From a6a734cf35e7ab78126cb7d4c1b886103080de03 Mon Sep 17 00:00:00 2001
From: "api-clients-generation-pipeline[bot]"
 <54105614+api-clients-generation-pipeline[bot]@users.noreply.github.com>
Date: Mon, 12 Jan 2026 22:35:53 +0000
Subject: [PATCH] Update docs for Security Finding API endpoints (#2897)

Co-authored-by: ci.datadog-api-spec <packages@datadoghq.com>
---
 .generator/schemas/v2/openapi.yaml            | 28 ++++++++++++++-----
 .../v2/api/security_monitoring_api.rb         |  8 +++---
 2 files changed, 25 insertions(+), 11 deletions(-)

diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml
index 380a344138b6..d9c881cd8367 100644
--- a/.generator/schemas/v2/openapi.yaml
+++ b/.generator/schemas/v2/openapi.yaml
@@ -78107,7 +78107,13 @@ paths:
         cursorPath: meta.page.cursor
         limitParam: page[limit]
         resultsPath: data
-      x-unstable: '**Note**: This endpoint is in public beta.
+      x-unstable: '**Note**: This endpoint uses the legacy security findings data
+        model and is planned for deprecation.
+
+        Use the [search security findings endpoint](https://docs.datadoghq.com/api/latest/security-monitoring/#search-security-findings),
+
+        which is based on the [new security findings schema](https://docs.datadoghq.com/security/guide/findings-schema/),
+        to search security findings.
 
         If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
     patch:
@@ -78207,7 +78213,13 @@ paths:
       summary: Get a finding
       tags:
       - Security Monitoring
-      x-unstable: '**Note**: This endpoint is in public beta.
+      x-unstable: '**Note**: This endpoint uses the legacy security findings data
+        model and is planned for deprecation.
+
+        Use the [search security findings endpoint](https://docs.datadoghq.com/api/latest/security-monitoring/#search-security-findings),
+
+        which is based on the [new security findings schema](https://docs.datadoghq.com/security/guide/findings-schema/),
+        to search security findings.
 
         If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
   /api/v2/powerpacks:
@@ -82153,15 +82165,16 @@ paths:
         - security_monitoring_cws_agent_rules_read
   /api/v2/security/findings:
     get:
-      description: 'Get a list of security findings that match a search query.
+      description: 'Get a list of security findings that match a search query. [See
+        the schema for security findings](https://docs.datadoghq.com/security/guide/findings-schema/).
 
 
         ### Query Syntax
 
 
         This endpoint uses the logs query syntax. Findings attributes (living in the
-        custom. namespace) are prefixed by @ when queried. Tags are queried without
-        a prefix.
+        attributes.attributes. namespace) are prefixed by @ when queried. Tags are
+        queried without a prefix.
 
 
         Example: `@severity:(critical OR high) @status:open team:platform`'
@@ -82452,13 +82465,14 @@ paths:
         Please check the documentation regularly for updates.'
   /api/v2/security/findings/search:
     post:
-      description: 'Get a list of security findings that match a search query.
+      description: 'Get a list of security findings that match a search query. [See
+        the schema for security findings](https://docs.datadoghq.com/security/guide/findings-schema/).
 
 
         ### Query Syntax
 
 
-        The API uses the logs query syntax. Findings attributes (living in the custom.
+        The API uses the logs query syntax. Findings attributes (living in the attributes.attributes.
         namespace) are prefixed by @ when queried. Tags are queried without a prefix.
 
 
diff --git a/lib/datadog_api_client/v2/api/security_monitoring_api.rb b/lib/datadog_api_client/v2/api/security_monitoring_api.rb
index cb883b183712..21434788d0fe 100644
--- a/lib/datadog_api_client/v2/api/security_monitoring_api.rb
+++ b/lib/datadog_api_client/v2/api/security_monitoring_api.rb
@@ -3698,11 +3698,11 @@ def list_security_findings(opts = {})
 
     # List security findings.
     #
-    # Get a list of security findings that match a search query.
+    # Get a list of security findings that match a search query. [See the schema for security findings](https://docs.datadoghq.com/security/guide/findings-schema/).
     #
     # ### Query Syntax
     #
-    # This endpoint uses the logs query syntax. Findings attributes (living in the custom. namespace) are prefixed by @ when queried. Tags are queried without a prefix.
+    # This endpoint uses the logs query syntax. Findings attributes (living in the attributes.attributes. namespace) are prefixed by @ when queried. Tags are queried without a prefix.
     #
     # Example: `@severity:(critical OR high) @status:open team:platform`
     #
@@ -4892,11 +4892,11 @@ def search_security_findings(body, opts = {})
 
     # Search security findings.
     #
-    # Get a list of security findings that match a search query.
+    # Get a list of security findings that match a search query. [See the schema for security findings](https://docs.datadoghq.com/security/guide/findings-schema/).
     #
     # ### Query Syntax
     #
-    # The API uses the logs query syntax. Findings attributes (living in the custom. namespace) are prefixed by @ when queried. Tags are queried without a prefix.
+    # The API uses the logs query syntax. Findings attributes (living in the attributes.attributes. namespace) are prefixed by @ when queried. Tags are queried without a prefix.
     #
     # Example: `@severity:(critical OR high) @status:open team:platform`
     #