[SEC-27453][docs] reconcile SIEM historical detections OpenAPI with current schema

.generator/schemas/v2/openapi.yaml

@@ -18908,9 +18908,6 @@ components:
     ConvertJobResultsToSignalsAttributes:
       description: Attributes for converting historical job results to signals.
       properties:
-        id:
-          description: Request ID.
-          type: string
         jobResultIds:
           description: Job result IDs.
           example:
@@ -37540,10 +37537,34 @@ components:
     HistoricalJobQuery:
       description: Query for selecting logs analyzed by the historical job.
       properties:
+        additionalFilters:
+          description: Additional filters appended to the query at evaluation time.
+          type: string
         aggregation:
           $ref: "#/components/schemas/SecurityMonitoringRuleQueryAggregation"
+        correlatedByFields:
+          description: Fields used to correlate results across queries in sequence detection rules.
+          items:
+            description: Field.
+            type: string
+          type: array
+        correlatedQueryIndex:
+          description: Zero-based index of the query to correlate with in sequence detection rules. Up to 10 queries are supported, so valid values are 0 to 9.
+          format: int64
+          maximum: 9
+          minimum: 0
+          type: integer
+        customQueryExtension:
+          description: Custom query extension used to refine the base query.
+          type: string
         dataSource:
           $ref: "#/components/schemas/SecurityMonitoringStandardDataSource"
+        datasetIds:
+          description: IDs of reference datasets used by this query.
+          items:
+            description: Dataset ID.
+            type: string
+          type: array
         distinctFields:
           description: Field for which the cardinality is measured. Sent as an array.
           items:
@@ -37561,6 +37582,15 @@ components:
           description: When false, events without a group-by value are ignored by the query. When true, events with missing group-by fields are processed with `N/A`, replacing the missing values.
           example: false
           type: boolean
+        index:
+          description: Index used to load the data for this query.
+          type: string
+        indexes:
+          description: Indexes used to load the data for this query. Mutually exclusive with `index`.
+          items:
+            description: Index name.
+            type: string
+          type: array
         metrics:
           description: Group of target fields to aggregate over when using the sum, max, geo data, or new value aggregations. The sum, max, and geo data aggregations only accept one value in this list, whereas the new value aggregation accepts up to five values.
           items:
@@ -37574,6 +37604,9 @@ components:
           description: Query to run on logs.
           example: a > 3
           type: string
+        queryLanguage:
+          description: Language used to parse the query string.
+          type: string
       type: object
     HistoricalJobResponse:
       description: Historical job response.
@@ -37607,6 +37640,10 @@ components:
         modifiedAt:
           description: Last modification time of the job.
           type: string
+        progressRate:
+          description: Job execution progress as a value between 0 and 1. Omitted for finished jobs.
+          format: double
+          type: number
         signalOutput:
           description: Whether the job outputs signals.
           type: boolean
@@ -43137,9 +43174,10 @@ components:
             $ref: "#/components/schemas/CalculatedField"
           type: array
         cases:
-          description: Cases used for generating job results.
+          description: Cases used for generating job results. Up to 10 cases are allowed.
           items:
             $ref: "#/components/schemas/SecurityMonitoringRuleCaseCreate"
+          maxItems: 10
           type: array
         from:
           description: Starting time of data analyzed by the job.
@@ -43169,9 +43207,10 @@ components:
         options:
           $ref: "#/components/schemas/HistoricalJobOptions"
         queries:
-          description: Queries for selecting logs analyzed by the job.
+          description: Queries for selecting logs analyzed by the job. Up to 10 queries are allowed.
           items:
             $ref: "#/components/schemas/HistoricalJobQuery"
+          maxItems: 10
           type: array
         referenceTables:
           description: Reference tables used in the queries.
@@ -43185,10 +43224,11 @@ components:
             type: string
           type: array
         thirdPartyCases:
-          description: Cases for generating results from third-party detection method. Only available for third-party detection method.
+          description: Cases for generating results from third-party detection method. Only available for third-party detection method. Up to 10 cases are allowed.
           example: []
           items:
             $ref: "#/components/schemas/SecurityMonitoringThirdPartyRuleCaseCreate"
+          maxItems: 10
           type: array
         to:
           description: Ending time of data analyzed by the job.
@@ -43210,6 +43250,12 @@ components:
     JobDefinitionFromRule:
       description: Definition of a historical job based on a security monitoring rule.
       properties:
+        caseIndex:
+          description: Zero-based index of the rule case to use as the job's signal condition. When omitted, all cases are evaluated. Up to 10 cases are supported, so valid values are 0 to 9.
+          format: int32
+          maximum: 9
+          minimum: 0
+          type: integer
         from:
           description: Starting time of data analyzed by the job.
           example: 1729843470000
@@ -70274,11 +70320,11 @@ components:
       properties:
         fromRule:
           $ref: "#/components/schemas/JobDefinitionFromRule"
-        id:
-          description: Request ID.
-          type: string
         jobDefinition:
           $ref: "#/components/schemas/JobDefinition"
+        signalOutput:
+          description: Whether the job outputs signals when results are converted.
+          type: boolean
       type: object
     RunHistoricalJobRequestData:
       description: Data for running a historical job request.
@@ -154835,7 +154881,7 @@ paths:
         **Note**: This endpoint is in beta and may be subject to changes.
         Please check the documentation regularly for updates.
   /api/v2/siem-historical-detections/histsignals/search:
-    get:
+    post:
       description: Search hist signals.
       operationId: SearchSecurityMonitoringHistsignals
       requestBody:
@@ -154887,6 +154933,7 @@ paths:
             - security_monitoring_signals_read
       summary: Search hist signals
       tags: ["Security Monitoring"]
+      x-codegen-request-body-name: body
       "x-permission":
         operator: OR
         permissions:

src/main/java/com/datadog/api/client/v2/api/SecurityMonitoringApi.java

@@ -20893,7 +20893,7 @@ public SecurityMonitoringSignalsListResponse searchSecurityMonitoringHistsignals
             new String[] {"application/json"},
             new String[] {"apiKeyAuth", "appKeyAuth", "AuthZ"});
     return apiClient.invokeAPI(
-        "GET",
+        "POST",
         builder,
         localVarHeaderParams,
         new String[] {"application/json"},
@@ -20949,7 +20949,7 @@ public SecurityMonitoringSignalsListResponse searchSecurityMonitoringHistsignals
       return result;
     }
     return apiClient.invokeAPIAsync(
-        "GET",
+        "POST",
         builder,
         localVarHeaderParams,
         new String[] {"application/json"},

src/main/java/com/datadog/api/client/v2/model/ConvertJobResultsToSignalsAttributes.java

@@ -21,7 +21,6 @@
 
 /** Attributes for converting historical job results to signals. */
 @JsonPropertyOrder({
-  ConvertJobResultsToSignalsAttributes.JSON_PROPERTY_ID,
   ConvertJobResultsToSignalsAttributes.JSON_PROPERTY_JOB_RESULT_IDS,
   ConvertJobResultsToSignalsAttributes.JSON_PROPERTY_NOTIFICATIONS,
   ConvertJobResultsToSignalsAttributes.JSON_PROPERTY_SIGNAL_MESSAGE,
@@ -31,9 +30,6 @@
     value = "https://github.com/DataDog/datadog-api-client-java/blob/master/.generator")
 public class ConvertJobResultsToSignalsAttributes {
   @JsonIgnore public boolean unparsed = false;
-  public static final String JSON_PROPERTY_ID = "id";
-  private String id;
-
   public static final String JSON_PROPERTY_JOB_RESULT_IDS = "jobResultIds";
   private List<String> jobResultIds = new ArrayList<>();
 
@@ -64,27 +60,6 @@ public ConvertJobResultsToSignalsAttributes(
     this.unparsed |= !signalSeverity.isValid();
   }
 
-  public ConvertJobResultsToSignalsAttributes id(String id) {
-    this.id = id;
-    return this;
-  }
-
-  /**
-   * Request ID.
-   *
-   * @return id
-   */
-  @jakarta.annotation.Nullable
-  @JsonProperty(JSON_PROPERTY_ID)
-  @JsonInclude(value = JsonInclude.Include.USE_DEFAULTS)
-  public String getId() {
-    return id;
-  }
-
-  public void setId(String id) {
-    this.id = id;
-  }
-
   public ConvertJobResultsToSignalsAttributes jobResultIds(List<String> jobResultIds) {
     this.jobResultIds = jobResultIds;
     return this;
@@ -237,8 +212,7 @@ public boolean equals(Object o) {
     }
     ConvertJobResultsToSignalsAttributes convertJobResultsToSignalsAttributes =
         (ConvertJobResultsToSignalsAttributes) o;
-    return Objects.equals(this.id, convertJobResultsToSignalsAttributes.id)
-        && Objects.equals(this.jobResultIds, convertJobResultsToSignalsAttributes.jobResultIds)
+    return Objects.equals(this.jobResultIds, convertJobResultsToSignalsAttributes.jobResultIds)
         && Objects.equals(this.notifications, convertJobResultsToSignalsAttributes.notifications)
         && Objects.equals(this.signalMessage, convertJobResultsToSignalsAttributes.signalMessage)
         && Objects.equals(this.signalSeverity, convertJobResultsToSignalsAttributes.signalSeverity)
@@ -249,14 +223,13 @@ public boolean equals(Object o) {
   @Override
   public int hashCode() {
     return Objects.hash(
-        id, jobResultIds, notifications, signalMessage, signalSeverity, additionalProperties);
+        jobResultIds, notifications, signalMessage, signalSeverity, additionalProperties);
   }
 
   @Override
   public String toString() {
     StringBuilder sb = new StringBuilder();
     sb.append("class ConvertJobResultsToSignalsAttributes {\n");
-    sb.append("    id: ").append(toIndentedString(id)).append("\n");
     sb.append("    jobResultIds: ").append(toIndentedString(jobResultIds)).append("\n");
     sb.append("    notifications: ").append(toIndentedString(notifications)).append("\n");
     sb.append("    signalMessage: ").append(toIndentedString(signalMessage)).append("\n");