Update docs for Security Finding API endpoints (#3262)

api-clients-generation-pipeline[bot] · ci.datadog-api-spec · web-flow · commit 00d3819ee2a6 · 2026-01-12T22:35:57.000Z
Co-authored-by: ci.datadog-api-spec &lt;packages@datadoghq.com&gt;
diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml
@@ -78107,7 +78107,13 @@ paths:
         cursorPath: meta.page.cursor
         limitParam: page[limit]
         resultsPath: data
-      x-unstable: '**Note**: This endpoint is in public beta.
+      x-unstable: '**Note**: This endpoint uses the legacy security findings data
+        model and is planned for deprecation.
+
+        Use the [search security findings endpoint](https://docs.datadoghq.com/api/latest/security-monitoring/#search-security-findings),
+
+        which is based on the [new security findings schema](https://docs.datadoghq.com/security/guide/findings-schema/),
+        to search security findings.
 
         If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
     patch:
@@ -78207,7 +78213,13 @@ paths:
       summary: Get a finding
       tags:
       - Security Monitoring
-      x-unstable: '**Note**: This endpoint is in public beta.
+      x-unstable: '**Note**: This endpoint uses the legacy security findings data
+        model and is planned for deprecation.
+
+        Use the [search security findings endpoint](https://docs.datadoghq.com/api/latest/security-monitoring/#search-security-findings),
+
+        which is based on the [new security findings schema](https://docs.datadoghq.com/security/guide/findings-schema/),
+        to search security findings.
 
         If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
   /api/v2/powerpacks:
@@ -82153,15 +82165,16 @@ paths:
         - security_monitoring_cws_agent_rules_read
   /api/v2/security/findings:
     get:
-      description: 'Get a list of security findings that match a search query.
+      description: 'Get a list of security findings that match a search query. [See
+        the schema for security findings](https://docs.datadoghq.com/security/guide/findings-schema/).
 
 
         ### Query Syntax
 
 
         This endpoint uses the logs query syntax. Findings attributes (living in the
-        custom. namespace) are prefixed by @ when queried. Tags are queried without
-        a prefix.
+        attributes.attributes. namespace) are prefixed by @ when queried. Tags are
+        queried without a prefix.
 
 
         Example: `@severity:(critical OR high) @status:open team:platform`'
@@ -82452,13 +82465,14 @@ paths:
         Please check the documentation regularly for updates.'
   /api/v2/security/findings/search:
     post:
-      description: 'Get a list of security findings that match a search query.
+      description: 'Get a list of security findings that match a search query. [See
+        the schema for security findings](https://docs.datadoghq.com/security/guide/findings-schema/).
 
 
         ### Query Syntax
 
 
-        The API uses the logs query syntax. Findings attributes (living in the custom.
+        The API uses the logs query syntax. Findings attributes (living in the attributes.attributes.
         namespace) are prefixed by @ when queried. Tags are queried without a prefix.
 
 
diff --git a/packages/datadog-api-client-v2/apis/SecurityMonitoringApi.ts b/packages/datadog-api-client-v2/apis/SecurityMonitoringApi.ts
@@ -11497,11 +11497,11 @@ export class SecurityMonitoringApi {
   }
 
   /**
-   * Get a list of security findings that match a search query.
+   * Get a list of security findings that match a search query. [See the schema for security findings](https://docs.datadoghq.com/security/guide/findings-schema/).
    *
    * ### Query Syntax
    *
-   * This endpoint uses the logs query syntax. Findings attributes (living in the custom. namespace) are prefixed by @ when queried. Tags are queried without a prefix.
+   * This endpoint uses the logs query syntax. Findings attributes (living in the attributes.attributes. namespace) are prefixed by @ when queried. Tags are queried without a prefix.
    *
    * Example: `@severity:(critical OR high) @status:open team:platform`
    * @param param The request object
@@ -12066,11 +12066,11 @@ export class SecurityMonitoringApi {
   }
 
   /**
-   * Get a list of security findings that match a search query.
+   * Get a list of security findings that match a search query. [See the schema for security findings](https://docs.datadoghq.com/security/guide/findings-schema/).
    *
    * ### Query Syntax
    *
-   * The API uses the logs query syntax. Findings attributes (living in the custom. namespace) are prefixed by @ when queried. Tags are queried without a prefix.
+   * The API uses the logs query syntax. Findings attributes (living in the attributes.attributes. namespace) are prefixed by @ when queried. Tags are queried without a prefix.
    *
    * Example: `@severity:(critical OR high) @status:open team:platform`
    * @param param The request object

Original file line number	Diff line number	Diff line change
`@@ -11497,11 +11497,11 @@ export class SecurityMonitoringApi {`
`11497`	`11497`	`}`
`11498`	`11498`
`11499`	`11499`	`/**`
`11500`		`- * Get a list of security findings that match a search query.`
	`11500`	`+ * Get a list of security findings that match a search query. [See the schema for security findings](https://docs.datadoghq.com/security/guide/findings-schema/).`
`11501`	`11501`	`*`
`11502`	`11502`	`* ### Query Syntax`
`11503`	`11503`	`*`
`11504`		`- * This endpoint uses the logs query syntax. Findings attributes (living in the custom. namespace) are prefixed by @ when queried. Tags are queried without a prefix.`
	`11504`	`+ * This endpoint uses the logs query syntax. Findings attributes (living in the attributes.attributes. namespace) are prefixed by @ when queried. Tags are queried without a prefix.`
`11505`	`11505`	`*`
`11506`	`11506`	* Example: `@severity:(critical OR high) @status:open team:platform`
`11507`	`11507`	`* @param param The request object`
`@@ -12066,11 +12066,11 @@ export class SecurityMonitoringApi {`
`12066`	`12066`	`}`
`12067`	`12067`
`12068`	`12068`	`/**`
`12069`		`- * Get a list of security findings that match a search query.`
	`12069`	`+ * Get a list of security findings that match a search query. [See the schema for security findings](https://docs.datadoghq.com/security/guide/findings-schema/).`
`12070`	`12070`	`*`
`12071`	`12071`	`* ### Query Syntax`
`12072`	`12072`	`*`
`12073`		`- * The API uses the logs query syntax. Findings attributes (living in the custom. namespace) are prefixed by @ when queried. Tags are queried without a prefix.`
	`12073`	`+ * The API uses the logs query syntax. Findings attributes (living in the attributes.attributes. namespace) are prefixed by @ when queried. Tags are queried without a prefix.`
`12074`	`12074`	`*`
`12075`	`12075`	* Example: `@severity:(critical OR high) @status:open team:platform`
`12076`	`12076`	`* @param param The request object`