Document PATCH /signals/bulk/update and /signals/{signal_id}/update endpoints for security monitoring

.generator/schemas/v2/openapi.yaml

@@ -64029,6 +64029,38 @@ components:
       type: string
       x-enum-varnames:
         - SIGNAL
+    SecurityMonitoringSignalUpdateAttributes:
+      description: Attributes for updating one or more triage attributes of a security signal.
+      properties:
+        archive_comment:
+          $ref: "#/components/schemas/SecurityMonitoringSignalArchiveComment"
+        archive_reason:
+          $ref: "#/components/schemas/SecurityMonitoringSignalArchiveReason"
+        assignee:
+          $ref: "#/components/schemas/SecurityMonitoringTriageUser"
+        state:
+          $ref: "#/components/schemas/SecurityMonitoringSignalState"
+        version:
+          $ref: "#/components/schemas/SecurityMonitoringSignalVersion"
+      type: object
+    SecurityMonitoringSignalUpdateData:
+      description: Data containing the triage update for a security signal.
+      properties:
+        attributes:
+          $ref: "#/components/schemas/SecurityMonitoringSignalUpdateAttributes"
+        type:
+          $ref: "#/components/schemas/SecurityMonitoringSignalMetadataType"
+      required:
+        - attributes
+      type: object
+    SecurityMonitoringSignalUpdateRequest:
+      description: Request body for updating the triage attributes of a security signal.
+      properties:
+        data:
+          $ref: "#/components/schemas/SecurityMonitoringSignalUpdateData"
+      required:
+        - data
+      type: object
     SecurityMonitoringSignalVersion:
       description: Version of the updated signal. If server side version is higher, update will be rejected.
       format: int64
@@ -64182,6 +64214,33 @@ components:
         - count
         - events
       type: object
+    SecurityMonitoringSignalsBulkUpdateData:
+      description: Data for updating a single security signal in a bulk update operation.
+      properties:
+        attributes:
+          $ref: "#/components/schemas/SecurityMonitoringSignalUpdateAttributes"
+        id:
+          description: The unique ID of the security signal.
+          example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA
+          type: string
+        type:
+          $ref: "#/components/schemas/SecurityMonitoringSignalType"
+      required:
+        - id
+        - attributes
+      type: object
+    SecurityMonitoringSignalsBulkUpdateRequest:
+      description: Request body for updating multiple attributes of multiple security signals.
+      properties:
+        data:
+          description: An array of signal updates.
+          items:
+            $ref: "#/components/schemas/SecurityMonitoringSignalsBulkUpdateData"
+          maxItems: 199
+          type: array
+      required:
+        - data
+      type: object
     SecurityMonitoringSignalsListResponse:
       description: "The response object with all security signals matching the request\nand pagination information."
       properties:
@@ -114190,6 +114249,51 @@ paths:
         operator: OR
         permissions:
           - security_monitoring_signals_write
+  /api/v2/security_monitoring/signals/bulk/update:
+    patch:
+      description: |-
+        Update one or more triage attributes of multiple security signals at once.
+        The maximum number of signals that can be updated in a single request is 199.
+      operationId: BulkEditSecurityMonitoringSignals
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/SecurityMonitoringSignalsBulkUpdateRequest"
+        description: Attributes describing the signal updates.
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/SecurityMonitoringSignalsBulkTriageUpdateResponse"
+          description: OK
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/JSONAPIErrorResponse"
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/JSONAPIErrorResponse"
+          description: Forbidden
+        "429":
+          $ref: "#/components/responses/TooManyRequestsResponse"
+      security:
+        - apiKeyAuth: []
+          appKeyAuth: []
+        - AuthZ: []
+      summary: Bulk update security signals
+      tags: ["Security Monitoring"]
+      x-codegen-request-body-name: body
+      "x-permission":
+        operator: OR
+        permissions:
+          - security_monitoring_signals_write
   /api/v2/security_monitoring/signals/search:
     post:
       description: |-
@@ -114479,6 +114583,58 @@ paths:
         permissions:
           - security_monitoring_rules_read
           - security_monitoring_signals_read
+  /api/v2/security_monitoring/signals/{signal_id}/update:
+    patch:
+      description: |-
+        Update one or more triage attributes of a security signal.
+      operationId: EditSecurityMonitoringSignal
+      parameters:
+        - $ref: "#/components/parameters/SignalID"
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/SecurityMonitoringSignalUpdateRequest"
+        description: Attributes describing the signal triage update.
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/SecurityMonitoringSignalTriageUpdateResponse"
+          description: OK
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/JSONAPIErrorResponse"
+          description: Bad Request
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/JSONAPIErrorResponse"
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/JSONAPIErrorResponse"
+          description: Not Found
+        "429":
+          $ref: "#/components/responses/TooManyRequestsResponse"
+      security:
+        - apiKeyAuth: []
+          appKeyAuth: []
+        - AuthZ: []
+      summary: Update a security signal's triage attributes
+      tags: ["Security Monitoring"]
+      x-codegen-request-body-name: body
+      "x-permission":
+        operator: OR
+        permissions:
+          - security_monitoring_signals_write
   /api/v2/security_monitoring/terraform/{resource_type}/bulk:
     post:
       description: |-

examples/v2/security-monitoring/BulkEditSecurityMonitoringSignals.ts

@@ -0,0 +1,37 @@
+/**
+ * Bulk update security signals returns "OK" response
+ */
+
+import { client, v2 } from "@datadog/datadog-api-client";
+
+const configuration = client.createConfiguration();
+const apiInstance = new v2.SecurityMonitoringApi(configuration);
+
+const params: v2.SecurityMonitoringApiBulkEditSecurityMonitoringSignalsRequest =
+  {
+    body: {
+      data: [
+        {
+          attributes: {
+            archiveReason: "none",
+            assignee: {
+              name: undefined,
+              uuid: "773b045d-ccf8-4808-bd3b-955ef6a8c940",
+            },
+            state: "open",
+          },
+          id: "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA",
+          type: "signal",
+        },
+      ],
+    },
+  };
+
+apiInstance
+  .bulkEditSecurityMonitoringSignals(params)
+  .then((data: v2.SecurityMonitoringSignalsBulkTriageUpdateResponse) => {
+    console.log(
+      "API called successfully. Returned data: " + JSON.stringify(data)
+    );
+  })
+  .catch((error: any) => console.error(error));

examples/v2/security-monitoring/EditSecurityMonitoringSignal.ts

@@ -0,0 +1,34 @@
+/**
+ * Update a security signal's triage attributes returns "OK" response
+ */
+
+import { client, v2 } from "@datadog/datadog-api-client";
+
+const configuration = client.createConfiguration();
+const apiInstance = new v2.SecurityMonitoringApi(configuration);
+
+const params: v2.SecurityMonitoringApiEditSecurityMonitoringSignalRequest = {
+  body: {
+    data: {
+      attributes: {
+        archiveReason: "none",
+        assignee: {
+          name: undefined,
+          uuid: "773b045d-ccf8-4808-bd3b-955ef6a8c940",
+        },
+        state: "open",
+      },
+      type: "signal_metadata",
+    },
+  },
+  signalId: "signal_id",
+};
+
+apiInstance
+  .editSecurityMonitoringSignal(params)
+  .then((data: v2.SecurityMonitoringSignalTriageUpdateResponse) => {
+    console.log(
+      "API called successfully. Returned data: " + JSON.stringify(data)
+    );
+  })
+  .catch((error: any) => console.error(error));

features/support/scenarios_model_mapping.ts

@@ -5166,6 +5166,13 @@ export const ScenariosModelMappings: {[key: string]: {[key: string]: any}} = {
             },
         "operationResponseType": "SecurityMonitoringSignalsBulkTriageUpdateResponse",
     },
+    "v2.BulkEditSecurityMonitoringSignals": {
+        "body": {
+            "type": "SecurityMonitoringSignalsBulkUpdateRequest",
+            "format": "",
+            },
+        "operationResponseType": "SecurityMonitoringSignalsBulkTriageUpdateResponse",
+    },
     "v2.SearchSecurityMonitoringSignals": {
         "body": {
             "type": "SecurityMonitoringSignalListRequest",
@@ -5227,6 +5234,17 @@ export const ScenariosModelMappings: {[key: string]: {[key: string]: any}} = {
             },
         "operationResponseType": "SecurityMonitoringSignalSuggestedActionsResponse",
     },
+    "v2.EditSecurityMonitoringSignal": {
+        "signalId": {
+            "type": "string",
+            "format": "",
+            },
+        "body": {
+            "type": "SecurityMonitoringSignalUpdateRequest",
+            "format": "",
+            },
+        "operationResponseType": "SecurityMonitoringSignalTriageUpdateResponse",
+    },
     "v2.BulkExportSecurityMonitoringTerraformResources": {
         "resourceType": {
             "type": "SecurityMonitoringTerraformResourceType",

features/v2/security_monitoring.feature

@@ -121,6 +121,20 @@ Feature: Security Monitoring
     When the request is sent
     Then the response status is 200 OK
 
+  @generated @skip @team:DataDog/k9-cloud-siem
+  Scenario: Bulk update security signals returns "Bad Request" response
+    Given new "BulkEditSecurityMonitoringSignals" request
+    And body with value {"data": [{"attributes": {"archive_reason": "none", "assignee": {"name": null, "uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"}, "state": "open"}, "id": "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA", "type": "signal"}]}
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @generated @skip @team:DataDog/k9-cloud-siem
+  Scenario: Bulk update security signals returns "OK" response
+    Given new "BulkEditSecurityMonitoringSignals" request
+    And body with value {"data": [{"attributes": {"archive_reason": "none", "assignee": {"name": null, "uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"}, "state": "open"}, "id": "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA", "type": "signal"}]}
+    When the request is sent
+    Then the response status is 200 OK
+
   @skip @team:DataDog/k9-cloud-siem
   Scenario: Bulk update triage assignee of security signals returns "Bad Request" response
     Given operation "BulkEditSecurityMonitoringSignalsAssignee" enabled
@@ -2188,6 +2202,30 @@ Feature: Security Monitoring
     And the response "data.attributes.filtered_data_type" is equal to "logs"
     And the response "data.attributes.name" is equal to "{{ unique }}"
 
+  @generated @skip @team:DataDog/k9-cloud-siem
+  Scenario: Update a security signal's triage attributes returns "Bad Request" response
+    Given new "EditSecurityMonitoringSignal" request
+    And request contains "signal_id" parameter from "REPLACE.ME"
+    And body with value {"data": {"attributes": {"archive_reason": "none", "assignee": {"name": null, "uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"}, "state": "open"}, "type": "signal_metadata"}}
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @generated @skip @team:DataDog/k9-cloud-siem
+  Scenario: Update a security signal's triage attributes returns "Not Found" response
+    Given new "EditSecurityMonitoringSignal" request
+    And request contains "signal_id" parameter from "REPLACE.ME"
+    And body with value {"data": {"attributes": {"archive_reason": "none", "assignee": {"name": null, "uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"}, "state": "open"}, "type": "signal_metadata"}}
+    When the request is sent
+    Then the response status is 404 Not Found
+
+  @generated @skip @team:DataDog/k9-cloud-siem
+  Scenario: Update a security signal's triage attributes returns "OK" response
+    Given new "EditSecurityMonitoringSignal" request
+    And request contains "signal_id" parameter from "REPLACE.ME"
+    And body with value {"data": {"attributes": {"archive_reason": "none", "assignee": {"name": null, "uuid": "773b045d-ccf8-4808-bd3b-955ef6a8c940"}, "state": "open"}, "type": "signal_metadata"}}
+    When the request is sent
+    Then the response status is 200 OK
+
   @generated @skip @team:DataDog/k9-cloud-siem
   Scenario: Update a suppression rule returns "Bad Request" response
     Given new "UpdateSecurityMonitoringSuppression" request

features/v2/undo.json

@@ -5674,6 +5674,12 @@
       "type": "idempotent"
     }
   },
+  "BulkEditSecurityMonitoringSignals": {
+    "tag": "Security Monitoring",
+    "undo": {
+      "type": "idempotent"
+    }
+  },
   "SearchSecurityMonitoringSignals": {
     "tag": "Security Monitoring",
     "undo": {
@@ -5716,6 +5722,12 @@
       "type": "safe"
     }
   },
+  "EditSecurityMonitoringSignal": {
+    "tag": "Security Monitoring",
+    "undo": {
+      "type": "idempotent"
+    }
+  },
   "BulkExportSecurityMonitoringTerraformResources": {
     "tag": "Security Monitoring",
     "undo": {