Regenerate client from commit fbc68fb of spec repo

ci.datadog-api-spec · ci.datadog-api-spec · commit ec8ec5e55248 · 2026-04-15T13:11:47.000Z
diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml
@@ -60787,19 +60787,23 @@ components:
         - DONE
         - TIMEOUT
     SecurityMonitoringContentPackActivation:
-      description: The activation status of a content pack
+      description: The activation lifecycle state of a content pack.
       enum:
         - never_activated
         - activated
         - deactivated
       example: activated
       type: string
+      x-enum-descriptions:
+        - Pack has never been activated for this organization.
+        - Pack is currently activated.
+        - Pack was previously activated but has since been deactivated.
       x-enum-varnames:
         - NEVER_ACTIVATED
         - ACTIVATED
         - DEACTIVATED
     SecurityMonitoringContentPackIntegrationStatus:
-      description: The installation status of the related integration
+      description: The installation status of the related Datadog integration.
       enum:
         - installed
         - available
@@ -60808,6 +60812,12 @@ components:
         - error
       example: installed
       type: string
+      x-enum-descriptions:
+        - Integration is fully installed.
+        - Integration exists in the catalog but is not installed.
+        - Integration is only partially configured.
+        - Integration detected (for example, logs are flowing) but not explicitly installed.
+        - Integration is in an error state.
       x-enum-varnames:
         - INSTALLED
         - AVAILABLE
@@ -60824,15 +60834,16 @@ components:
         cp_activation:
           $ref: "#/components/schemas/SecurityMonitoringContentPackActivation"
         filters_configured_for_logs:
-          description: Whether filters (Security Filters or Index Query depending on the pricing model) are configured for logs
+          description: Whether filters (Security Filters or Index Query depending on the pricing model) are present and correctly configured to route logs into Cloud SIEM.
           example: true
           type: boolean
         integration_installed_status:
           $ref: "#/components/schemas/SecurityMonitoringContentPackIntegrationStatus"
         logs_last_collected:
           $ref: "#/components/schemas/SecurityMonitoringContentPackTimestampBucket"
         logs_seen_from_any_index:
-          description: Whether logs have been seen from any index
+          description: >-
+            Whether logs for this content pack have been seen in any Datadog index within the last 72 hours, regardless of whether the Cloud SIEM filter is configured.
           example: true
           type: boolean
         state:
@@ -60897,7 +60908,7 @@ components:
         - meta
       type: object
     SecurityMonitoringContentPackStatus:
-      description: The current status of a content pack
+      description: The current operational status of a content pack.
       enum:
         - install
         - activate
@@ -60907,6 +60918,13 @@ components:
         - broken
       example: active
       type: string
+      x-enum-descriptions:
+        - Not activated; no logs detected in the last 72 hours.
+        - Not activated; logs are flowing into a Datadog index but not yet routed through Cloud SIEM.
+        - Activated; awaiting first log ingestion.
+        - Activated; logs received within the last 24 hours.
+        - Activated; integration not installed or logs last seen 24 to 72 hours ago.
+        - Activated; no logs for over 72 hours, filter missing, or Cloud SIEM index incorrectly ordered.
       x-enum-varnames:
         - INSTALL
         - ACTIVATE
@@ -60915,7 +60933,7 @@ components:
         - WARNING
         - BROKEN
     SecurityMonitoringContentPackTimestampBucket:
-      description: Timestamp bucket indicating when logs were last collected
+      description: When logs were last collected through the content pack's Cloud SIEM filter or index query.
       enum:
         - not_seen
         - within_24_hours
@@ -60924,6 +60942,12 @@ components:
         - over_30d
       example: within_24_hours
       type: string
+      x-enum-descriptions:
+        - No logs observed.
+        - Logs received within the last 24 hours.
+        - Logs last seen 24 to 72 hours ago.
+        - Logs last seen 3 to 30 days ago.
+        - Logs last seen more than 30 days ago.
       x-enum-varnames:
         - NOT_SEEN
         - WITHIN_24_HOURS
@@ -62014,7 +62038,7 @@ components:
         - $ref: "#/components/schemas/SecurityMonitoringSignalRulePayload"
         - $ref: "#/components/schemas/CloudConfigurationRulePayload"
     SecurityMonitoringSKU:
-      description: The SIEM pricing model (SKU) for the organization
+      description: The Cloud SIEM pricing model (SKU) for the organization.
       enum:
         - per_gb_analyzed
         - per_event_in_siem_index_2023
@@ -111561,10 +111585,7 @@ paths:
         - Security Monitoring
   /api/v2/security_monitoring/content_packs/states:
     get:
-      description: |-
-        Get the activation and configuration states for all security monitoring content packs.
-        This endpoint returns status information about each content pack including activation state,
-        integration status, and log collection status.
+      description: Get the activation and operational state for all Cloud SIEM content packs.
       operationId: GetContentPacksStates
       responses:
         "200":
@@ -111574,11 +111595,7 @@ paths:
                 $ref: "#/components/schemas/SecurityMonitoringContentPackStatesResponse"
           description: OK
         "403":
-          content:
-            application/json:
-              schema:
-                $ref: "#/components/schemas/JSONAPIErrorResponse"
-          description: Forbidden
+          $ref: "#/components/responses/NotAuthorizedResponse"
         "404":
           content:
             application/json:
@@ -111587,21 +111604,31 @@ paths:
           description: Not Found
         "429":
           $ref: "#/components/responses/TooManyRequestsResponse"
+      security:
+        - apiKeyAuth: []
+          appKeyAuth: []
+        - AuthZ:
+            - security_monitoring_filters_read
       summary: Get content pack states
       tags:
         - Security Monitoring
+      "x-permission":
+        operator: OR
+        permissions:
+          - security_monitoring_filters_read
+          - logs_read_index_data
       x-unstable: |-
         **Note**: This endpoint is in preview and is subject to change.
         If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
   /api/v2/security_monitoring/content_packs/{content_pack_id}/activate:
     put:
       description: |-
-        Activate a security monitoring content pack. This operation configures the necessary
+        Activate a Cloud SIEM content pack. This operation configures the necessary
         log filters or security filters depending on the pricing model and updates the content
         pack activation state.
       operationId: ActivateContentPack
       parameters:
-        - description: The ID of the content pack to activate.
+        - description: The ID of the content pack to activate (for example, `aws-cloudtrail`).
           in: path
           name: content_pack_id
           required: true
@@ -111612,11 +111639,7 @@ paths:
         "202":
           description: Accepted
         "403":
-          content:
-            application/json:
-              schema:
-                $ref: "#/components/schemas/JSONAPIErrorResponse"
-          description: Forbidden
+          $ref: "#/components/responses/NotAuthorizedResponse"
         "404":
           content:
             application/json:
@@ -111625,20 +111648,30 @@ paths:
           description: Not Found
         "429":
           $ref: "#/components/responses/TooManyRequestsResponse"
+      security:
+        - apiKeyAuth: []
+          appKeyAuth: []
+        - AuthZ:
+            - security_monitoring_filters_write
       summary: Activate content pack
       tags:
         - Security Monitoring
+      "x-permission":
+        operator: OR
+        permissions:
+          - security_monitoring_filters_write
+          - logs_modify_indexes
       x-unstable: |-
         **Note**: This endpoint is in preview and is subject to change.
         If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
   /api/v2/security_monitoring/content_packs/{content_pack_id}/deactivate:
     put:
       description: |-
-        Deactivate a security monitoring content pack. This operation removes the content pack's
+        Deactivate a Cloud SIEM content pack. This operation removes the content pack's
         configuration from log filters or security filters and updates the content pack activation state.
       operationId: DeactivateContentPack
       parameters:
-        - description: The ID of the content pack to deactivate.
+        - description: The ID of the content pack to deactivate (for example, `aws-cloudtrail`).
           in: path
           name: content_pack_id
           required: true
@@ -111649,11 +111682,7 @@ paths:
         "202":
           description: Accepted
         "403":
-          content:
-            application/json:
-              schema:
-                $ref: "#/components/schemas/JSONAPIErrorResponse"
-          description: Forbidden
+          $ref: "#/components/responses/NotAuthorizedResponse"
         "404":
           content:
             application/json:
@@ -111662,9 +111691,19 @@ paths:
           description: Not Found
         "429":
           $ref: "#/components/responses/TooManyRequestsResponse"
+      security:
+        - apiKeyAuth: []
+          appKeyAuth: []
+        - AuthZ:
+            - security_monitoring_filters_write
       summary: Deactivate content pack
       tags:
         - Security Monitoring
+      "x-permission":
+        operator: OR
+        permissions:
+          - security_monitoring_filters_write
+          - logs_modify_indexes
       x-unstable: |-
         **Note**: This endpoint is in preview and is subject to change.
         If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
diff --git a/src/datadogV2/api/api_security_monitoring.rs b/src/datadogV2/api/api_security_monitoring.rs
@@ -1156,8 +1156,8 @@ impl SearchSecurityMonitoringSignalsOptionalParams {
 #[derive(Debug, Clone, Serialize, Deserialize)]
 #[serde(untagged)]
 pub enum ActivateContentPackError {
-    JSONAPIErrorResponse(crate::datadogV2::model::JSONAPIErrorResponse),
     APIErrorResponse(crate::datadogV2::model::APIErrorResponse),
+    JSONAPIErrorResponse(crate::datadogV2::model::JSONAPIErrorResponse),
     UnknownValue(serde_json::Value),
 }
 
@@ -1311,8 +1311,8 @@ pub enum CreateVulnerabilityNotificationRuleError {
 #[derive(Debug, Clone, Serialize, Deserialize)]
 #[serde(untagged)]
 pub enum DeactivateContentPackError {
-    JSONAPIErrorResponse(crate::datadogV2::model::JSONAPIErrorResponse),
     APIErrorResponse(crate::datadogV2::model::APIErrorResponse),
+    JSONAPIErrorResponse(crate::datadogV2::model::JSONAPIErrorResponse),
     UnknownValue(serde_json::Value),
 }
 
@@ -1416,8 +1416,8 @@ pub enum EditSecurityMonitoringSignalStateError {
 #[derive(Debug, Clone, Serialize, Deserialize)]
 #[serde(untagged)]
 pub enum GetContentPacksStatesError {
-    JSONAPIErrorResponse(crate::datadogV2::model::JSONAPIErrorResponse),
     APIErrorResponse(crate::datadogV2::model::APIErrorResponse),
+    JSONAPIErrorResponse(crate::datadogV2::model::JSONAPIErrorResponse),
     UnknownValue(serde_json::Value),
 }
 
@@ -1942,7 +1942,7 @@ impl SecurityMonitoringAPI {
         Self { config, client }
     }
 
-    /// Activate a security monitoring content pack. This operation configures the necessary
+    /// Activate a Cloud SIEM content pack. This operation configures the necessary
     /// log filters or security filters depending on the pricing model and updates the content
     /// pack activation state.
     pub async fn activate_content_pack(
@@ -1958,7 +1958,7 @@ impl SecurityMonitoringAPI {
         }
     }
 
-    /// Activate a security monitoring content pack. This operation configures the necessary
+    /// Activate a Cloud SIEM content pack. This operation configures the necessary
     /// log filters or security filters depending on the pricing model and updates the content
     /// pack activation state.
     pub async fn activate_content_pack_with_http_info(
@@ -4787,7 +4787,7 @@ impl SecurityMonitoringAPI {
         }
     }
 
-    /// Deactivate a security monitoring content pack. This operation removes the content pack's
+    /// Deactivate a Cloud SIEM content pack. This operation removes the content pack's
     /// configuration from log filters or security filters and updates the content pack activation state.
     pub async fn deactivate_content_pack(
         &self,
@@ -4802,7 +4802,7 @@ impl SecurityMonitoringAPI {
         }
     }
 
-    /// Deactivate a security monitoring content pack. This operation removes the content pack's
+    /// Deactivate a Cloud SIEM content pack. This operation removes the content pack's
     /// configuration from log filters or security filters and updates the content pack activation state.
     pub async fn deactivate_content_pack_with_http_info(
         &self,
@@ -6283,9 +6283,7 @@ impl SecurityMonitoringAPI {
         }
     }
 
-    /// Get the activation and configuration states for all security monitoring content packs.
-    /// This endpoint returns status information about each content pack including activation state,
-    /// integration status, and log collection status.
+    /// Get the activation and operational state for all Cloud SIEM content packs.
     pub async fn get_content_packs_states(
         &self,
     ) -> Result<
@@ -6306,9 +6304,7 @@ impl SecurityMonitoringAPI {
         }
     }
 
-    /// Get the activation and configuration states for all security monitoring content packs.
-    /// This endpoint returns status information about each content pack including activation state,
-    /// integration status, and log collection status.
+    /// Get the activation and operational state for all Cloud SIEM content packs.
     pub async fn get_content_packs_states_with_http_info(
         &self,
     ) -> Result<
diff --git a/src/datadogV2/model/model_security_monitoring_content_pack_state_attributes.rs b/src/datadogV2/model/model_security_monitoring_content_pack_state_attributes.rs
@@ -14,23 +14,23 @@ pub struct SecurityMonitoringContentPackStateAttributes {
     /// Whether the cloud SIEM index configuration is incorrect (only applies to certain pricing models)
     #[serde(rename = "cloud_siem_index_incorrect")]
     pub cloud_siem_index_incorrect: bool,
-    /// The activation status of a content pack
+    /// The activation lifecycle state of a content pack.
     #[serde(rename = "cp_activation")]
     pub cp_activation: crate::datadogV2::model::SecurityMonitoringContentPackActivation,
-    /// Whether filters (Security Filters or Index Query depending on the pricing model) are configured for logs
+    /// Whether filters (Security Filters or Index Query depending on the pricing model) are present and correctly configured to route logs into Cloud SIEM.
     #[serde(rename = "filters_configured_for_logs")]
     pub filters_configured_for_logs: bool,
-    /// The installation status of the related integration
+    /// The installation status of the related Datadog integration.
     #[serde(rename = "integration_installed_status")]
     pub integration_installed_status:
         Option<crate::datadogV2::model::SecurityMonitoringContentPackIntegrationStatus>,
-    /// Timestamp bucket indicating when logs were last collected
+    /// When logs were last collected through the content pack's Cloud SIEM filter or index query.
     #[serde(rename = "logs_last_collected")]
     pub logs_last_collected: crate::datadogV2::model::SecurityMonitoringContentPackTimestampBucket,
-    /// Whether logs have been seen from any index
+    /// Whether logs for this content pack have been seen in any Datadog index within the last 72 hours, regardless of whether the Cloud SIEM filter is configured.
     #[serde(rename = "logs_seen_from_any_index")]
     pub logs_seen_from_any_index: bool,
-    /// The current status of a content pack
+    /// The current operational status of a content pack.
     #[serde(rename = "state")]
     pub state: crate::datadogV2::model::SecurityMonitoringContentPackStatus,
     #[serde(flatten)]
diff --git a/src/datadogV2/model/model_security_monitoring_content_pack_state_meta.rs b/src/datadogV2/model/model_security_monitoring_content_pack_state_meta.rs
@@ -14,7 +14,7 @@ pub struct SecurityMonitoringContentPackStateMeta {
     /// Whether the cloud SIEM index configuration is incorrect at the organization level
     #[serde(rename = "cloud_siem_index_incorrect")]
     pub cloud_siem_index_incorrect: bool,
-    /// The SIEM pricing model (SKU) for the organization
+    /// The Cloud SIEM pricing model (SKU) for the organization.
     #[serde(rename = "sku")]
     pub sku: crate::datadogV2::model::SecurityMonitoringSKU,
     #[serde(flatten)]

Original file line number	Diff line number	Diff line change
`@@ -1156,8 +1156,8 @@ impl SearchSecurityMonitoringSignalsOptionalParams {`
`1156`	`1156`	`#[derive(Debug, Clone, Serialize, Deserialize)]`
`1157`	`1157`	`#[serde(untagged)]`
`1158`	`1158`	`pub enum ActivateContentPackError {`
`1159`		`- JSONAPIErrorResponse(crate::datadogV2::model::JSONAPIErrorResponse),`
`1160`	`1159`	`APIErrorResponse(crate::datadogV2::model::APIErrorResponse),`
	`1160`	`+ JSONAPIErrorResponse(crate::datadogV2::model::JSONAPIErrorResponse),`
`1161`	`1161`	`UnknownValue(serde_json::Value),`
`1162`	`1162`	`}`
`1163`	`1163`
`@@ -1311,8 +1311,8 @@ pub enum CreateVulnerabilityNotificationRuleError {`
`1311`	`1311`	`#[derive(Debug, Clone, Serialize, Deserialize)]`
`1312`	`1312`	`#[serde(untagged)]`
`1313`	`1313`	`pub enum DeactivateContentPackError {`
`1314`		`- JSONAPIErrorResponse(crate::datadogV2::model::JSONAPIErrorResponse),`
`1315`	`1314`	`APIErrorResponse(crate::datadogV2::model::APIErrorResponse),`
	`1315`	`+ JSONAPIErrorResponse(crate::datadogV2::model::JSONAPIErrorResponse),`
`1316`	`1316`	`UnknownValue(serde_json::Value),`
`1317`	`1317`	`}`
`1318`	`1318`
`@@ -1416,8 +1416,8 @@ pub enum EditSecurityMonitoringSignalStateError {`
`1416`	`1416`	`#[derive(Debug, Clone, Serialize, Deserialize)]`
`1417`	`1417`	`#[serde(untagged)]`
`1418`	`1418`	`pub enum GetContentPacksStatesError {`
`1419`		`- JSONAPIErrorResponse(crate::datadogV2::model::JSONAPIErrorResponse),`
`1420`	`1419`	`APIErrorResponse(crate::datadogV2::model::APIErrorResponse),`
	`1420`	`+ JSONAPIErrorResponse(crate::datadogV2::model::JSONAPIErrorResponse),`
`1421`	`1421`	`UnknownValue(serde_json::Value),`
`1422`	`1422`	`}`
`1423`	`1423`
`@@ -1942,7 +1942,7 @@ impl SecurityMonitoringAPI {`
`1942`	`1942`	`Self { config, client }`
`1943`	`1943`	`}`
`1944`	`1944`
`1945`		`- /// Activate a security monitoring content pack. This operation configures the necessary`
	`1945`	`+ /// Activate a Cloud SIEM content pack. This operation configures the necessary`
`1946`	`1946`	`/// log filters or security filters depending on the pricing model and updates the content`
`1947`	`1947`	`/// pack activation state.`
`1948`	`1948`	`pub async fn activate_content_pack(`
`@@ -1958,7 +1958,7 @@ impl SecurityMonitoringAPI {`
`1958`	`1958`	`}`
`1959`	`1959`	`}`
`1960`	`1960`
`1961`		`- /// Activate a security monitoring content pack. This operation configures the necessary`
	`1961`	`+ /// Activate a Cloud SIEM content pack. This operation configures the necessary`
`1962`	`1962`	`/// log filters or security filters depending on the pricing model and updates the content`
`1963`	`1963`	`/// pack activation state.`
`1964`	`1964`	`pub async fn activate_content_pack_with_http_info(`
`@@ -4787,7 +4787,7 @@ impl SecurityMonitoringAPI {`
`4787`	`4787`	`}`
`4788`	`4788`	`}`
`4789`	`4789`
`4790`		`- /// Deactivate a security monitoring content pack. This operation removes the content pack's`
	`4790`	`+ /// Deactivate a Cloud SIEM content pack. This operation removes the content pack's`
`4791`	`4791`	`/// configuration from log filters or security filters and updates the content pack activation state.`
`4792`	`4792`	`pub async fn deactivate_content_pack(`
`4793`	`4793`	`&self,`
`@@ -4802,7 +4802,7 @@ impl SecurityMonitoringAPI {`
`4802`	`4802`	`}`
`4803`	`4803`	`}`
`4804`	`4804`
`4805`		`- /// Deactivate a security monitoring content pack. This operation removes the content pack's`
	`4805`	`+ /// Deactivate a Cloud SIEM content pack. This operation removes the content pack's`
`4806`	`4806`	`/// configuration from log filters or security filters and updates the content pack activation state.`
`4807`	`4807`	`pub async fn deactivate_content_pack_with_http_info(`
`4808`	`4808`	`&self,`
`@@ -6283,9 +6283,7 @@ impl SecurityMonitoringAPI {`
`6283`	`6283`	`}`
`6284`	`6284`	`}`
`6285`	`6285`
`6286`		`- /// Get the activation and configuration states for all security monitoring content packs.`
`6287`		`- /// This endpoint returns status information about each content pack including activation state,`
`6288`		`- /// integration status, and log collection status.`
	`6286`	`+ /// Get the activation and operational state for all Cloud SIEM content packs.`
`6289`	`6287`	`pub async fn get_content_packs_states(`
`6290`	`6288`	`&self,`
`6291`	`6289`	`) -> Result<`
`@@ -6306,9 +6304,7 @@ impl SecurityMonitoringAPI {`
`6306`	`6304`	`}`
`6307`	`6305`	`}`
`6308`	`6306`
`6309`		`- /// Get the activation and configuration states for all security monitoring content packs.`
`6310`		`- /// This endpoint returns status information about each content pack including activation state,`
`6311`		`- /// integration status, and log collection status.`
	`6307`	`+ /// Get the activation and operational state for all Cloud SIEM content packs.`
`6312`	`6308`	`pub async fn get_content_packs_states_with_http_info(`
`6313`	`6309`	`&self,`
`6314`	`6310`	`) -> Result<`