diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index 75755ab7e79f..0686c00df080 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -61254,19 +61254,23 @@ components: - DONE - TIMEOUT SecurityMonitoringContentPackActivation: - description: The activation status of a content pack + description: The activation status of a content pack. enum: - never_activated - activated - deactivated example: activated type: string + x-enum-descriptions: + - Pack has never been activated for this organization. + - Pack is currently activated. + - Pack was previously activated but has since been deactivated. x-enum-varnames: - NEVER_ACTIVATED - ACTIVATED - DEACTIVATED SecurityMonitoringContentPackIntegrationStatus: - description: The installation status of the related integration + description: The installation status of the related integration. enum: - installed - available @@ -61275,6 +61279,12 @@ components: - error example: installed type: string + x-enum-descriptions: + - Integration is fully installed. + - Integration exists in the catalog but is not installed. + - Integration is only partially configured. + - Integration detected (for example, logs are flowing) but not explicitly installed. + - Integration is in an error state. x-enum-varnames: - INSTALLED - AVAILABLE @@ -61291,7 +61301,9 @@ components: cp_activation: $ref: "#/components/schemas/SecurityMonitoringContentPackActivation" filters_configured_for_logs: - description: Whether filters (Security Filters or Index Query depending on the pricing model) are configured for logs + description: |- + Whether filters (Security Filters or Index Query depending on the pricing model) are + present and correctly configured to route logs into Cloud SIEM. example: true type: boolean integration_installed_status: @@ -61299,7 +61311,7 @@ components: logs_last_collected: $ref: "#/components/schemas/SecurityMonitoringContentPackTimestampBucket" logs_seen_from_any_index: - description: Whether logs have been seen from any index + description: Whether logs for this content pack have been seen in any Datadog index within the last 72 hours. example: true type: boolean state: @@ -61364,7 +61376,7 @@ components: - meta type: object SecurityMonitoringContentPackStatus: - description: The current status of a content pack + description: The current operational status of a content pack. enum: - install - activate @@ -61374,6 +61386,13 @@ components: - broken example: active type: string + x-enum-descriptions: + - Not activated; no logs detected in the last 72 hours. + - Not activated; logs are flowing into a Datadog index but not yet routed through Cloud SIEM. + - Activated; awaiting first log ingestion. + - Activated; logs received within the last 24 hours. + - Activated; integration not installed or logs last seen 24 to 72 hours ago. + - Activated; no logs for over 72 hours, filter missing, or Cloud SIEM index incorrectly ordered. x-enum-varnames: - INSTALL - ACTIVATE @@ -61382,7 +61401,7 @@ components: - WARNING - BROKEN SecurityMonitoringContentPackTimestampBucket: - description: Timestamp bucket indicating when logs were last collected + description: Timestamp bucket indicating when logs were last collected. enum: - not_seen - within_24_hours @@ -61391,6 +61410,12 @@ components: - over_30d example: within_24_hours type: string + x-enum-descriptions: + - No logs observed. + - Logs received within the last 24 hours. + - Logs last seen 24 to 72 hours ago. + - Logs last seen 3 to 30 days ago. + - Logs last seen more than 30 days ago. x-enum-varnames: - NOT_SEEN - WITHIN_24_HOURS @@ -62481,7 +62506,7 @@ components: - $ref: "#/components/schemas/SecurityMonitoringSignalRulePayload" - $ref: "#/components/schemas/CloudConfigurationRulePayload" SecurityMonitoringSKU: - description: The SIEM pricing model (SKU) for the organization + description: The Cloud SIEM pricing model (SKU) for the organization. enum: - per_gb_analyzed - per_event_in_siem_index_2023 @@ -112316,10 +112341,7 @@ paths: - Security Monitoring /api/v2/security_monitoring/content_packs/states: get: - description: |- - Get the activation and configuration states for all security monitoring content packs. - This endpoint returns status information about each content pack including activation state, - integration status, and log collection status. + description: Get the activation state, integration status, and log collection status for all Cloud SIEM content packs. operationId: GetContentPacksStates responses: "200": @@ -112342,21 +112364,31 @@ paths: description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_filters_read summary: Get content pack states tags: - Security Monitoring + "x-permission": + operator: OR + permissions: + - security_monitoring_filters_read + - logs_read_index_data x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/security_monitoring/content_packs/{content_pack_id}/activate: put: description: |- - Activate a security monitoring content pack. This operation configures the necessary + Activate a Cloud SIEM content pack. This operation configures the necessary log filters or security filters depending on the pricing model and updates the content pack activation state. operationId: ActivateContentPack parameters: - - description: The ID of the content pack to activate. + - description: The ID of the content pack to activate (for example, `aws-cloudtrail`). in: path name: content_pack_id required: true @@ -112380,20 +112412,30 @@ paths: description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_filters_write summary: Activate content pack tags: - Security Monitoring + "x-permission": + operator: OR + permissions: + - security_monitoring_filters_write + - logs_modify_indexes x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/security_monitoring/content_packs/{content_pack_id}/deactivate: put: description: |- - Deactivate a security monitoring content pack. This operation removes the content pack's + Deactivate a Cloud SIEM content pack. This operation removes the content pack's configuration from log filters or security filters and updates the content pack activation state. operationId: DeactivateContentPack parameters: - - description: The ID of the content pack to deactivate. + - description: The ID of the content pack to deactivate (for example, `aws-cloudtrail`). in: path name: content_pack_id required: true @@ -112417,9 +112459,19 @@ paths: description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_filters_write summary: Deactivate content pack tags: - Security Monitoring + "x-permission": + operator: OR + permissions: + - security_monitoring_filters_write + - logs_modify_indexes x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). diff --git a/services/security_monitoring/src/v2/SecurityMonitoringApi.ts b/services/security_monitoring/src/v2/SecurityMonitoringApi.ts index 6197c6ad3d9b..6bca69969fd5 100644 --- a/services/security_monitoring/src/v2/SecurityMonitoringApi.ts +++ b/services/security_monitoring/src/v2/SecurityMonitoringApi.ts @@ -185,6 +185,7 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { applySecurityAuthentication(_config, requestContext, [ "apiKeyAuth", "appKeyAuth", + "AuthZ", ]); return requestContext; @@ -1212,6 +1213,7 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { applySecurityAuthentication(_config, requestContext, [ "apiKeyAuth", "appKeyAuth", + "AuthZ", ]); return requestContext; @@ -1897,6 +1899,7 @@ export class SecurityMonitoringApiRequestFactory extends BaseAPIRequestFactory { applySecurityAuthentication(_config, requestContext, [ "apiKeyAuth", "appKeyAuth", + "AuthZ", ]); return requestContext; @@ -11142,7 +11145,7 @@ export class SecurityMonitoringApiResponseProcessor { export interface SecurityMonitoringApiActivateContentPackRequest { /** - * The ID of the content pack to activate. + * The ID of the content pack to activate (for example, `aws-cloudtrail`). * @type string */ contentPackId: string; @@ -11292,7 +11295,7 @@ export interface SecurityMonitoringApiCreateVulnerabilityNotificationRuleRequest export interface SecurityMonitoringApiDeactivateContentPackRequest { /** - * The ID of the content pack to deactivate. + * The ID of the content pack to deactivate (for example, `aws-cloudtrail`). * @type string */ contentPackId: string; @@ -12488,7 +12491,7 @@ export class SecurityMonitoringApi { } /** - * Activate a security monitoring content pack. This operation configures the necessary + * Activate a Cloud SIEM content pack. This operation configures the necessary * log filters or security filters depending on the pricing model and updates the content * pack activation state. * @param param The request object @@ -12939,7 +12942,7 @@ export class SecurityMonitoringApi { } /** - * Deactivate a security monitoring content pack. This operation removes the content pack's + * Deactivate a Cloud SIEM content pack. This operation removes the content pack's * configuration from log filters or security filters and updates the content pack activation state. * @param param The request object */ @@ -13236,9 +13239,7 @@ export class SecurityMonitoringApi { } /** - * Get the activation and configuration states for all security monitoring content packs. - * This endpoint returns status information about each content pack including activation state, - * integration status, and log collection status. + * Get the activation state, integration status, and log collection status for all Cloud SIEM content packs. * @param param The request object */ public getContentPacksStates( diff --git a/services/security_monitoring/src/v2/models/SecurityMonitoringContentPackActivation.ts b/services/security_monitoring/src/v2/models/SecurityMonitoringContentPackActivation.ts index 1e2edb794932..59125c6f7cbf 100644 --- a/services/security_monitoring/src/v2/models/SecurityMonitoringContentPackActivation.ts +++ b/services/security_monitoring/src/v2/models/SecurityMonitoringContentPackActivation.ts @@ -1,7 +1,7 @@ import { UnparsedObject } from "@datadog/datadog-api-client"; /** - * The activation status of a content pack + * The activation status of a content pack. */ export type SecurityMonitoringContentPackActivation = | typeof NEVER_ACTIVATED diff --git a/services/security_monitoring/src/v2/models/SecurityMonitoringContentPackIntegrationStatus.ts b/services/security_monitoring/src/v2/models/SecurityMonitoringContentPackIntegrationStatus.ts index 78d8d0f08144..feadc6a653e7 100644 --- a/services/security_monitoring/src/v2/models/SecurityMonitoringContentPackIntegrationStatus.ts +++ b/services/security_monitoring/src/v2/models/SecurityMonitoringContentPackIntegrationStatus.ts @@ -1,7 +1,7 @@ import { UnparsedObject } from "@datadog/datadog-api-client"; /** - * The installation status of the related integration + * The installation status of the related integration. */ export type SecurityMonitoringContentPackIntegrationStatus = | typeof INSTALLED diff --git a/services/security_monitoring/src/v2/models/SecurityMonitoringContentPackStateAttributes.ts b/services/security_monitoring/src/v2/models/SecurityMonitoringContentPackStateAttributes.ts index 0536899e9be2..bc1c618c9a7d 100644 --- a/services/security_monitoring/src/v2/models/SecurityMonitoringContentPackStateAttributes.ts +++ b/services/security_monitoring/src/v2/models/SecurityMonitoringContentPackStateAttributes.ts @@ -14,27 +14,28 @@ export class SecurityMonitoringContentPackStateAttributes { */ "cloudSiemIndexIncorrect": boolean; /** - * The activation status of a content pack + * The activation status of a content pack. */ "cpActivation": SecurityMonitoringContentPackActivation; /** - * Whether filters (Security Filters or Index Query depending on the pricing model) are configured for logs + * Whether filters (Security Filters or Index Query depending on the pricing model) are + * present and correctly configured to route logs into Cloud SIEM. */ "filtersConfiguredForLogs": boolean; /** - * The installation status of the related integration + * The installation status of the related integration. */ "integrationInstalledStatus"?: SecurityMonitoringContentPackIntegrationStatus; /** - * Timestamp bucket indicating when logs were last collected + * Timestamp bucket indicating when logs were last collected. */ "logsLastCollected": SecurityMonitoringContentPackTimestampBucket; /** - * Whether logs have been seen from any index + * Whether logs for this content pack have been seen in any Datadog index within the last 72 hours. */ "logsSeenFromAnyIndex": boolean; /** - * The current status of a content pack + * The current operational status of a content pack. */ "state": SecurityMonitoringContentPackStatus; /** diff --git a/services/security_monitoring/src/v2/models/SecurityMonitoringContentPackStateMeta.ts b/services/security_monitoring/src/v2/models/SecurityMonitoringContentPackStateMeta.ts index c6b062a1b486..f64853c43097 100644 --- a/services/security_monitoring/src/v2/models/SecurityMonitoringContentPackStateMeta.ts +++ b/services/security_monitoring/src/v2/models/SecurityMonitoringContentPackStateMeta.ts @@ -11,7 +11,7 @@ export class SecurityMonitoringContentPackStateMeta { */ "cloudSiemIndexIncorrect": boolean; /** - * The SIEM pricing model (SKU) for the organization + * The Cloud SIEM pricing model (SKU) for the organization. */ "sku": SecurityMonitoringSKU; /** diff --git a/services/security_monitoring/src/v2/models/SecurityMonitoringContentPackStatus.ts b/services/security_monitoring/src/v2/models/SecurityMonitoringContentPackStatus.ts index ad35f1c523eb..da1e91e5dce9 100644 --- a/services/security_monitoring/src/v2/models/SecurityMonitoringContentPackStatus.ts +++ b/services/security_monitoring/src/v2/models/SecurityMonitoringContentPackStatus.ts @@ -1,7 +1,7 @@ import { UnparsedObject } from "@datadog/datadog-api-client"; /** - * The current status of a content pack + * The current operational status of a content pack. */ export type SecurityMonitoringContentPackStatus = | typeof INSTALL diff --git a/services/security_monitoring/src/v2/models/SecurityMonitoringContentPackTimestampBucket.ts b/services/security_monitoring/src/v2/models/SecurityMonitoringContentPackTimestampBucket.ts index 95b2aa81b659..83f6d2b8dca1 100644 --- a/services/security_monitoring/src/v2/models/SecurityMonitoringContentPackTimestampBucket.ts +++ b/services/security_monitoring/src/v2/models/SecurityMonitoringContentPackTimestampBucket.ts @@ -1,7 +1,7 @@ import { UnparsedObject } from "@datadog/datadog-api-client"; /** - * Timestamp bucket indicating when logs were last collected + * Timestamp bucket indicating when logs were last collected. */ export type SecurityMonitoringContentPackTimestampBucket = | typeof NOT_SEEN diff --git a/services/security_monitoring/src/v2/models/SecurityMonitoringSKU.ts b/services/security_monitoring/src/v2/models/SecurityMonitoringSKU.ts index ad08a6d0fb2b..4d6205df8642 100644 --- a/services/security_monitoring/src/v2/models/SecurityMonitoringSKU.ts +++ b/services/security_monitoring/src/v2/models/SecurityMonitoringSKU.ts @@ -1,7 +1,7 @@ import { UnparsedObject } from "@datadog/datadog-api-client"; /** - * The SIEM pricing model (SKU) for the organization + * The Cloud SIEM pricing model (SKU) for the organization. */ export type SecurityMonitoringSKU = | typeof PER_GB_ANALYZED