Regenerate client from commit 0736290 of spec repo

ci.datadog-api-spec · ci.datadog-api-spec · commit d3756c4aa711 · 2026-02-10T15:32:43.000Z
diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml
@@ -40869,8 +40869,6 @@ components:
           type: integer
         type:
           $ref: '#/components/schemas/ObservabilityPipelineBufferOptionsMemoryType'
-        when_full:
-          $ref: '#/components/schemas/ObservabilityPipelineBufferOptionsWhenFull'
       type: object
     ObservabilityPipelineMemoryBufferSizeOptions:
       description: Options for configuring a memory buffer by queue length.
@@ -40882,8 +40880,6 @@ components:
           type: integer
         type:
           $ref: '#/components/schemas/ObservabilityPipelineBufferOptionsMemoryType'
-        when_full:
-          $ref: '#/components/schemas/ObservabilityPipelineBufferOptionsWhenFull'
       type: object
     ObservabilityPipelineMetadataEntry:
       description: A custom metadata entry.
@@ -53475,6 +53471,8 @@ components:
           $ref: '#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration'
         detectionTolerance:
           $ref: '#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance'
+        instantaneousBaseline:
+          $ref: '#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptionsInstantaneousBaseline'
         learningDuration:
           $ref: '#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration'
         learningPeriodBaseline:
@@ -53526,6 +53524,13 @@ components:
       - THREE
       - FOUR
       - FIVE
+    SecurityMonitoringRuleAnomalyDetectionOptionsInstantaneousBaseline:
+      description: When set to true, Datadog uses previous values that fall within
+        the defined learning window to construct the baseline, enabling the system
+        to establish an accurate baseline more rapidly rather than relying solely
+        on gradual learning over time.
+      example: false
+      type: boolean
     SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration:
       description: Learning duration in hours. Anomaly detection waits for at least
         this amount of historical data before it starts evaluating.
diff --git a/examples/v2/security-monitoring/CreateSecurityMonitoringRule_3355193622.py b/examples/v2/security-monitoring/CreateSecurityMonitoringRule_3355193622.py
@@ -0,0 +1,89 @@
+"""
+Create a detection rule with detection method 'anomaly_detection' with enabled feature 'instantaneousBaseline' returns
+"OK" response
+"""
+
+from datadog_api_client import ApiClient, Configuration
+from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
+from datadog_api_client.v2.model.security_monitoring_rule_anomaly_detection_options import (
+    SecurityMonitoringRuleAnomalyDetectionOptions,
+)
+from datadog_api_client.v2.model.security_monitoring_rule_anomaly_detection_options_bucket_duration import (
+    SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration,
+)
+from datadog_api_client.v2.model.security_monitoring_rule_anomaly_detection_options_detection_tolerance import (
+    SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance,
+)
+from datadog_api_client.v2.model.security_monitoring_rule_anomaly_detection_options_learning_duration import (
+    SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration,
+)
+from datadog_api_client.v2.model.security_monitoring_rule_case_create import SecurityMonitoringRuleCaseCreate
+from datadog_api_client.v2.model.security_monitoring_rule_detection_method import SecurityMonitoringRuleDetectionMethod
+from datadog_api_client.v2.model.security_monitoring_rule_evaluation_window import (
+    SecurityMonitoringRuleEvaluationWindow,
+)
+from datadog_api_client.v2.model.security_monitoring_rule_keep_alive import SecurityMonitoringRuleKeepAlive
+from datadog_api_client.v2.model.security_monitoring_rule_max_signal_duration import (
+    SecurityMonitoringRuleMaxSignalDuration,
+)
+from datadog_api_client.v2.model.security_monitoring_rule_options import SecurityMonitoringRuleOptions
+from datadog_api_client.v2.model.security_monitoring_rule_query_aggregation import (
+    SecurityMonitoringRuleQueryAggregation,
+)
+from datadog_api_client.v2.model.security_monitoring_rule_severity import SecurityMonitoringRuleSeverity
+from datadog_api_client.v2.model.security_monitoring_rule_type_create import SecurityMonitoringRuleTypeCreate
+from datadog_api_client.v2.model.security_monitoring_standard_data_source import SecurityMonitoringStandardDataSource
+from datadog_api_client.v2.model.security_monitoring_standard_rule_create_payload import (
+    SecurityMonitoringStandardRuleCreatePayload,
+)
+from datadog_api_client.v2.model.security_monitoring_standard_rule_query import SecurityMonitoringStandardRuleQuery
+
+body = SecurityMonitoringStandardRuleCreatePayload(
+    name="Example-Security-Monitoring",
+    type=SecurityMonitoringRuleTypeCreate.LOG_DETECTION,
+    is_enabled=True,
+    queries=[
+        SecurityMonitoringStandardRuleQuery(
+            aggregation=SecurityMonitoringRuleQueryAggregation.COUNT,
+            data_source=SecurityMonitoringStandardDataSource.LOGS,
+            distinct_fields=[],
+            group_by_fields=[
+                "@usr.email",
+                "@network.client.ip",
+            ],
+            has_optional_group_by_fields=False,
+            name="",
+            query="service:app status:error",
+        ),
+    ],
+    cases=[
+        SecurityMonitoringRuleCaseCreate(
+            name="",
+            status=SecurityMonitoringRuleSeverity.INFO,
+            notifications=[],
+            condition="a > 0.995",
+        ),
+    ],
+    message="An anomaly detection rule",
+    options=SecurityMonitoringRuleOptions(
+        detection_method=SecurityMonitoringRuleDetectionMethod.ANOMALY_DETECTION,
+        evaluation_window=SecurityMonitoringRuleEvaluationWindow.FIFTEEN_MINUTES,
+        keep_alive=SecurityMonitoringRuleKeepAlive.ONE_HOUR,
+        max_signal_duration=SecurityMonitoringRuleMaxSignalDuration.ONE_DAY,
+        anomaly_detection_options=SecurityMonitoringRuleAnomalyDetectionOptions(
+            bucket_duration=SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration.FIVE_MINUTES,
+            learning_duration=SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration.ONE_DAY,
+            detection_tolerance=SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance.THREE,
+            instantaneous_baseline=True,
+        ),
+    ),
+    tags=[],
+    filters=[],
+)
+
+configuration = Configuration()
+with ApiClient(configuration) as api_client:
+    api_instance = SecurityMonitoringApi(api_client)
+    response = api_instance.create_security_monitoring_rule(body=body)
+
+    print(response)
diff --git a/src/datadog_api_client/v2/model/observability_pipeline_memory_buffer_options.py b/src/datadog_api_client/v2/model/observability_pipeline_memory_buffer_options.py
@@ -17,9 +17,6 @@
     from datadog_api_client.v2.model.observability_pipeline_buffer_options_memory_type import (
         ObservabilityPipelineBufferOptionsMemoryType,
     )
-    from datadog_api_client.v2.model.observability_pipeline_buffer_options_when_full import (
-        ObservabilityPipelineBufferOptionsWhenFull,
-    )
 
 
 class ObservabilityPipelineMemoryBufferOptions(ModelNormal):
@@ -28,27 +25,21 @@ def openapi_types(_):
         from datadog_api_client.v2.model.observability_pipeline_buffer_options_memory_type import (
             ObservabilityPipelineBufferOptionsMemoryType,
         )
-        from datadog_api_client.v2.model.observability_pipeline_buffer_options_when_full import (
-            ObservabilityPipelineBufferOptionsWhenFull,
-        )
 
         return {
             "max_size": (int,),
             "type": (ObservabilityPipelineBufferOptionsMemoryType,),
-            "when_full": (ObservabilityPipelineBufferOptionsWhenFull,),
         }
 
     attribute_map = {
         "max_size": "max_size",
         "type": "type",
-        "when_full": "when_full",
     }
 
     def __init__(
         self_,
         max_size: Union[int, UnsetType] = unset,
         type: Union[ObservabilityPipelineBufferOptionsMemoryType, UnsetType] = unset,
-        when_full: Union[ObservabilityPipelineBufferOptionsWhenFull, UnsetType] = unset,
         **kwargs,
     ):
         """
@@ -59,14 +50,9 @@ def __init__(
 
         :param type: The type of the buffer that will be configured, a memory buffer.
         :type type: ObservabilityPipelineBufferOptionsMemoryType, optional
-
-        :param when_full: Behavior when the buffer is full (block and stop accepting new events, or drop new events)
-        :type when_full: ObservabilityPipelineBufferOptionsWhenFull, optional
         """
         if max_size is not unset:
             kwargs["max_size"] = max_size
         if type is not unset:
             kwargs["type"] = type
-        if when_full is not unset:
-            kwargs["when_full"] = when_full
         super().__init__(kwargs)
diff --git a/src/datadog_api_client/v2/model/observability_pipeline_memory_buffer_size_options.py b/src/datadog_api_client/v2/model/observability_pipeline_memory_buffer_size_options.py
@@ -17,9 +17,6 @@
     from datadog_api_client.v2.model.observability_pipeline_buffer_options_memory_type import (
         ObservabilityPipelineBufferOptionsMemoryType,
     )
-    from datadog_api_client.v2.model.observability_pipeline_buffer_options_when_full import (
-        ObservabilityPipelineBufferOptionsWhenFull,
-    )
 
 
 class ObservabilityPipelineMemoryBufferSizeOptions(ModelNormal):
@@ -28,27 +25,21 @@ def openapi_types(_):
         from datadog_api_client.v2.model.observability_pipeline_buffer_options_memory_type import (
             ObservabilityPipelineBufferOptionsMemoryType,
         )
-        from datadog_api_client.v2.model.observability_pipeline_buffer_options_when_full import (
-            ObservabilityPipelineBufferOptionsWhenFull,
-        )
 
         return {
             "max_events": (int,),
             "type": (ObservabilityPipelineBufferOptionsMemoryType,),
-            "when_full": (ObservabilityPipelineBufferOptionsWhenFull,),
         }
 
     attribute_map = {
         "max_events": "max_events",
         "type": "type",
-        "when_full": "when_full",
     }
 
     def __init__(
         self_,
         max_events: Union[int, UnsetType] = unset,
         type: Union[ObservabilityPipelineBufferOptionsMemoryType, UnsetType] = unset,
-        when_full: Union[ObservabilityPipelineBufferOptionsWhenFull, UnsetType] = unset,
         **kwargs,
     ):
         """
@@ -59,14 +50,9 @@ def __init__(
 
         :param type: The type of the buffer that will be configured, a memory buffer.
         :type type: ObservabilityPipelineBufferOptionsMemoryType, optional
-
-        :param when_full: Behavior when the buffer is full (block and stop accepting new events, or drop new events)
-        :type when_full: ObservabilityPipelineBufferOptionsWhenFull, optional
         """
         if max_events is not unset:
             kwargs["max_events"] = max_events
         if type is not unset:
             kwargs["type"] = type
-        if when_full is not unset:
-            kwargs["when_full"] = when_full
         super().__init__(kwargs)
diff --git a/src/datadog_api_client/v2/model/security_monitoring_rule_anomaly_detection_options.py b/src/datadog_api_client/v2/model/security_monitoring_rule_anomaly_detection_options.py
@@ -47,13 +47,15 @@ def openapi_types(_):
         return {
             "bucket_duration": (SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration,),
             "detection_tolerance": (SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance,),
+            "instantaneous_baseline": (bool,),
             "learning_duration": (SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration,),
             "learning_period_baseline": (int,),
         }
 
     attribute_map = {
         "bucket_duration": "bucketDuration",
         "detection_tolerance": "detectionTolerance",
+        "instantaneous_baseline": "instantaneousBaseline",
         "learning_duration": "learningDuration",
         "learning_period_baseline": "learningPeriodBaseline",
     }
@@ -62,6 +64,7 @@ def __init__(
         self_,
         bucket_duration: Union[SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration, UnsetType] = unset,
         detection_tolerance: Union[SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance, UnsetType] = unset,
+        instantaneous_baseline: Union[bool, UnsetType] = unset,
         learning_duration: Union[SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration, UnsetType] = unset,
         learning_period_baseline: Union[int, UnsetType] = unset,
         **kwargs,
@@ -77,6 +80,9 @@ def __init__(
             Higher values require higher deviations before triggering a signal.
         :type detection_tolerance: SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance, optional
 
+        :param instantaneous_baseline: When set to true, Datadog uses previous values that fall within the defined learning window to construct the baseline, enabling the system to establish an accurate baseline more rapidly rather than relying solely on gradual learning over time.
+        :type instantaneous_baseline: bool, optional
+
         :param learning_duration: Learning duration in hours. Anomaly detection waits for at least this amount of historical data before it starts evaluating.
         :type learning_duration: SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration, optional
 
@@ -87,6 +93,8 @@ def __init__(
             kwargs["bucket_duration"] = bucket_duration
         if detection_tolerance is not unset:
             kwargs["detection_tolerance"] = detection_tolerance
+        if instantaneous_baseline is not unset:
+            kwargs["instantaneous_baseline"] = instantaneous_baseline
         if learning_duration is not unset:
             kwargs["learning_duration"] = learning_duration
         if learning_period_baseline is not unset:
diff --git a/tests/v2/cassettes/test_scenarios/test_create_a_detection_rule_with_detection_method_anomaly_detection_with_enabled_feature_instantaneousbaseline_returns_ok_response.frozen b/tests/v2/cassettes/test_scenarios/test_create_a_detection_rule_with_detection_method_anomaly_detection_with_enabled_feature_instantaneousbaseline_returns_ok_response.frozen
@@ -0,0 +1 @@
+2026-02-10T14:48:33.727Z
diff --git a/tests/v2/cassettes/test_scenarios/test_create_a_detection_rule_with_detection_method_anomaly_detection_with_enabled_feature_instantaneousbaseline_returns_ok_response.yaml b/tests/v2/cassettes/test_scenarios/test_create_a_detection_rule_with_detection_method_anomaly_detection_with_enabled_feature_instantaneousbaseline_returns_ok_response.yaml
@@ -0,0 +1,38 @@
+interactions:
+- request:
+    body: '{"cases":[{"condition":"a > 0.995","name":"","notifications":[],"status":"info"}],"filters":[],"isEnabled":true,"message":"An
+      anomaly detection rule","name":"Test-Create_a_detection_rule_with_detection_method_anomaly_detection_with_enabled_feature_instantaneousBa-1770734913","options":{"anomalyDetectionOptions":{"bucketDuration":300,"detectionTolerance":3,"instantaneousBaseline":true,"learningDuration":24},"detectionMethod":"anomaly_detection","evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"queries":[{"aggregation":"count","dataSource":"logs","distinctFields":[],"groupByFields":["@usr.email","@network.client.ip"],"hasOptionalGroupByFields":false,"name":"","query":"service:app
+      status:error"}],"tags":[],"type":"log_detection"}'
+    headers:
+      accept:
+      - application/json
+      content-type:
+      - application/json
+    method: POST
+    uri: https://api.datadoghq.com/api/v2/security_monitoring/rules
+  response:
+    body:
+      string: '{"name":"Test-Create_a_detection_rule_with_detection_method_anomaly_detection_with_enabled_feature_instantaneousBa-1770734913","createdAt":1770734914087,"isDefault":false,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"service:app
+        status:error","groupByFields":["@usr.email","@network.client.ip"],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"","dataSource":"logs"}],"options":{"evaluationWindow":1800,"detectionMethod":"anomaly_detection","maxSignalDuration":86400,"keepAlive":3600,"anomalyDetectionOptions":{"bucketDuration":300,"learningDuration":24,"detectionTolerance":3,"instantaneousBaseline":true,"instantaneousBaselineTimeoutMinutes":30}},"cases":[{"name":"","status":"info","notifications":[],"condition":"a
+        \u003e 0.995"}],"message":"An anomaly detection rule","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[],"version":1,"id":"mtt-vs9-dyl","blocking":false,"metadata":{"entities":null,"sources":null},"creationAuthorId":1445416,"creator":{"handle":"frog@datadoghq.com","name":"frog"},"updater":{"handle":"","name":""}}'
+    headers:
+      content-type:
+      - application/json
+    status:
+      code: 200
+      message: OK
+- request:
+    body: null
+    headers:
+      accept:
+      - '*/*'
+    method: DELETE
+    uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/mtt-vs9-dyl
+  response:
+    body:
+      string: ''
+    headers: {}
+    status:
+      code: 204
+      message: No Content
+version: 1
diff --git a/tests/v2/features/security_monitoring.feature b/tests/v2/features/security_monitoring.feature
@@ -456,6 +456,17 @@ Feature: Security Monitoring
     And the response "options.anomalyDetectionOptions.learningPeriodBaseline" is equal to 10
     And the response "options.anomalyDetectionOptions.detectionTolerance" is equal to 3
 
+  @team:DataDog/k9-cloud-security-platform
+  Scenario: Create a detection rule with detection method 'anomaly_detection' with enabled feature 'instantaneousBaseline' returns "OK" response
+    Given new "CreateSecurityMonitoringRule" request
+    And body with value {"name":"{{ unique }}","type":"log_detection","isEnabled":true,"queries":[{"aggregation":"count","dataSource":"logs","distinctFields":[],"groupByFields":["@usr.email","@network.client.ip"],"hasOptionalGroupByFields":false,"name":"","query":"service:app status:error"}],"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 0.995"}],"message":"An anomaly detection rule","options":{"detectionMethod":"anomaly_detection","evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400,"anomalyDetectionOptions":{"bucketDuration":300,"learningDuration":24,"detectionTolerance":3,"instantaneousBaseline":true}},"tags":[],"filters":[]}
+    When the request is sent
+    Then the response status is 200 OK
+    And the response "name" is equal to "{{ unique }}"
+    And the response "type" is equal to "log_detection"
+    And the response "options.detectionMethod" is equal to "anomaly_detection"
+    And the response "options.anomalyDetectionOptions.instantaneousBaseline" is equal to true
+
   @team:DataDog/k9-cloud-security-platform
   Scenario: Create a detection rule with detection method 'sequence_detection' returns "OK" response
     Given new "CreateSecurityMonitoringRule" request
