotificationRulesListResponse",
           "v2.notification_rules_type" => "NotificationRulesType",
           "v2.notion_api_key" => "NotionAPIKey",