Regenerate client from commit 7d6e091 of spec repo

Author: ci.datadog-api-spec

.generator/schemas/v2/openapi.yaml

@@ -49518,6 +49518,7 @@ components:
       - third_party
       - anomaly_threshold
       - sequence_detection
+      example: threshold
       type: string
       x-enum-varnames:
       - THRESHOLD
@@ -49617,6 +49618,58 @@ components:
       - SIX_HOURS
       - TWELVE_HOURS
       - ONE_DAY
+    SecurityMonitoringRuleLivetailRequest:
+      description: Request to preview a rule query with applied filters.
+      properties:
+        dataSource:
+          description: Data source for the query.
+          example: logs
+          type: string
+        detectionMethod:
+          $ref: '#/components/schemas/SecurityMonitoringRuleDetectionMethod'
+        distinctFields:
+          description: Fields to apply distinct on.
+          items:
+            type: string
+          type: array
+        filters:
+          description: Additional security filters to apply.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringFilter'
+          type: array
+        groupByFields:
+          description: Fields to group by.
+          items:
+            type: string
+          type: array
+        query:
+          description: The query to preview.
+          example: source:java
+          type: string
+        queryIndex:
+          description: Index of the query in the rule.
+          example: 0
+          format: int32
+          maximum: 9
+          minimum: 0
+          type: integer
+        type:
+          $ref: '#/components/schemas/SecurityMonitoringRuleTypeRead'
+      required:
+      - query
+      - queryIndex
+      - type
+      - detectionMethod
+      - dataSource
+      type: object
+    SecurityMonitoringRuleLivetailResponse:
+      description: Response containing the modified query with applied filters.
+      properties:
+        query:
+          description: The modified query with all filters applied.
+          example: source:java (service:payment OR service:auth)
+          type: string
+      type: object
     SecurityMonitoringRuleMaxSignalDuration:
       description: 'A signal will "close" regardless of the query being matched once
         the time exceeds the maximum duration.
@@ -49962,6 +50015,7 @@ components:
       - cloud_configuration
       - application_security
       - api_security
+      example: log_detection
       type: string
       x-enum-varnames:
       - LOG_DETECTION
@@ -86008,6 +86062,46 @@ paths:
       summary: Get a suppression's version history
       tags:
       - Security Monitoring
+  /api/v2/security_monitoring/livetail:
+    post:
+      description: 'Preview a security monitoring rule query with security filters,
+        group by fields, and distinct fields applied.
+
+        This endpoint is used in the rule editor to show how the query will be transformed
+        after applying additional filters.'
+      operationId: PreviewSecurityMonitoringRuleQuery
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SecurityMonitoringRuleLivetailRequest'
+        required: true
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SecurityMonitoringRuleLivetailResponse'
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_rules_read
+      summary: Preview a rule query with applied filters
+      tags:
+      - Security Monitoring
+      x-codegen-request-body-name: body
+      x-permission:
+        operator: OR
+        permissions:
+        - security_monitoring_rules_read
   /api/v2/security_monitoring/rules:
     get:
       description: List rules.

cassettes/features/v2/security_monitoring/Preview-a-rule-query-with-applied-filters-returns-OK-response.frozen

@@ -0,0 +1 @@
+2026-01-20T10:27:51.146Z

cassettes/features/v2/security_monitoring/Preview-a-rule-query-with-applied-filters-returns-OK-response.yml

@@ -0,0 +1,16 @@
+# Preview a rule query with applied filters returns "OK" response
+
+require "datadog_api_client"
+api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
+
+body = DatadogAPIClient::V2::SecurityMonitoringRuleLivetailRequest.new({
+  query: "source:cloudtrail",
+  query_index: 0,
+  filters: [],
+  type: DatadogAPIClient::V2::SecurityMonitoringRuleTypeRead::LOG_DETECTION,
+  detection_method: DatadogAPIClient::V2::SecurityMonitoringRuleDetectionMethod::THRESHOLD,
+  data_source: "logs",
+  group_by_fields: [],
+  distinct_fields: [],
+})
+p api_instance.preview_security_monitoring_rule_query(body)

examples/v2/security-monitoring/PreviewSecurityMonitoringRuleQuery.rb

@@ -1590,6 +1590,9 @@
             "page_size" => "Integer",
             "page_number" => "Integer",
     },
+    "v2.PreviewSecurityMonitoringRuleQuery" => {
+            "body" => "SecurityMonitoringRuleLivetailRequest",
+    },
     "v2.ListSecurityMonitoringRules" => {
             "page_size" => "Integer",
             "page_number" => "Integer",

features/scenarios_model_mapping.rb

@@ -1644,6 +1644,20 @@ Feature: Security Monitoring
     When the request is sent
     Then the response status is 422 The server cannot process the request because it contains invalid data.
 
+  @skip @team:DataDog/k9-cloud-security-platform
+  Scenario: Preview a rule query with applied filters returns "Bad Request" response
+    Given new "PreviewSecurityMonitoringRuleQuery" request
+    And body with value {"query":"","queryIndex":0,"filters":[],"type":"log_detection","detectionMethod":"threshold","dataSource":"logs","groupByFields":[],"distinctFields":[]}
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @team:DataDog/k9-cloud-security-platform
+  Scenario: Preview a rule query with applied filters returns "OK" response
+    Given new "PreviewSecurityMonitoringRuleQuery" request
+    And body with value {"query":"source:cloudtrail","queryIndex":0,"filters":[],"type":"log_detection","detectionMethod":"threshold","dataSource":"logs","groupByFields":[],"distinctFields":[]}
+    When the request is sent
+    Then the response status is 200 OK
+
   @generated @skip @team:DataDog/k9-vm-ast
   Scenario: Returns a list of Secrets rules returns "OK" response
     Given operation "GetSecretsRules" enabled

features/v2/security_monitoring.feature

@@ -4137,6 +4137,12 @@
       "type": "safe"
     }
   },
+  "PreviewSecurityMonitoringRuleQuery": {
+    "tag": "Security Monitoring",
+    "undo": {
+      "type": "safe"
+    }
+  },
   "ListSecurityMonitoringRules": {
     "tag": "Security Monitoring",
     "undo": {

features/v2/undo.json

@@ -4086,6 +4086,8 @@ def overrides
           "v2.security_monitoring_rule_hardcoded_evaluator_type" => "SecurityMonitoringRuleHardcodedEvaluatorType",
           "v2.security_monitoring_rule_impossible_travel_options" => "SecurityMonitoringRuleImpossibleTravelOptions",
           "v2.security_monitoring_rule_keep_alive" => "SecurityMonitoringRuleKeepAlive",
+          "v2.security_monitoring_rule_livetail_request" => "SecurityMonitoringRuleLivetailRequest",
+          "v2.security_monitoring_rule_livetail_response" => "SecurityMonitoringRuleLivetailResponse",
           "v2.security_monitoring_rule_max_signal_duration" => "SecurityMonitoringRuleMaxSignalDuration",
           "v2.security_monitoring_rule_new_value_options" => "SecurityMonitoringRuleNewValueOptions",
           "v2.security_monitoring_rule_new_value_options_forget_after" => "SecurityMonitoringRuleNewValueOptionsForgetAfter",

lib/datadog_api_client/inflector.rb

@@ -5145,6 +5145,74 @@ def patch_vulnerability_notification_rule_with_http_info(id, body, opts = {})
       return data, status_code, headers
     end
 
+    # Preview a rule query with applied filters.
+    #
+    # @see #preview_security_monitoring_rule_query_with_http_info
+    def preview_security_monitoring_rule_query(body, opts = {})
+      data, _status_code, _headers = preview_security_monitoring_rule_query_with_http_info(body, opts)
+      data
+    end
+
+    # Preview a rule query with applied filters.
+    #
+    # Preview a security monitoring rule query with security filters, group by fields, and distinct fields applied.
+    # This endpoint is used in the rule editor to show how the query will be transformed after applying additional filters.
+    #
+    # @param body [SecurityMonitoringRuleLivetailRequest] 
+    # @param opts [Hash] the optional parameters
+    # @return [Array<(SecurityMonitoringRuleLivetailResponse, Integer, Hash)>] SecurityMonitoringRuleLivetailResponse data, response status code and response headers
+    def preview_security_monitoring_rule_query_with_http_info(body, opts = {})
+
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: SecurityMonitoringAPI.preview_security_monitoring_rule_query ...'
+      end
+      # verify the required parameter 'body' is set
+      if @api_client.config.client_side_validation && body.nil?
+        fail ArgumentError, "Missing the required parameter 'body' when calling SecurityMonitoringAPI.preview_security_monitoring_rule_query"
+      end
+      # resource path
+      local_var_path = '/api/v2/security_monitoring/livetail'
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json'])
+      # HTTP header 'Content-Type'
+      header_params['Content-Type'] = @api_client.select_header_content_type(['application/json'])
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body] || @api_client.object_to_http_body(body)
+
+      # return_type
+      return_type = opts[:debug_return_type] || 'SecurityMonitoringRuleLivetailResponse'
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth, :AuthZ]
+
+      new_options = opts.merge(
+        :operation => :preview_security_monitoring_rule_query,
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type,
+        :api_version => "V2"
+      )
+
+      data, status_code, headers = @api_client.call_api(Net::HTTP::Post, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: SecurityMonitoringAPI#preview_security_monitoring_rule_query\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+
     # Run a threat hunting job.
     #
     # @see #run_threat_hunting_job_with_http_info