DataDog · api-clients-generation-pipeline · Apr 16, 2026 · Apr 16, 2026
@@ -0,0 +1 @@
+"2026-04-14T18:22:17.027Z"
@@ -0,0 +1,62 @@
+{
+  "log": {
+    "_recordingName": "Security Monitoring/Get an indicator of compromise returns \"Not Found\" response",
+    "creator": {
+      "comment": "persister:fs",
+      "name": "Polly.JS",
+      "version": "6.0.5"
+    },
+    "entries": [
+      {
+        "_id": "729cc78d9a0ee7c3573d0a0a57a4612f",
+        "_order": 0,
+        "cache": {},
+        "request": {
+          "bodySize": 0,
+          "cookies": [],
+          "headers": [
+            {
+              "_fromType": "array",
+              "name": "accept",
+              "value": "application/json"
+            }
+          ],
+          "headersSize": 612,
+          "httpVersion": "HTTP/1.1",
+          "method": "GET",
+          "queryString": [
+            {
+              "name": "indicator",
+              "value": "this-indicator-does-not-exist.invalid"
+            }
+          ],
+          "url": "https://api.datadoghq.com/api/v2/security/siem/ioc-explorer/indicator?indicator=this-indicator-does-not-exist.invalid"
+        },
+        "response": {
+          "bodySize": 69,
+          "content": {
+            "mimeType": "application/vnd.api+json",
+            "size": 69,
+            "text": "{\"errors\":[{\"title\":\"Generic Error\",\"detail\":\"indicator not found\"}]}"
+          },
+          "cookies": [],
+          "headers": [
+            {
+              "name": "content-type",
+              "value": "application/vnd.api+json"
+            }
+          ],
+          "headersSize": 524,
+          "httpVersion": "HTTP/1.1",
+          "redirectURL": "",
+          "status": 404,
+          "statusText": "Not Found"
+        },
+        "startedDateTime": "2026-04-14T18:22:17.037Z",
+        "time": 999
+      }
+    ],
+    "pages": [],
+    "version": "1.2"
+  }
+}
@@ -0,0 +1 @@
+"2026-04-14T18:22:29.733Z"
@@ -0,0 +1,62 @@
+{
+  "log": {
+    "_recordingName": "Security Monitoring/Get an indicator of compromise returns \"OK\" response",
+    "creator": {
+      "comment": "persister:fs",
+      "name": "Polly.JS",
+      "version": "6.0.5"
+    },
+    "entries": [
+      {
+        "_id": "46983f3852589614d88dbeb54245e244",
+        "_order": 0,
+        "cache": {},
+        "request": {
+          "bodySize": 0,
+          "cookies": [],
+          "headers": [
+            {
+              "_fromType": "array",
+              "name": "accept",
+              "value": "application/json"
+            }
+          ],
+          "headersSize": 653,
+          "httpVersion": "HTTP/1.1",
+          "method": "GET",
+          "queryString": [
+            {
+              "name": "indicator",
+              "value": "masscan/1.3 (https://github.com/robertdavidgraham/masscan)"
+            }
+          ],
+          "url": "https://api.datadoghq.com/api/v2/security/siem/ioc-explorer/indicator?indicator=masscan%2F1.3%20%28https%3A%2F%2Fgithub.com%2Frobertdavidgraham%2Fmasscan%29"
+        },
+        "response": {
+          "bodySize": 855,
+          "content": {
+            "mimeType": "application/vnd.api+json",
+            "size": 855,
+            "text": "{\"data\":{\"id\":\"65a31893-cc59-4125-9424-44f7ba083e53\",\"type\":\"get_indicator_response\",\"attributes\":{\"data\":{\"id\":\"masscan/1.3 (https://github.com/robertdavidgraham/masscan)\",\"indicator\":\"masscan/1.3 (https://github.com/robertdavidgraham/masscan)\",\"indicator_type\":\"User Agent\",\"score\":4,\"as_type\":\"hosting\",\"malicious_sources\":null,\"suspicious_sources\":[{\"name\":\"Datadog Threat Research\"}],\"benign_sources\":null,\"categories\":[\"scanner\"],\"tags\":[],\"signal_matches\":0,\"log_matches\":45,\"first_seen\":\"2025-01-08T23:24:45Z\",\"last_seen\":\"2026-04-10T14:36:20Z\",\"signal_tier\":0,\"max_trust_score\":\"RAISE_SCORE\",\"m_sources\":\"NO_EFFECT\",\"m_persistence\":\"RAISE_SCORE\",\"m_signal\":\"NO_EFFECT\",\"m_as_type\":\"NO_EFFECT\",\"log_sources\":[],\"services\":[],\"signal_severity\":[],\"users\":{},\"critical_assets\":[],\"hosts\":[],\"as_number\":\"\",\"as_organization\":\"\",\"as_cidr_block\":\"\"}}}}"
+          },
+          "cookies": [],
+          "headers": [
+            {
+              "name": "content-type",
+              "value": "application/vnd.api+json"
+            }
+          ],
+          "headersSize": 526,
+          "httpVersion": "HTTP/1.1",
+          "redirectURL": "",
+          "status": 200,
+          "statusText": "OK"
+        },
+        "startedDateTime": "2026-04-14T18:22:29.744Z",
+        "time": 1461
+      }
+    ],
+    "pages": [],
+    "version": "1.2"
+  }
+}
@@ -0,0 +1 @@
+"2026-04-14T18:22:40.711Z"
@@ -0,0 +1,62 @@
+{
+  "log": {
+    "_recordingName": "Security Monitoring/List indicators of compromise returns \"Bad Request\" response",
+    "creator": {
+      "comment": "persister:fs",
+      "name": "Polly.JS",
+      "version": "6.0.5"
+    },
+    "entries": [
+      {
+        "_id": "02b5fd499f5dcaf4c0c97eb95adecf70",
+        "_order": 0,
+        "cache": {},
+        "request": {
+          "bodySize": 0,
+          "cookies": [],
+          "headers": [
+            {
+              "_fromType": "array",
+              "name": "accept",
+              "value": "application/json"
+            }
+          ],
+          "headersSize": 586,
+          "httpVersion": "HTTP/1.1",
+          "method": "GET",
+          "queryString": [
+            {
+              "name": "query",
+              "value": "invalid:::query"
+            }
+          ],
+          "url": "https://api.datadoghq.com/api/v2/security/siem/ioc-explorer?query=invalid%3A%3A%3Aquery"
+        },
+        "response": {
+          "bodySize": 166,
+          "content": {
+            "mimeType": "application/vnd.api+json",
+            "size": 166,
+            "text": "{\"errors\":[{\"title\":\"Generic Error\",\"detail\":\"invalid query: invalid query: syntax error: no viable alternative at input 'invalid::' at line 1 and char position 8\"}]}"
+          },
+          "cookies": [],
+          "headers": [
+            {
+              "name": "content-type",
+              "value": "application/vnd.api+json"
+            }
+          ],
+          "headersSize": 525,
+          "httpVersion": "HTTP/1.1",
+          "redirectURL": "",
+          "status": 400,
+          "statusText": "Bad Request"
+        },
+        "startedDateTime": "2026-04-14T18:22:40.719Z",
+        "time": 507
+      }
+    ],
+    "pages": [],
+    "version": "1.2"
+  }
+}
@@ -0,0 +1 @@
+"2026-04-14T18:22:48.392Z"
@@ -0,0 +1,62 @@
+{
+  "log": {
+    "_recordingName": "Security Monitoring/List indicators of compromise returns \"OK\" response",
+    "creator": {
+      "comment": "persister:fs",
+      "name": "Polly.JS",
+      "version": "6.0.5"
+    },
+    "entries": [
+      {
+        "_id": "6fab925a65ec0cad89aaa6c228f598ee",
+        "_order": 0,
+        "cache": {},
+        "request": {
+          "bodySize": 0,
+          "cookies": [],
+          "headers": [
+            {
+              "_fromType": "array",
+              "name": "accept",
+              "value": "application/json"
+            }
+          ],
+          "headersSize": 566,
+          "httpVersion": "HTTP/1.1",
+          "method": "GET",
+          "queryString": [
+            {
+              "name": "limit",
+              "value": "1"
+            }
+          ],
+          "url": "https://api.datadoghq.com/api/v2/security/siem/ioc-explorer?limit=1"
+        },
+        "response": {
+          "bodySize": 715,
+          "content": {
+            "mimeType": "application/vnd.api+json",
+            "size": 715,
+            "text": "{\"data\":{\"id\":\"a4e3b616-e180-4b47-a379-43da9c5b300e\",\"type\":\"ioc_explorer_response\",\"attributes\":{\"data\":[{\"id\":\"43.228.157.121\",\"indicator\":\"43.228.157.121\",\"indicator_type\":\"IP Address\",\"score\":8,\"as_type\":\"hosting\",\"malicious_sources\":[{\"name\":\"threatfox\"}],\"suspicious_sources\":[{\"name\":\"tor\"},{\"name\":\"SPUR\"}],\"benign_sources\":null,\"categories\":[\"malware\",\"tor\",\"hosting_proxy\"],\"tags\":[],\"signal_matches\":0,\"log_matches\":14,\"signal_tier\":0,\"max_trust_score\":\"RAISE_SCORE\",\"m_sources\":\"RAISE_SCORE\",\"m_persistence\":\"NO_EFFECT\",\"m_signal\":\"NO_EFFECT\",\"m_as_type\":\"NO_EFFECT\",\"as_geo\":{\"city\":\"Frankfurt am Main\",\"country_code\":\"DE\",\"country_name\":\"Germany\"}}],\"metadata\":{\"count\":25091},\"paging\":{\"offset\":1}}}}"
+          },
+          "cookies": [],
+          "headers": [
+            {
+              "name": "content-type",
+              "value": "application/vnd.api+json"
+            }
+          ],
+          "headersSize": 525,
+          "httpVersion": "HTTP/1.1",
+          "redirectURL": "",
+          "status": 200,
+          "statusText": "OK"
+        },
+        "startedDateTime": "2026-04-14T18:22:48.401Z",
+        "time": 1221
+      }
+    ],
+    "pages": [],
+    "version": "1.2"
+  }
+}
@@ -0,0 +1,22 @@
+/**
+ * Get an indicator of compromise returns "OK" response
+ */
+
+import { client, v2 } from "@datadog/datadog-api-client";
+
+const configuration = client.createConfiguration();
+configuration.unstableOperations["v2.getIndicatorOfCompromise"] = true;
+const apiInstance = new v2.SecurityMonitoringApi(configuration);
+
+const params: v2.SecurityMonitoringApiGetIndicatorOfCompromiseRequest = {
+  indicator: "masscan/1.3 (https://github.com/robertdavidgraham/masscan)",
+};
+
+apiInstance
+  .getIndicatorOfCompromise(params)
+  .then((data: v2.GetIoCIndicatorResponse) => {
+    console.log(
+      "API called successfully. Returned data: " + JSON.stringify(data)
+    );
+  })
+  .catch((error: any) => console.error(error));
@@ -0,0 +1,22 @@
+/**
+ * List indicators of compromise returns "OK" response
+ */
+
+import { client, v2 } from "@datadog/datadog-api-client";
+
+const configuration = client.createConfiguration();
+configuration.unstableOperations["v2.listIndicatorsOfCompromise"] = true;
+const apiInstance = new v2.SecurityMonitoringApi(configuration);
+
+const params: v2.SecurityMonitoringApiListIndicatorsOfCompromiseRequest = {
+  limit: 1,
+};
+
+apiInstance
+  .listIndicatorsOfCompromise(params)
+  .then((data: v2.IoCExplorerListResponse) => {
+    console.log(
+      "API called successfully. Returned data: " + JSON.stringify(data)
+    );
+  })
+  .catch((error: any) => console.error(error));
@@ -4486,6 +4486,36 @@ export const ScenariosModelMappings: {[key: string]: {[key: string]: any}} = {
             },
         "operationResponseType": "ScannedAssetsMetadata",
     },
+    "v2.ListIndicatorsOfCompromise": {
+        "limit": {
+            "type": "number",
+            "format": "int32",
+            },
+        "offset": {
+            "type": "number",
+            "format": "int32",
+            },
+        "query": {
+            "type": "string",
+            "format": "",
+            },
+        "sortColumn": {
+            "type": "string",
+            "format": "",
+            },
+        "sortOrder": {
+            "type": "string",
+            "format": "",
+            },
+        "operationResponseType": "IoCExplorerListResponse",
+    },
+    "v2.GetIndicatorOfCompromise": {
+        "indicator": {
+            "type": "string",
+            "format": "",
+            },
+        "operationResponseType": "GetIoCIndicatorResponse",
+    },
     "v2.GetSignalNotificationRules": {
         "operationResponseType": "NotificationRulesList",
     },

@@ -1298,6 +1298,30 @@ Feature: Security Monitoring
     Then the response status is 200 OK
     And the response "data[0].attributes.name" is equal to "suppression2 {{ unique_hash }}"
 
+  @generated @skip @team:DataDog/k9-cloud-siem
+  Scenario: Get an indicator of compromise returns "Bad Request" response
+    Given operation "GetIndicatorOfCompromise" enabled
+    And new "GetIndicatorOfCompromise" request
+    And request contains "indicator" parameter from "REPLACE.ME"
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @replay-only @skip-terraform-config @team:DataDog/k9-cloud-siem
+  Scenario: Get an indicator of compromise returns "Not Found" response
+    Given operation "GetIndicatorOfCompromise" enabled
+    And new "GetIndicatorOfCompromise" request
+    And request contains "indicator" parameter with value "this-indicator-does-not-exist.invalid"
+    When the request is sent
+    Then the response status is 404 Not Found
+
+  @replay-only @skip-terraform-config @team:DataDog/k9-cloud-siem
+  Scenario: Get an indicator of compromise returns "OK" response
+    Given operation "GetIndicatorOfCompromise" enabled
+    And new "GetIndicatorOfCompromise" request
+    And request contains "indicator" parameter with value "masscan/1.3 (https://github.com/robertdavidgraham/masscan)"
+    When the request is sent
+    Then the response status is 200 OK
+
   @generated @skip @team:DataDog/k9-cloud-siem
   Scenario: Get content pack states returns "Not Found" response
     Given operation "GetContentPacksStates" enabled
@@ -1573,6 +1597,22 @@ Feature: Security Monitoring
     When the request is sent
     Then the response status is 200 OK
 
+  @replay-only @skip-terraform-config @team:DataDog/k9-cloud-siem
+  Scenario: List indicators of compromise returns "Bad Request" response
+    Given operation "ListIndicatorsOfCompromise" enabled
+    And new "ListIndicatorsOfCompromise" request
+    And request contains "query" parameter with value "invalid:::query"
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @replay-only @skip-terraform-config @team:DataDog/k9-cloud-siem
+  Scenario: List indicators of compromise returns "OK" response
+    Given operation "ListIndicatorsOfCompromise" enabled
+    And new "ListIndicatorsOfCompromise" request
+    And request contains "limit" parameter with value 1
+    When the request is sent
+    Then the response status is 200 OK
+
   @team:DataDog/k9-cloud-siem
   Scenario: List resource filters returns "Bad Request" response
     Given new "GetResourceEvaluationFilters" request