Update docs for Security Finding API endpoints (#3261)

api-clients-generation-pipeline[bot] · ci.datadog-api-spec · web-flow · commit 17f9c868a728 · 2026-01-12T22:36:07.000Z
Co-authored-by: ci.datadog-api-spec &lt;packages@datadoghq.com&gt;
diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml
@@ -78107,7 +78107,13 @@ paths:
         cursorPath: meta.page.cursor
         limitParam: page[limit]
         resultsPath: data
-      x-unstable: '**Note**: This endpoint is in public beta.
+      x-unstable: '**Note**: This endpoint uses the legacy security findings data
+        model and is planned for deprecation.
+
+        Use the [search security findings endpoint](https://docs.datadoghq.com/api/latest/security-monitoring/#search-security-findings),
+
+        which is based on the [new security findings schema](https://docs.datadoghq.com/security/guide/findings-schema/),
+        to search security findings.
 
         If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
     patch:
@@ -78207,7 +78213,13 @@ paths:
       summary: Get a finding
       tags:
       - Security Monitoring
-      x-unstable: '**Note**: This endpoint is in public beta.
+      x-unstable: '**Note**: This endpoint uses the legacy security findings data
+        model and is planned for deprecation.
+
+        Use the [search security findings endpoint](https://docs.datadoghq.com/api/latest/security-monitoring/#search-security-findings),
+
+        which is based on the [new security findings schema](https://docs.datadoghq.com/security/guide/findings-schema/),
+        to search security findings.
 
         If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
   /api/v2/powerpacks:
@@ -82153,15 +82165,16 @@ paths:
         - security_monitoring_cws_agent_rules_read
   /api/v2/security/findings:
     get:
-      description: 'Get a list of security findings that match a search query.
+      description: 'Get a list of security findings that match a search query. [See
+        the schema for security findings](https://docs.datadoghq.com/security/guide/findings-schema/).
 
 
         ### Query Syntax
 
 
         This endpoint uses the logs query syntax. Findings attributes (living in the
-        custom. namespace) are prefixed by @ when queried. Tags are queried without
-        a prefix.
+        attributes.attributes. namespace) are prefixed by @ when queried. Tags are
+        queried without a prefix.
 
 
         Example: `@severity:(critical OR high) @status:open team:platform`'
@@ -82452,13 +82465,14 @@ paths:
         Please check the documentation regularly for updates.'
   /api/v2/security/findings/search:
     post:
-      description: 'Get a list of security findings that match a search query.
+      description: 'Get a list of security findings that match a search query. [See
+        the schema for security findings](https://docs.datadoghq.com/security/guide/findings-schema/).
 
 
         ### Query Syntax
 
 
-        The API uses the logs query syntax. Findings attributes (living in the custom.
+        The API uses the logs query syntax. Findings attributes (living in the attributes.attributes.
         namespace) are prefixed by @ when queried. Tags are queried without a prefix.
 
 
diff --git a/services/security_monitoring/src/v2/SecurityMonitoringApi.ts b/services/security_monitoring/src/v2/SecurityMonitoringApi.ts
@@ -12040,11 +12040,11 @@ export class SecurityMonitoringApi {
   }
 
   /**
-   * Get a list of security findings that match a search query.
+   * Get a list of security findings that match a search query. [See the schema for security findings](https://docs.datadoghq.com/security/guide/findings-schema/).
    *
    * ### Query Syntax
    *
-   * This endpoint uses the logs query syntax. Findings attributes (living in the custom. namespace) are prefixed by @ when queried. Tags are queried without a prefix.
+   * This endpoint uses the logs query syntax. Findings attributes (living in the attributes.attributes. namespace) are prefixed by @ when queried. Tags are queried without a prefix.
    *
    * Example: `@severity:(critical OR high) @status:open team:platform`
    * @param param The request object
@@ -12606,11 +12606,11 @@ export class SecurityMonitoringApi {
   }
 
   /**
-   * Get a list of security findings that match a search query.
+   * Get a list of security findings that match a search query. [See the schema for security findings](https://docs.datadoghq.com/security/guide/findings-schema/).
    *
    * ### Query Syntax
    *
-   * The API uses the logs query syntax. Findings attributes (living in the custom. namespace) are prefixed by @ when queried. Tags are queried without a prefix.
+   * The API uses the logs query syntax. Findings attributes (living in the attributes.attributes. namespace) are prefixed by @ when queried. Tags are queried without a prefix.
    *
    * Example: `@severity:(critical OR high) @status:open team:platform`
    * @param param The request object

Original file line number	Diff line number	Diff line change
`@@ -12040,11 +12040,11 @@ export class SecurityMonitoringApi {`
`12040`	`12040`	`}`
`12041`	`12041`
`12042`	`12042`	`/**`
`12043`		`- * Get a list of security findings that match a search query.`
	`12043`	`+ * Get a list of security findings that match a search query. [See the schema for security findings](https://docs.datadoghq.com/security/guide/findings-schema/).`
`12044`	`12044`	`*`
`12045`	`12045`	`* ### Query Syntax`
`12046`	`12046`	`*`
`12047`		`- * This endpoint uses the logs query syntax. Findings attributes (living in the custom. namespace) are prefixed by @ when queried. Tags are queried without a prefix.`
	`12047`	`+ * This endpoint uses the logs query syntax. Findings attributes (living in the attributes.attributes. namespace) are prefixed by @ when queried. Tags are queried without a prefix.`
`12048`	`12048`	`*`
`12049`	`12049`	* Example: `@severity:(critical OR high) @status:open team:platform`
`12050`	`12050`	`* @param param The request object`
`@@ -12606,11 +12606,11 @@ export class SecurityMonitoringApi {`
`12606`	`12606`	`}`
`12607`	`12607`
`12608`	`12608`	`/**`
`12609`		`- * Get a list of security findings that match a search query.`
	`12609`	`+ * Get a list of security findings that match a search query. [See the schema for security findings](https://docs.datadoghq.com/security/guide/findings-schema/).`
`12610`	`12610`	`*`
`12611`	`12611`	`* ### Query Syntax`
`12612`	`12612`	`*`
`12613`		`- * The API uses the logs query syntax. Findings attributes (living in the custom. namespace) are prefixed by @ when queried. Tags are queried without a prefix.`
	`12613`	`+ * The API uses the logs query syntax. Findings attributes (living in the attributes.attributes. namespace) are prefixed by @ when queried. Tags are queried without a prefix.`
`12614`	`12614`	`*`
`12615`	`12615`	* Example: `@severity:(critical OR high) @status:open team:platform`
`12616`	`12616`	`* @param param The request object`