diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index dd229dc55f7b..040612a150d8 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -62654,19 +62654,23 @@ components: - DONE - TIMEOUT SecurityMonitoringContentPackActivation: - description: The activation status of a content pack + description: The activation status of a content pack. enum: - never_activated - activated - deactivated example: activated type: string + x-enum-descriptions: + - Pack has never been activated for this organization. + - Pack is currently activated. + - Pack was previously activated but has since been deactivated. x-enum-varnames: - NEVER_ACTIVATED - ACTIVATED - DEACTIVATED SecurityMonitoringContentPackIntegrationStatus: - description: The installation status of the related integration + description: The installation status of the related integration. enum: - installed - available @@ -62675,6 +62679,12 @@ components: - error example: installed type: string + x-enum-descriptions: + - Integration is fully installed. + - Integration exists in the catalog but is not installed. + - Integration is only partially configured. + - Integration detected (for example, logs are flowing) but not explicitly installed. + - Integration is in an error state. x-enum-varnames: - INSTALLED - AVAILABLE @@ -62691,7 +62701,9 @@ components: cp_activation: $ref: "#/components/schemas/SecurityMonitoringContentPackActivation" filters_configured_for_logs: - description: Whether filters (Security Filters or Index Query depending on the pricing model) are configured for logs + description: |- + Whether filters (Security Filters or Index Query depending on the pricing model) are + present and correctly configured to route logs into Cloud SIEM. example: true type: boolean integration_installed_status: @@ -62699,7 +62711,7 @@ components: logs_last_collected: $ref: "#/components/schemas/SecurityMonitoringContentPackTimestampBucket" logs_seen_from_any_index: - description: Whether logs have been seen from any index + description: Whether logs for this content pack have been seen in any Datadog index within the last 72 hours. example: true type: boolean state: @@ -62764,7 +62776,7 @@ components: - meta type: object SecurityMonitoringContentPackStatus: - description: The current status of a content pack + description: The current operational status of a content pack. enum: - install - activate @@ -62774,6 +62786,13 @@ components: - broken example: active type: string + x-enum-descriptions: + - Not activated; no logs detected in the last 72 hours. + - Not activated; logs are flowing into a Datadog index but not yet routed through Cloud SIEM. + - Activated; awaiting first log ingestion. + - Activated; logs received within the last 24 hours. + - Activated; integration not installed or logs last seen 24 to 72 hours ago. + - Activated; no logs for over 72 hours, filter missing, or Cloud SIEM index incorrectly ordered. x-enum-varnames: - INSTALL - ACTIVATE @@ -62782,7 +62801,7 @@ components: - WARNING - BROKEN SecurityMonitoringContentPackTimestampBucket: - description: Timestamp bucket indicating when logs were last collected + description: Timestamp bucket indicating when logs were last collected. enum: - not_seen - within_24_hours @@ -62791,6 +62810,12 @@ components: - over_30d example: within_24_hours type: string + x-enum-descriptions: + - No logs observed. + - Logs received within the last 24 hours. + - Logs last seen 24 to 72 hours ago. + - Logs last seen 3 to 30 days ago. + - Logs last seen more than 30 days ago. x-enum-varnames: - NOT_SEEN - WITHIN_24_HOURS @@ -63881,7 +63906,7 @@ components: - $ref: "#/components/schemas/SecurityMonitoringSignalRulePayload" - $ref: "#/components/schemas/CloudConfigurationRulePayload" SecurityMonitoringSKU: - description: The SIEM pricing model (SKU) for the organization + description: The Cloud SIEM pricing model (SKU) for the organization. enum: - per_gb_analyzed - per_event_in_siem_index_2023 @@ -118704,9 +118729,8 @@ paths: /api/v2/security_monitoring/content_packs/states: get: description: |- - Get the activation and configuration states for all security monitoring content packs. - This endpoint returns status information about each content pack including activation state, - integration status, and log collection status. + Get the activation state, integration status, and log collection status + for all Cloud SIEM content packs. operationId: GetContentPacksStates responses: "200": @@ -118729,21 +118753,31 @@ paths: description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_filters_read summary: Get content pack states tags: - Security Monitoring + "x-permission": + operator: OR + permissions: + - security_monitoring_filters_read + - logs_read_index_data x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/security_monitoring/content_packs/{content_pack_id}/activate: put: description: |- - Activate a security monitoring content pack. This operation configures the necessary + Activate a Cloud SIEM content pack. This operation configures the necessary log filters or security filters depending on the pricing model and updates the content pack activation state. operationId: ActivateContentPack parameters: - - description: The ID of the content pack to activate. + - description: The ID of the content pack to activate (for example, `aws-cloudtrail`). in: path name: content_pack_id required: true @@ -118767,20 +118801,30 @@ paths: description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_filters_write summary: Activate content pack tags: - Security Monitoring + "x-permission": + operator: OR + permissions: + - security_monitoring_filters_write + - logs_modify_indexes x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). /api/v2/security_monitoring/content_packs/{content_pack_id}/deactivate: put: description: |- - Deactivate a security monitoring content pack. This operation removes the content pack's + Deactivate a Cloud SIEM content pack. This operation removes the content pack's configuration from log filters or security filters and updates the content pack activation state. operationId: DeactivateContentPack parameters: - - description: The ID of the content pack to deactivate. + - description: The ID of the content pack to deactivate (for example, `aws-cloudtrail`). in: path name: content_pack_id required: true @@ -118804,9 +118848,19 @@ paths: description: Not Found "429": $ref: "#/components/responses/TooManyRequestsResponse" + security: + - apiKeyAuth: [] + appKeyAuth: [] + - AuthZ: + - security_monitoring_filters_write summary: Deactivate content pack tags: - Security Monitoring + "x-permission": + operator: OR + permissions: + - security_monitoring_filters_write + - logs_modify_indexes x-unstable: |- **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). @@ -129945,10 +129999,15 @@ tags: organize, find, and share all of your dashboards with your team and organization. name: Dashboard Lists - - description: >- - Manage securely embedded Datadog dashboards. Secure embeds use HMAC-SHA256 signed sessions for authentication, enabling customers to embed dashboards in their own applications with server-side auth control. Unlike public dashboards (open URL) or invite dashboards (email-based access), secure embeds provide programmatic access control. + - description: |- + Manage securely embedded Datadog dashboards. Secure embeds use HMAC-SHA256 signed sessions + for authentication, enabling customers to embed dashboards in their own applications with + server-side auth control. Unlike public dashboards (open URL) or invite dashboards + (email-based access), secure embeds provide programmatic access control. - **Requirements:** - Org setting: SharedDashboards > Embed sharing must be enabled. - AuthN: Datadog API key and application key. - Read operations require `dashboards_read` permission. - Write operations require `dashboards_embed_share` permission. + **Requirements:** + - **Embed** sharing must be enabled under **Organization Settings** > **Public Sharing** > **Shared Dashboards**. + - You need [an API key and an application key](https://docs.datadoghq.com/account_management/api-app-keys/) to interact with these endpoints. name: Dashboard Secure Embed - description: |- The Data Deletion API allows the user to target and delete data from the allowed products. It's currently enabled for Logs and RUM and depends on `logs_delete_data` and `rum_delete_data` permissions respectively. diff --git a/features/v2/dashboard_secure_embed.feature b/features/v2/dashboard_secure_embed.feature index 25cb5335e322..ad268373fbc1 100644 --- a/features/v2/dashboard_secure_embed.feature +++ b/features/v2/dashboard_secure_embed.feature @@ -4,11 +4,11 @@ Feature: Dashboard Secure Embed signed sessions for authentication, enabling customers to embed dashboards in their own applications with server-side auth control. Unlike public dashboards (open URL) or invite dashboards (email-based access), secure - embeds provide programmatic access control. **Requirements:** - Org - setting: SharedDashboards > Embed sharing must be enabled. - AuthN: - Datadog API key and application key. - Read operations require - `dashboards_read` permission. - Write operations require - `dashboards_embed_share` permission. + embeds provide programmatic access control. **Requirements:** - **Embed** + sharing must be enabled under **Organization Settings** > **Public + Sharing** > **Shared Dashboards**. - You need [an API key and an + application key](https://docs.datadoghq.com/account_management/api-app- + keys/) to interact with these endpoints. Background: Given a valid "apiKeyAuth" key in the system diff --git a/lib/datadog_api_client/v2/api/security_monitoring_api.rb b/lib/datadog_api_client/v2/api/security_monitoring_api.rb index eba4fd23d3e0..34236b2d5474 100644 --- a/lib/datadog_api_client/v2/api/security_monitoring_api.rb +++ b/lib/datadog_api_client/v2/api/security_monitoring_api.rb @@ -33,11 +33,11 @@ def activate_content_pack(content_pack_id, opts = {}) # Activate content pack. # - # Activate a security monitoring content pack. This operation configures the necessary + # Activate a Cloud SIEM content pack. This operation configures the necessary # log filters or security filters depending on the pricing model and updates the content # pack activation state. # - # @param content_pack_id [String] The ID of the content pack to activate. + # @param content_pack_id [String] The ID of the content pack to activate (for example, `aws-cloudtrail`). # @param opts [Hash] the optional parameters # @return [Array<(nil, Integer, Hash)>] nil, response status code and response headers def activate_content_pack_with_http_info(content_pack_id, opts = {}) @@ -76,7 +76,7 @@ def activate_content_pack_with_http_info(content_pack_id, opts = {}) return_type = opts[:debug_return_type] # auth_names - auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth] + auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth, :AuthZ] new_options = opts.merge( :operation => :activate_content_pack, @@ -1587,10 +1587,10 @@ def deactivate_content_pack(content_pack_id, opts = {}) # Deactivate content pack. # - # Deactivate a security monitoring content pack. This operation removes the content pack's + # Deactivate a Cloud SIEM content pack. This operation removes the content pack's # configuration from log filters or security filters and updates the content pack activation state. # - # @param content_pack_id [String] The ID of the content pack to deactivate. + # @param content_pack_id [String] The ID of the content pack to deactivate (for example, `aws-cloudtrail`). # @param opts [Hash] the optional parameters # @return [Array<(nil, Integer, Hash)>] nil, response status code and response headers def deactivate_content_pack_with_http_info(content_pack_id, opts = {}) @@ -1629,7 +1629,7 @@ def deactivate_content_pack_with_http_info(content_pack_id, opts = {}) return_type = opts[:debug_return_type] # auth_names - auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth] + auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth, :AuthZ] new_options = opts.merge( :operation => :deactivate_content_pack, @@ -2629,9 +2629,8 @@ def get_content_packs_states(opts = {}) # Get content pack states. # - # Get the activation and configuration states for all security monitoring content packs. - # This endpoint returns status information about each content pack including activation state, - # integration status, and log collection status. + # Get the activation state, integration status, and log collection status + # for all Cloud SIEM content packs. # # @param opts [Hash] the optional parameters # @return [Array<(SecurityMonitoringContentPackStatesResponse, Integer, Hash)>] SecurityMonitoringContentPackStatesResponse data, response status code and response headers @@ -2667,7 +2666,7 @@ def get_content_packs_states_with_http_info(opts = {}) return_type = opts[:debug_return_type] || 'SecurityMonitoringContentPackStatesResponse' # auth_names - auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth] + auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth, :AuthZ] new_options = opts.merge( :operation => :get_content_packs_states, diff --git a/lib/datadog_api_client/v2/models/security_monitoring_content_pack_activation.rb b/lib/datadog_api_client/v2/models/security_monitoring_content_pack_activation.rb index af1ae6d474af..3c2fa523ba8e 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_content_pack_activation.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_content_pack_activation.rb @@ -17,7 +17,7 @@ require 'time' module DatadogAPIClient::V2 - # The activation status of a content pack + # The activation status of a content pack. class SecurityMonitoringContentPackActivation include BaseEnumModel diff --git a/lib/datadog_api_client/v2/models/security_monitoring_content_pack_integration_status.rb b/lib/datadog_api_client/v2/models/security_monitoring_content_pack_integration_status.rb index 0cfeb6e313f1..a5b925fd8db4 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_content_pack_integration_status.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_content_pack_integration_status.rb @@ -17,7 +17,7 @@ require 'time' module DatadogAPIClient::V2 - # The installation status of the related integration + # The installation status of the related integration. class SecurityMonitoringContentPackIntegrationStatus include BaseEnumModel diff --git a/lib/datadog_api_client/v2/models/security_monitoring_content_pack_state_attributes.rb b/lib/datadog_api_client/v2/models/security_monitoring_content_pack_state_attributes.rb index 1afdc306fee2..64823c4c400e 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_content_pack_state_attributes.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_content_pack_state_attributes.rb @@ -24,22 +24,23 @@ class SecurityMonitoringContentPackStateAttributes # Whether the cloud SIEM index configuration is incorrect (only applies to certain pricing models) attr_reader :cloud_siem_index_incorrect - # The activation status of a content pack + # The activation status of a content pack. attr_reader :cp_activation - # Whether filters (Security Filters or Index Query depending on the pricing model) are configured for logs + # Whether filters (Security Filters or Index Query depending on the pricing model) are + # present and correctly configured to route logs into Cloud SIEM. attr_reader :filters_configured_for_logs - # The installation status of the related integration + # The installation status of the related integration. attr_accessor :integration_installed_status - # Timestamp bucket indicating when logs were last collected + # Timestamp bucket indicating when logs were last collected. attr_reader :logs_last_collected - # Whether logs have been seen from any index + # Whether logs for this content pack have been seen in any Datadog index within the last 72 hours. attr_reader :logs_seen_from_any_index - # The current status of a content pack + # The current operational status of a content pack. attr_reader :state attr_accessor :additional_properties diff --git a/lib/datadog_api_client/v2/models/security_monitoring_content_pack_state_meta.rb b/lib/datadog_api_client/v2/models/security_monitoring_content_pack_state_meta.rb index 700063bd5600..3226d4abf407 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_content_pack_state_meta.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_content_pack_state_meta.rb @@ -24,7 +24,7 @@ class SecurityMonitoringContentPackStateMeta # Whether the cloud SIEM index configuration is incorrect at the organization level attr_reader :cloud_siem_index_incorrect - # The SIEM pricing model (SKU) for the organization + # The Cloud SIEM pricing model (SKU) for the organization. attr_reader :sku attr_accessor :additional_properties diff --git a/lib/datadog_api_client/v2/models/security_monitoring_content_pack_status.rb b/lib/datadog_api_client/v2/models/security_monitoring_content_pack_status.rb index 1d66651f962c..f80eda147e13 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_content_pack_status.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_content_pack_status.rb @@ -17,7 +17,7 @@ require 'time' module DatadogAPIClient::V2 - # The current status of a content pack + # The current operational status of a content pack. class SecurityMonitoringContentPackStatus include BaseEnumModel diff --git a/lib/datadog_api_client/v2/models/security_monitoring_content_pack_timestamp_bucket.rb b/lib/datadog_api_client/v2/models/security_monitoring_content_pack_timestamp_bucket.rb index 5244a149875e..649a0dbd270f 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_content_pack_timestamp_bucket.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_content_pack_timestamp_bucket.rb @@ -17,7 +17,7 @@ require 'time' module DatadogAPIClient::V2 - # Timestamp bucket indicating when logs were last collected + # Timestamp bucket indicating when logs were last collected. class SecurityMonitoringContentPackTimestampBucket include BaseEnumModel diff --git a/lib/datadog_api_client/v2/models/security_monitoring_sku.rb b/lib/datadog_api_client/v2/models/security_monitoring_sku.rb index ba428dcd9b66..69cec58f7bf3 100644 --- a/lib/datadog_api_client/v2/models/security_monitoring_sku.rb +++ b/lib/datadog_api_client/v2/models/security_monitoring_sku.rb @@ -17,7 +17,7 @@ require 'time' module DatadogAPIClient::V2 - # The SIEM pricing model (SKU) for the organization + # The Cloud SIEM pricing model (SKU) for the organization. class SecurityMonitoringSKU include BaseEnumModel