Regenerate client from commit 7d6e091 of spec repo

Author: ci.datadog-api-spec

.generator/schemas/v2/openapi.yaml

@@ -49518,6 +49518,7 @@ components:
       - third_party
       - anomaly_threshold
       - sequence_detection
+      example: threshold
       type: string
       x-enum-varnames:
       - THRESHOLD
@@ -49617,6 +49618,58 @@ components:
       - SIX_HOURS
       - TWELVE_HOURS
       - ONE_DAY
+    SecurityMonitoringRuleLivetailRequest:
+      description: Request to preview a rule query with applied filters.
+      properties:
+        dataSource:
+          description: Data source for the query.
+          example: logs
+          type: string
+        detectionMethod:
+          $ref: '#/components/schemas/SecurityMonitoringRuleDetectionMethod'
+        distinctFields:
+          description: Fields to apply distinct on.
+          items:
+            type: string
+          type: array
+        filters:
+          description: Additional security filters to apply.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringFilter'
+          type: array
+        groupByFields:
+          description: Fields to group by.
+          items:
+            type: string
+          type: array
+        query:
+          description: The query to preview.
+          example: source:java
+          type: string
+        queryIndex:
+          description: Index of the query in the rule.
+          example: 0
+          format: int32
+          maximum: 9
+          minimum: 0
+          type: integer
+        type:
+          $ref: '#/components/schemas/SecurityMonitoringRuleTypeRead'
+      required:
+      - query
+      - queryIndex
+      - type
+      - detectionMethod
+      - dataSource
+      type: object
+    SecurityMonitoringRuleLivetailResponse:
+      description: Response containing the modified query with applied filters.
+      properties:
+        query:
+          description: The modified query with all filters applied.
+          example: source:java (service:payment OR service:auth)
+          type: string
+      type: object
     SecurityMonitoringRuleMaxSignalDuration:
       description: 'A signal will "close" regardless of the query being matched once
         the time exceeds the maximum duration.
@@ -49962,6 +50015,7 @@ components:
       - cloud_configuration
       - application_security
       - api_security
+      example: log_detection
       type: string
       x-enum-varnames:
       - LOG_DETECTION
@@ -86008,6 +86062,46 @@ paths:
       summary: Get a suppression's version history
       tags:
       - Security Monitoring
+  /api/v2/security_monitoring/livetail:
+    post:
+      description: 'Preview a security monitoring rule query with security filters,
+        group by fields, and distinct fields applied.
+
+        This endpoint is used in the rule editor to show how the query will be transformed
+        after applying additional filters.'
+      operationId: PreviewSecurityMonitoringRuleQuery
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SecurityMonitoringRuleLivetailRequest'
+        required: true
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SecurityMonitoringRuleLivetailResponse'
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_rules_read
+      summary: Preview a rule query with applied filters
+      tags:
+      - Security Monitoring
+      x-codegen-request-body-name: body
+      x-permission:
+        operator: OR
+        permissions:
+        - security_monitoring_rules_read
   /api/v2/security_monitoring/rules:
     get:
       description: List rules.

docs/datadog_api_client.v2.model.rst

@@ -21879,6 +21879,20 @@ datadog\_api\_client.v2.model.security\_monitoring\_rule\_keep\_alive module
    :members:
    :show-inheritance:
 
+datadog\_api\_client.v2.model.security\_monitoring\_rule\_livetail\_request module
+----------------------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.security_monitoring_rule_livetail_request
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.security\_monitoring\_rule\_livetail\_response module
+-----------------------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.security_monitoring_rule_livetail_response
+   :members:
+   :show-inheritance:
+
 datadog\_api\_client.v2.model.security\_monitoring\_rule\_max\_signal\_duration module
 --------------------------------------------------------------------------------------
 

examples/v2/security-monitoring/PreviewSecurityMonitoringRuleQuery.py

@@ -0,0 +1,27 @@
+"""
+Preview a rule query with applied filters returns "OK" response
+"""
+
+from datadog_api_client import ApiClient, Configuration
+from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
+from datadog_api_client.v2.model.security_monitoring_rule_detection_method import SecurityMonitoringRuleDetectionMethod
+from datadog_api_client.v2.model.security_monitoring_rule_livetail_request import SecurityMonitoringRuleLivetailRequest
+from datadog_api_client.v2.model.security_monitoring_rule_type_read import SecurityMonitoringRuleTypeRead
+
+body = SecurityMonitoringRuleLivetailRequest(
+    query="source:cloudtrail",
+    query_index=0,
+    filters=[],
+    type=SecurityMonitoringRuleTypeRead.LOG_DETECTION,
+    detection_method=SecurityMonitoringRuleDetectionMethod.THRESHOLD,
+    data_source="logs",
+    group_by_fields=[],
+    distinct_fields=[],
+)
+
+configuration = Configuration()
+with ApiClient(configuration) as api_client:
+    api_instance = SecurityMonitoringApi(api_client)
+    response = api_instance.preview_security_monitoring_rule_query(body=body)
+
+    print(response)

src/datadog_api_client/v2/api/security_monitoring_api.py

@@ -101,6 +101,10 @@
     SecurityMonitoringSuppressionUpdateRequest,
 )
 from datadog_api_client.v2.model.get_suppression_version_history_response import GetSuppressionVersionHistoryResponse
+from datadog_api_client.v2.model.security_monitoring_rule_livetail_response import (
+    SecurityMonitoringRuleLivetailResponse,
+)
+from datadog_api_client.v2.model.security_monitoring_rule_livetail_request import SecurityMonitoringRuleLivetailRequest
 from datadog_api_client.v2.model.security_monitoring_list_rules_response import SecurityMonitoringListRulesResponse
 from datadog_api_client.v2.model.security_monitoring_rule_response import SecurityMonitoringRuleResponse
 from datadog_api_client.v2.model.security_monitoring_rule_convert_response import SecurityMonitoringRuleConvertResponse
@@ -2263,6 +2267,26 @@ def __init__(self, api_client=None):
             api_client=api_client,
         )
 
+        self._preview_security_monitoring_rule_query_endpoint = _Endpoint(
+            settings={
+                "response_type": (SecurityMonitoringRuleLivetailResponse,),
+                "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"],
+                "endpoint_path": "/api/v2/security_monitoring/livetail",
+                "operation_id": "preview_security_monitoring_rule_query",
+                "http_method": "POST",
+                "version": "v2",
+            },
+            params_map={
+                "body": {
+                    "required": True,
+                    "openapi_types": (SecurityMonitoringRuleLivetailRequest,),
+                    "location": "body",
+                },
+            },
+            headers_map={"accept": ["application/json"], "content_type": ["application/json"]},
+            api_client=api_client,
+        )
+
         self._run_threat_hunting_job_endpoint = _Endpoint(
             settings={
                 "response_type": (JobCreateResponse,),
@@ -4979,6 +5003,23 @@ def patch_vulnerability_notification_rule(
 
         return self._patch_vulnerability_notification_rule_endpoint.call_with_http_info(**kwargs)
 
+    def preview_security_monitoring_rule_query(
+        self,
+        body: SecurityMonitoringRuleLivetailRequest,
+    ) -> SecurityMonitoringRuleLivetailResponse:
+        """Preview a rule query with applied filters.
+
+        Preview a security monitoring rule query with security filters, group by fields, and distinct fields applied.
+        This endpoint is used in the rule editor to show how the query will be transformed after applying additional filters.
+
+        :type body: SecurityMonitoringRuleLivetailRequest
+        :rtype: SecurityMonitoringRuleLivetailResponse
+        """
+        kwargs: Dict[str, Any] = {}
+        kwargs["body"] = body
+
+        return self._preview_security_monitoring_rule_query_endpoint.call_with_http_info(**kwargs)
+
     def run_threat_hunting_job(
         self,
         body: RunThreatHuntingJobRequest,

src/datadog_api_client/v2/model/security_monitoring_rule_livetail_request.py

@@ -0,0 +1,113 @@
+# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+# This product includes software developed at Datadog (https://www.datadoghq.com/).
+# Copyright 2019-Present Datadog, Inc.
+from __future__ import annotations
+
+from typing import List, Union, TYPE_CHECKING
+
+from datadog_api_client.model_utils import (
+    ModelNormal,
+    cached_property,
+    unset,
+    UnsetType,
+)
+
+
+if TYPE_CHECKING:
+    from datadog_api_client.v2.model.security_monitoring_rule_detection_method import (
+        SecurityMonitoringRuleDetectionMethod,
+    )
+    from datadog_api_client.v2.model.security_monitoring_filter import SecurityMonitoringFilter
+    from datadog_api_client.v2.model.security_monitoring_rule_type_read import SecurityMonitoringRuleTypeRead
+
+
+class SecurityMonitoringRuleLivetailRequest(ModelNormal):
+    validations = {
+        "query_index": {
+            "inclusive_maximum": 9,
+            "inclusive_minimum": 0,
+        },
+    }
+
+    @cached_property
+    def openapi_types(_):
+        from datadog_api_client.v2.model.security_monitoring_rule_detection_method import (
+            SecurityMonitoringRuleDetectionMethod,
+        )
+        from datadog_api_client.v2.model.security_monitoring_filter import SecurityMonitoringFilter
+        from datadog_api_client.v2.model.security_monitoring_rule_type_read import SecurityMonitoringRuleTypeRead
+
+        return {
+            "data_source": (str,),
+            "detection_method": (SecurityMonitoringRuleDetectionMethod,),
+            "distinct_fields": ([str],),
+            "filters": ([SecurityMonitoringFilter],),
+            "group_by_fields": ([str],),
+            "query": (str,),
+            "query_index": (int,),
+            "type": (SecurityMonitoringRuleTypeRead,),
+        }
+
+    attribute_map = {
+        "data_source": "dataSource",
+        "detection_method": "detectionMethod",
+        "distinct_fields": "distinctFields",
+        "filters": "filters",
+        "group_by_fields": "groupByFields",
+        "query": "query",
+        "query_index": "queryIndex",
+        "type": "type",
+    }
+
+    def __init__(
+        self_,
+        data_source: str,
+        detection_method: SecurityMonitoringRuleDetectionMethod,
+        query: str,
+        query_index: int,
+        type: SecurityMonitoringRuleTypeRead,
+        distinct_fields: Union[List[str], UnsetType] = unset,
+        filters: Union[List[SecurityMonitoringFilter], UnsetType] = unset,
+        group_by_fields: Union[List[str], UnsetType] = unset,
+        **kwargs,
+    ):
+        """
+        Request to preview a rule query with applied filters.
+
+        :param data_source: Data source for the query.
+        :type data_source: str
+
+        :param detection_method: The detection method.
+        :type detection_method: SecurityMonitoringRuleDetectionMethod
+
+        :param distinct_fields: Fields to apply distinct on.
+        :type distinct_fields: [str], optional
+
+        :param filters: Additional security filters to apply.
+        :type filters: [SecurityMonitoringFilter], optional
+
+        :param group_by_fields: Fields to group by.
+        :type group_by_fields: [str], optional
+
+        :param query: The query to preview.
+        :type query: str
+
+        :param query_index: Index of the query in the rule.
+        :type query_index: int
+
+        :param type: The rule type.
+        :type type: SecurityMonitoringRuleTypeRead
+        """
+        if distinct_fields is not unset:
+            kwargs["distinct_fields"] = distinct_fields
+        if filters is not unset:
+            kwargs["filters"] = filters
+        if group_by_fields is not unset:
+            kwargs["group_by_fields"] = group_by_fields
+        super().__init__(kwargs)
+
+        self_.data_source = data_source
+        self_.detection_method = detection_method
+        self_.query = query
+        self_.query_index = query_index
+        self_.type = type

src/datadog_api_client/v2/model/security_monitoring_rule_livetail_response.py

@@ -0,0 +1,36 @@
+# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+# This product includes software developed at Datadog (https://www.datadoghq.com/).
+# Copyright 2019-Present Datadog, Inc.
+from __future__ import annotations
+
+from typing import Union
+
+from datadog_api_client.model_utils import (
+    ModelNormal,
+    cached_property,
+    unset,
+    UnsetType,
+)
+
+
+class SecurityMonitoringRuleLivetailResponse(ModelNormal):
+    @cached_property
+    def openapi_types(_):
+        return {
+            "query": (str,),
+        }
+
+    attribute_map = {
+        "query": "query",
+    }
+
+    def __init__(self_, query: Union[str, UnsetType] = unset, **kwargs):
+        """
+        Response containing the modified query with applied filters.
+
+        :param query: The modified query with all filters applied.
+        :type query: str, optional
+        """
+        if query is not unset:
+            kwargs["query"] = query
+        super().__init__(kwargs)