DataDog
diff --git a/‎.generator/schemas/v2/openapi.yaml‎
Lines changed: 276 additions & 0 deletions b/‎.generator/schemas/v2/openapi.yaml‎
Lines changed: 276 additions & 0 deletions
diff --git a/‎docs/datadog_api_client.v2.model.rst‎
Lines changed: 70 additions & 0 deletions b/‎docs/datadog_api_client.v2.model.rst‎
Lines changed: 70 additions & 0 deletions
diff --git a/‎examples/v2/security-monitoring/ActivateContentPack.py‎
Lines changed: 14 additions & 0 deletions b/‎examples/v2/security-monitoring/ActivateContentPack.py‎
Lines changed: 14 additions & 0 deletions
@@ -52613,6 +52613,153 @@ components:
       x-enum-varnames:
       - DONE
       - TIMEOUT
+    SecurityMonitoringContentPackActivation:
+      description: The activation status of a content pack
+      enum:
+      - never_activated
+      - activated
+      - deactivated
+      example: activated
+      type: string
+      x-enum-varnames:
+      - NEVER_ACTIVATED
+      - ACTIVATED
+      - DEACTIVATED
+    SecurityMonitoringContentPackIntegrationStatus:
+      description: The installation status of the related integration
+      enum:
+      - installed
+      - available
+      - partially_installed
+      - detected
+      - error
+      example: installed
+      type: string
+      x-enum-varnames:
+      - INSTALLED
+      - AVAILABLE
+      - PARTIALLY_INSTALLED
+      - DETECTED
+      - ERROR
+    SecurityMonitoringContentPackStateAttributes:
+      description: Attributes of a content pack state
+      properties:
+        cloud_siem_index_incorrect:
+          description: Whether the cloud SIEM index configuration is incorrect (only
+            applies to certain pricing models)
+          example: false
+          type: boolean
+        cp_activation:
+          $ref: '#/components/schemas/SecurityMonitoringContentPackActivation'
+        filters_configured_for_logs:
+          description: Whether filters (Security Filters or Index Query depending
+            on the pricing model) are configured for logs
+          example: true
+          type: boolean
+        integration_installed_status:
+          $ref: '#/components/schemas/SecurityMonitoringContentPackIntegrationStatus'
+        logs_last_collected:
+          $ref: '#/components/schemas/SecurityMonitoringContentPackTimestampBucket'
+        logs_seen_from_any_index:
+          description: Whether logs have been seen from any index
+          example: true
+          type: boolean
+        state:
+          $ref: '#/components/schemas/SecurityMonitoringContentPackStatus'
+      required:
+      - state
+      - cp_activation
+      - logs_seen_from_any_index
+      - logs_last_collected
+      - cloud_siem_index_incorrect
+      - filters_configured_for_logs
+      type: object
+    SecurityMonitoringContentPackStateData:
+      description: Content pack state data.
+      properties:
+        attributes:
+          $ref: '#/components/schemas/SecurityMonitoringContentPackStateAttributes'
+        id:
+          description: The content pack identifier.
+          example: aws-cloudtrail
+          type: string
+        type:
+          $ref: '#/components/schemas/SecurityMonitoringContentPackStateType'
+      required:
+      - id
+      - type
+      - attributes
+      type: object
+    SecurityMonitoringContentPackStateMeta:
+      description: Metadata for content pack states
+      properties:
+        cloud_siem_index_incorrect:
+          description: Whether the cloud SIEM index configuration is incorrect at
+            the organization level
+          example: false
+          type: boolean
+        sku:
+          $ref: '#/components/schemas/SecurityMonitoringSKU'
+      required:
+      - cloud_siem_index_incorrect
+      - sku
+      type: object
+    SecurityMonitoringContentPackStateType:
+      description: Type for content pack state object
+      enum:
+      - content_pack_state
+      example: content_pack_state
+      type: string
+      x-enum-varnames:
+      - CONTENT_PACK_STATE
+    SecurityMonitoringContentPackStatesResponse:
+      description: Response containing content pack states.
+      properties:
+        data:
+          description: Array of content pack states.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringContentPackStateData'
+          type: array
+        meta:
+          $ref: '#/components/schemas/SecurityMonitoringContentPackStateMeta'
+      required:
+      - data
+      - meta
+      type: object
+    SecurityMonitoringContentPackStatus:
+      description: The current status of a content pack
+      enum:
+      - install
+      - activate
+      - initializing
+      - active
+      - warning
+      - broken
+      example: active
+      type: string
+      x-enum-varnames:
+      - INSTALL
+      - ACTIVATE
+      - INITIALIZING
+      - ACTIVE
+      - WARNING
+      - BROKEN
+    SecurityMonitoringContentPackTimestampBucket:
+      description: Timestamp bucket indicating when logs were last collected
+      enum:
+      - not_seen
+      - within_24_hours
+      - within_24_to_72_hours
+      - over_72h_to_30d
+      - over_30d
+      example: within_24_hours
+      type: string
+      x-enum-varnames:
+      - NOT_SEEN
+      - WITHIN_24_HOURS
+      - WITHIN_24_TO_72_HOURS
+      - OVER_72H_TO_30D
+      - OVER_30D
     SecurityMonitoringCriticalAsset:
       description: The critical asset's properties.
       properties:
@@ -53740,6 +53887,18 @@ components:
       - $ref: '#/components/schemas/SecurityMonitoringStandardRulePayload'
       - $ref: '#/components/schemas/SecurityMonitoringSignalRulePayload'
       - $ref: '#/components/schemas/CloudConfigurationRulePayload'
+    SecurityMonitoringSKU:
+      description: The SIEM pricing model (SKU) for the organization
+      enum:
+      - per_gb_analyzed
+      - per_event_in_siem_index_2023
+      - add_on_2024
+      example: add_on_2024
+      type: string
+      x-enum-varnames:
+      - PER_GB_ANALYZED
+      - PER_EVENT_IN_SIEM_INDEX_2023
+      - ADD_ON_2024
     SecurityMonitoringSchedulingOptions:
       description: Options for scheduled rules. When this field is present, the rule
         runs based on the schedule. When absent, it runs real-time on ingested logs.
@@ -94103,6 +94262,123 @@ paths:
       summary: Get a suppression's version history
       tags:
       - Security Monitoring
+  /api/v2/security_monitoring/content_packs/states:
+    get:
+      description: 'Get the activation and configuration states for all security monitoring
+        content packs.
+
+        This endpoint returns status information about each content pack including
+        activation state,
+
+        integration status, and log collection status.'
+      operationId: GetContentPacksStates
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SecurityMonitoringContentPackStatesResponse'
+          description: OK
+        '403':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JSONAPIErrorResponse'
+          description: Forbidden
+        '404':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JSONAPIErrorResponse'
+          description: Not Found
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Get content pack states
+      tags:
+      - Security Monitoring
+      x-unstable: '**Note**: This endpoint is in preview and is subject to change.
+
+        If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
+  /api/v2/security_monitoring/content_packs/{content_pack_id}/activate:
+    put:
+      description: 'Activate a security monitoring content pack. This operation configures
+        the necessary
+
+        log filters or security filters depending on the pricing model and updates
+        the content
+
+        pack activation state.'
+      operationId: ActivateContentPack
+      parameters:
+      - description: The ID of the content pack to activate.
+        in: path
+        name: content_pack_id
+        required: true
+        schema:
+          example: aws-cloudtrail
+          type: string
+      responses:
+        '202':
+          description: Accepted
+        '403':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JSONAPIErrorResponse'
+          description: Forbidden
+        '404':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JSONAPIErrorResponse'
+          description: Not Found
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Activate content pack
+      tags:
+      - Security Monitoring
+      x-unstable: '**Note**: This endpoint is in preview and is subject to change.
+
+        If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
+  /api/v2/security_monitoring/content_packs/{content_pack_id}/deactivate:
+    put:
+      description: 'Deactivate a security monitoring content pack. This operation
+        removes the content pack''s
+
+        configuration from log filters or security filters and updates the content
+        pack activation state.'
+      operationId: DeactivateContentPack
+      parameters:
+      - description: The ID of the content pack to deactivate.
+        in: path
+        name: content_pack_id
+        required: true
+        schema:
+          example: aws-cloudtrail
+          type: string
+      responses:
+        '202':
+          description: Accepted
+        '403':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JSONAPIErrorResponse'
+          description: Forbidden
+        '404':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/JSONAPIErrorResponse'
+          description: Not Found
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Deactivate content pack
+      tags:
+      - Security Monitoring
+      x-unstable: '**Note**: This endpoint is in preview and is subject to change.
+
+        If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
   /api/v2/security_monitoring/rules:
     get:
       description: List rules.
 
@@ -23195,6 +23195,69 @@ datadog\_api\_client.v2.model.security\_findings\_status module
    :members:
    :show-inheritance:
 
+datadog\_api\_client.v2.model.security\_monitoring\_content\_pack\_activation module
+------------------------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.security_monitoring_content_pack_activation
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.security\_monitoring\_content\_pack\_integration\_status module
+---------------------------------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.security_monitoring_content_pack_integration_status
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.security\_monitoring\_content\_pack\_state\_attributes module
+-------------------------------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.security_monitoring_content_pack_state_attributes
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.security\_monitoring\_content\_pack\_state\_data module
+-------------------------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.security_monitoring_content_pack_state_data
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.security\_monitoring\_content\_pack\_state\_meta module
+-------------------------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.security_monitoring_content_pack_state_meta
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.security\_monitoring\_content\_pack\_state\_type module
+-------------------------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.security_monitoring_content_pack_state_type
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.security\_monitoring\_content\_pack\_states\_response module
+------------------------------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.security_monitoring_content_pack_states_response
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.security\_monitoring\_content\_pack\_status module
+--------------------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.security_monitoring_content_pack_status
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.security\_monitoring\_content\_pack\_timestamp\_bucket module
+-------------------------------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.security_monitoring_content_pack_timestamp_bucket
+   :members:
+   :show-inheritance:
+
 datadog\_api\_client.v2.model.security\_monitoring\_critical\_asset module
 --------------------------------------------------------------------------
 
@@ -23888,6 +23951,13 @@ datadog\_api\_client.v2.model.security\_monitoring\_signals\_sort module
    :members:
    :show-inheritance:
 
+datadog\_api\_client.v2.model.security\_monitoring\_sku module
+--------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.security_monitoring_sku
+   :members:
+   :show-inheritance:
+
 datadog\_api\_client.v2.model.security\_monitoring\_standard\_data\_source module
 ---------------------------------------------------------------------------------
 
 
@@ -0,0 +1,14 @@
+"""
+Activate content pack returns "Accepted" response
+"""
+
+from datadog_api_client import ApiClient, Configuration
+from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
+
+configuration = Configuration()
+configuration.unstable_operations["activate_content_pack"] = True
+with ApiClient(configuration) as api_client:
+    api_instance = SecurityMonitoringApi(api_client)
+    api_instance.activate_content_pack(
+        content_pack_id="aws-cloudtrail",
+    )