diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml index c1ed292566..2c49d4f91c 100644 --- a/.generator/schemas/v2/openapi.yaml +++ b/.generator/schemas/v2/openapi.yaml @@ -18908,9 +18908,6 @@ components: ConvertJobResultsToSignalsAttributes: description: Attributes for converting historical job results to signals. properties: - id: - description: Request ID. - type: string jobResultIds: description: Job result IDs. example: @@ -37540,10 +37537,34 @@ components: HistoricalJobQuery: description: Query for selecting logs analyzed by the historical job. properties: + additionalFilters: + description: Additional filters appended to the query at evaluation time. + type: string aggregation: $ref: "#/components/schemas/SecurityMonitoringRuleQueryAggregation" + correlatedByFields: + description: Fields used to correlate results across queries in sequence detection rules. + items: + description: Field. + type: string + type: array + correlatedQueryIndex: + description: Zero-based index of the query to correlate with in sequence detection rules. Up to 10 queries are supported, so valid values are 0 to 9. + format: int64 + maximum: 9 + minimum: 0 + type: integer + customQueryExtension: + description: Custom query extension used to refine the base query. + type: string dataSource: $ref: "#/components/schemas/SecurityMonitoringStandardDataSource" + datasetIds: + description: IDs of reference datasets used by this query. + items: + description: Dataset ID. + type: string + type: array distinctFields: description: Field for which the cardinality is measured. Sent as an array. items: @@ -37561,6 +37582,15 @@ components: description: When false, events without a group-by value are ignored by the query. When true, events with missing group-by fields are processed with `N/A`, replacing the missing values. example: false type: boolean + index: + description: Index used to load the data for this query. + type: string + indexes: + description: Indexes used to load the data for this query. Mutually exclusive with `index`. + items: + description: Index name. + type: string + type: array metrics: description: Group of target fields to aggregate over when using the sum, max, geo data, or new value aggregations. The sum, max, and geo data aggregations only accept one value in this list, whereas the new value aggregation accepts up to five values. items: @@ -37574,6 +37604,9 @@ components: description: Query to run on logs. example: a > 3 type: string + queryLanguage: + description: Language used to parse the query string. + type: string type: object HistoricalJobResponse: description: Historical job response. @@ -37607,6 +37640,10 @@ components: modifiedAt: description: Last modification time of the job. type: string + progressRate: + description: Job execution progress as a value between 0 and 1. Omitted for finished jobs. + format: double + type: number signalOutput: description: Whether the job outputs signals. type: boolean @@ -43137,9 +43174,10 @@ components: $ref: "#/components/schemas/CalculatedField" type: array cases: - description: Cases used for generating job results. + description: Cases used for generating job results. Up to 10 cases are allowed. items: $ref: "#/components/schemas/SecurityMonitoringRuleCaseCreate" + maxItems: 10 type: array from: description: Starting time of data analyzed by the job. @@ -43169,9 +43207,10 @@ components: options: $ref: "#/components/schemas/HistoricalJobOptions" queries: - description: Queries for selecting logs analyzed by the job. + description: Queries for selecting logs analyzed by the job. Up to 10 queries are allowed. items: $ref: "#/components/schemas/HistoricalJobQuery" + maxItems: 10 type: array referenceTables: description: Reference tables used in the queries. @@ -43185,10 +43224,11 @@ components: type: string type: array thirdPartyCases: - description: Cases for generating results from third-party detection method. Only available for third-party detection method. + description: Cases for generating results from third-party detection method. Only available for third-party detection method. Up to 10 cases are allowed. example: [] items: $ref: "#/components/schemas/SecurityMonitoringThirdPartyRuleCaseCreate" + maxItems: 10 type: array to: description: Ending time of data analyzed by the job. @@ -43210,6 +43250,12 @@ components: JobDefinitionFromRule: description: Definition of a historical job based on a security monitoring rule. properties: + caseIndex: + description: Zero-based index of the rule case to use as the job's signal condition. When omitted, all cases are evaluated. Up to 10 cases are supported, so valid values are 0 to 9. + format: int32 + maximum: 9 + minimum: 0 + type: integer from: description: Starting time of data analyzed by the job. example: 1729843470000 @@ -70274,11 +70320,11 @@ components: properties: fromRule: $ref: "#/components/schemas/JobDefinitionFromRule" - id: - description: Request ID. - type: string jobDefinition: $ref: "#/components/schemas/JobDefinition" + signalOutput: + description: Whether the job outputs signals when results are converted. + type: boolean type: object RunHistoricalJobRequestData: description: Data for running a historical job request. @@ -154835,7 +154881,7 @@ paths: **Note**: This endpoint is in beta and may be subject to changes. Please check the documentation regularly for updates. /api/v2/siem-historical-detections/histsignals/search: - get: + post: description: Search hist signals. operationId: SearchSecurityMonitoringHistsignals requestBody: @@ -154887,6 +154933,7 @@ paths: - security_monitoring_signals_read summary: Search hist signals tags: ["Security Monitoring"] + x-codegen-request-body-name: body "x-permission": operator: OR permissions: diff --git a/src/datadog_api_client/v2/api/security_monitoring_api.py b/src/datadog_api_client/v2/api/security_monitoring_api.py index d35a6ae639..17da56a4a8 100644 --- a/src/datadog_api_client/v2/api/security_monitoring_api.py +++ b/src/datadog_api_client/v2/api/security_monitoring_api.py @@ -3448,7 +3448,7 @@ def __init__(self, api_client=None): "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"], "endpoint_path": "/api/v2/siem-historical-detections/histsignals/search", "operation_id": "search_security_monitoring_histsignals", - "http_method": "GET", + "http_method": "POST", "version": "v2", }, params_map={ diff --git a/src/datadog_api_client/v2/model/convert_job_results_to_signals_attributes.py b/src/datadog_api_client/v2/model/convert_job_results_to_signals_attributes.py index 652df1f137..bf66db3fa2 100644 --- a/src/datadog_api_client/v2/model/convert_job_results_to_signals_attributes.py +++ b/src/datadog_api_client/v2/model/convert_job_results_to_signals_attributes.py @@ -3,13 +3,11 @@ # Copyright 2019-Present Datadog, Inc. from __future__ import annotations -from typing import List, Union, TYPE_CHECKING +from typing import List, TYPE_CHECKING from datadog_api_client.model_utils import ( ModelNormal, cached_property, - unset, - UnsetType, ) @@ -23,7 +21,6 @@ def openapi_types(_): from datadog_api_client.v2.model.security_monitoring_rule_severity import SecurityMonitoringRuleSeverity return { - "id": (str,), "job_result_ids": ([str],), "notifications": ([str],), "signal_message": (str,), @@ -31,7 +28,6 @@ def openapi_types(_): } attribute_map = { - "id": "id", "job_result_ids": "jobResultIds", "notifications": "notifications", "signal_message": "signalMessage", @@ -44,15 +40,11 @@ def __init__( notifications: List[str], signal_message: str, signal_severity: SecurityMonitoringRuleSeverity, - id: Union[str, UnsetType] = unset, **kwargs, ): """ Attributes for converting historical job results to signals. - :param id: Request ID. - :type id: str, optional - :param job_result_ids: Job result IDs. :type job_result_ids: [str] @@ -65,8 +57,6 @@ def __init__( :param signal_severity: Severity of the Security Signal. :type signal_severity: SecurityMonitoringRuleSeverity """ - if id is not unset: - kwargs["id"] = id super().__init__(kwargs) self_.job_result_ids = job_result_ids diff --git a/src/datadog_api_client/v2/model/historical_job_query.py b/src/datadog_api_client/v2/model/historical_job_query.py index cab521697c..a2f992207e 100644 --- a/src/datadog_api_client/v2/model/historical_job_query.py +++ b/src/datadog_api_client/v2/model/historical_job_query.py @@ -23,6 +23,13 @@ class HistoricalJobQuery(ModelNormal): + validations = { + "correlated_query_index": { + "inclusive_maximum": 9, + "inclusive_minimum": 0, + }, + } + @cached_property def openapi_types(_): from datadog_api_client.v2.model.security_monitoring_rule_query_aggregation import ( @@ -33,48 +40,87 @@ def openapi_types(_): ) return { + "additional_filters": (str,), "aggregation": (SecurityMonitoringRuleQueryAggregation,), + "correlated_by_fields": ([str],), + "correlated_query_index": (int,), + "custom_query_extension": (str,), "data_source": (SecurityMonitoringStandardDataSource,), + "dataset_ids": ([str],), "distinct_fields": ([str],), "group_by_fields": ([str],), "has_optional_group_by_fields": (bool,), + "index": (str,), + "indexes": ([str],), "metrics": ([str],), "name": (str,), "query": (str,), + "query_language": (str,), } attribute_map = { + "additional_filters": "additionalFilters", "aggregation": "aggregation", + "correlated_by_fields": "correlatedByFields", + "correlated_query_index": "correlatedQueryIndex", + "custom_query_extension": "customQueryExtension", "data_source": "dataSource", + "dataset_ids": "datasetIds", "distinct_fields": "distinctFields", "group_by_fields": "groupByFields", "has_optional_group_by_fields": "hasOptionalGroupByFields", + "index": "index", + "indexes": "indexes", "metrics": "metrics", "name": "name", "query": "query", + "query_language": "queryLanguage", } def __init__( self_, + additional_filters: Union[str, UnsetType] = unset, aggregation: Union[SecurityMonitoringRuleQueryAggregation, UnsetType] = unset, + correlated_by_fields: Union[List[str], UnsetType] = unset, + correlated_query_index: Union[int, UnsetType] = unset, + custom_query_extension: Union[str, UnsetType] = unset, data_source: Union[SecurityMonitoringStandardDataSource, UnsetType] = unset, + dataset_ids: Union[List[str], UnsetType] = unset, distinct_fields: Union[List[str], UnsetType] = unset, group_by_fields: Union[List[str], UnsetType] = unset, has_optional_group_by_fields: Union[bool, UnsetType] = unset, + index: Union[str, UnsetType] = unset, + indexes: Union[List[str], UnsetType] = unset, metrics: Union[List[str], UnsetType] = unset, name: Union[str, UnsetType] = unset, query: Union[str, UnsetType] = unset, + query_language: Union[str, UnsetType] = unset, **kwargs, ): """ Query for selecting logs analyzed by the historical job. + :param additional_filters: Additional filters appended to the query at evaluation time. + :type additional_filters: str, optional + :param aggregation: The aggregation type. :type aggregation: SecurityMonitoringRuleQueryAggregation, optional + :param correlated_by_fields: Fields used to correlate results across queries in sequence detection rules. + :type correlated_by_fields: [str], optional + + :param correlated_query_index: Zero-based index of the query to correlate with in sequence detection rules. Up to 10 queries are supported, so valid values are 0 to 9. + :type correlated_query_index: int, optional + + :param custom_query_extension: Custom query extension used to refine the base query. + :type custom_query_extension: str, optional + :param data_source: Source of events, either logs, audit trail, security signals, or Datadog events. ``app_sec_spans`` is deprecated in favor of ``spans``. :type data_source: SecurityMonitoringStandardDataSource, optional + :param dataset_ids: IDs of reference datasets used by this query. + :type dataset_ids: [str], optional + :param distinct_fields: Field for which the cardinality is measured. Sent as an array. :type distinct_fields: [str], optional @@ -84,6 +130,12 @@ def __init__( :param has_optional_group_by_fields: When false, events without a group-by value are ignored by the query. When true, events with missing group-by fields are processed with ``N/A`` , replacing the missing values. :type has_optional_group_by_fields: bool, optional + :param index: Index used to load the data for this query. + :type index: str, optional + + :param indexes: Indexes used to load the data for this query. Mutually exclusive with ``index``. + :type indexes: [str], optional + :param metrics: Group of target fields to aggregate over when using the sum, max, geo data, or new value aggregations. The sum, max, and geo data aggregations only accept one value in this list, whereas the new value aggregation accepts up to five values. :type metrics: [str], optional @@ -92,21 +144,40 @@ def __init__( :param query: Query to run on logs. :type query: str, optional + + :param query_language: Language used to parse the query string. + :type query_language: str, optional """ + if additional_filters is not unset: + kwargs["additional_filters"] = additional_filters if aggregation is not unset: kwargs["aggregation"] = aggregation + if correlated_by_fields is not unset: + kwargs["correlated_by_fields"] = correlated_by_fields + if correlated_query_index is not unset: + kwargs["correlated_query_index"] = correlated_query_index + if custom_query_extension is not unset: + kwargs["custom_query_extension"] = custom_query_extension if data_source is not unset: kwargs["data_source"] = data_source + if dataset_ids is not unset: + kwargs["dataset_ids"] = dataset_ids if distinct_fields is not unset: kwargs["distinct_fields"] = distinct_fields if group_by_fields is not unset: kwargs["group_by_fields"] = group_by_fields if has_optional_group_by_fields is not unset: kwargs["has_optional_group_by_fields"] = has_optional_group_by_fields + if index is not unset: + kwargs["index"] = index + if indexes is not unset: + kwargs["indexes"] = indexes if metrics is not unset: kwargs["metrics"] = metrics if name is not unset: kwargs["name"] = name if query is not unset: kwargs["query"] = query + if query_language is not unset: + kwargs["query_language"] = query_language super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/historical_job_response_attributes.py b/src/datadog_api_client/v2/model/historical_job_response_attributes.py index bebcfeb492..86898bd90c 100644 --- a/src/datadog_api_client/v2/model/historical_job_response_attributes.py +++ b/src/datadog_api_client/v2/model/historical_job_response_attributes.py @@ -31,6 +31,7 @@ def openapi_types(_): "job_name": (str,), "job_status": (str,), "modified_at": (str,), + "progress_rate": (float,), "signal_output": (bool,), } @@ -43,6 +44,7 @@ def openapi_types(_): "job_name": "jobName", "job_status": "jobStatus", "modified_at": "modifiedAt", + "progress_rate": "progressRate", "signal_output": "signalOutput", } @@ -56,6 +58,7 @@ def __init__( job_name: Union[str, UnsetType] = unset, job_status: Union[str, UnsetType] = unset, modified_at: Union[str, UnsetType] = unset, + progress_rate: Union[float, UnsetType] = unset, signal_output: Union[bool, UnsetType] = unset, **kwargs, ): @@ -86,6 +89,9 @@ def __init__( :param modified_at: Last modification time of the job. :type modified_at: str, optional + :param progress_rate: Job execution progress as a value between 0 and 1. Omitted for finished jobs. + :type progress_rate: float, optional + :param signal_output: Whether the job outputs signals. :type signal_output: bool, optional """ @@ -105,6 +111,8 @@ def __init__( kwargs["job_status"] = job_status if modified_at is not unset: kwargs["modified_at"] = modified_at + if progress_rate is not unset: + kwargs["progress_rate"] = progress_rate if signal_output is not unset: kwargs["signal_output"] = signal_output super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/job_definition.py b/src/datadog_api_client/v2/model/job_definition.py index dfbbe9241c..4ec7c60f40 100644 --- a/src/datadog_api_client/v2/model/job_definition.py +++ b/src/datadog_api_client/v2/model/job_definition.py @@ -25,6 +25,18 @@ class JobDefinition(ModelNormal): + validations = { + "cases": { + "max_items": 10, + }, + "queries": { + "max_items": 10, + }, + "third_party_cases": { + "max_items": 10, + }, + } + @cached_property def openapi_types(_): from datadog_api_client.v2.model.calculated_field import CalculatedField @@ -94,7 +106,7 @@ def __init__( :param calculated_fields: Calculated fields. :type calculated_fields: [CalculatedField], optional - :param cases: Cases used for generating job results. + :param cases: Cases used for generating job results. Up to 10 cases are allowed. :type cases: [SecurityMonitoringRuleCaseCreate] :param _from: Starting time of data analyzed by the job. @@ -115,7 +127,7 @@ def __init__( :param options: Job options. :type options: HistoricalJobOptions, optional - :param queries: Queries for selecting logs analyzed by the job. + :param queries: Queries for selecting logs analyzed by the job. Up to 10 queries are allowed. :type queries: [HistoricalJobQuery] :param reference_tables: Reference tables used in the queries. @@ -124,7 +136,7 @@ def __init__( :param tags: Tags for generated signals. :type tags: [str], optional - :param third_party_cases: Cases for generating results from third-party detection method. Only available for third-party detection method. + :param third_party_cases: Cases for generating results from third-party detection method. Only available for third-party detection method. Up to 10 cases are allowed. :type third_party_cases: [SecurityMonitoringThirdPartyRuleCaseCreate], optional :param to: Ending time of data analyzed by the job. diff --git a/src/datadog_api_client/v2/model/job_definition_from_rule.py b/src/datadog_api_client/v2/model/job_definition_from_rule.py index fc6c3c033f..b1373227a4 100644 --- a/src/datadog_api_client/v2/model/job_definition_from_rule.py +++ b/src/datadog_api_client/v2/model/job_definition_from_rule.py @@ -14,9 +14,17 @@ class JobDefinitionFromRule(ModelNormal): + validations = { + "case_index": { + "inclusive_maximum": 9, + "inclusive_minimum": 0, + }, + } + @cached_property def openapi_types(_): return { + "case_index": (int,), "_from": (int,), "id": (str,), "index": (str,), @@ -25,6 +33,7 @@ def openapi_types(_): } attribute_map = { + "case_index": "caseIndex", "_from": "from", "id": "id", "index": "index", @@ -33,11 +42,21 @@ def openapi_types(_): } def __init__( - self_, _from: int, id: str, index: str, to: int, notifications: Union[List[str], UnsetType] = unset, **kwargs + self_, + _from: int, + id: str, + index: str, + to: int, + case_index: Union[int, UnsetType] = unset, + notifications: Union[List[str], UnsetType] = unset, + **kwargs, ): """ Definition of a historical job based on a security monitoring rule. + :param case_index: Zero-based index of the rule case to use as the job's signal condition. When omitted, all cases are evaluated. Up to 10 cases are supported, so valid values are 0 to 9. + :type case_index: int, optional + :param _from: Starting time of data analyzed by the job. :type _from: int @@ -53,6 +72,8 @@ def __init__( :param to: Ending time of data analyzed by the job. :type to: int """ + if case_index is not unset: + kwargs["case_index"] = case_index if notifications is not unset: kwargs["notifications"] = notifications super().__init__(kwargs) diff --git a/src/datadog_api_client/v2/model/run_historical_job_request_attributes.py b/src/datadog_api_client/v2/model/run_historical_job_request_attributes.py index 11de4c972a..2d390ead98 100644 --- a/src/datadog_api_client/v2/model/run_historical_job_request_attributes.py +++ b/src/datadog_api_client/v2/model/run_historical_job_request_attributes.py @@ -26,21 +26,21 @@ def openapi_types(_): return { "from_rule": (JobDefinitionFromRule,), - "id": (str,), "job_definition": (JobDefinition,), + "signal_output": (bool,), } attribute_map = { "from_rule": "fromRule", - "id": "id", "job_definition": "jobDefinition", + "signal_output": "signalOutput", } def __init__( self_, from_rule: Union[JobDefinitionFromRule, UnsetType] = unset, - id: Union[str, UnsetType] = unset, job_definition: Union[JobDefinition, UnsetType] = unset, + signal_output: Union[bool, UnsetType] = unset, **kwargs, ): """ @@ -49,16 +49,16 @@ def __init__( :param from_rule: Definition of a historical job based on a security monitoring rule. :type from_rule: JobDefinitionFromRule, optional - :param id: Request ID. - :type id: str, optional - :param job_definition: Definition of a historical job. :type job_definition: JobDefinition, optional + + :param signal_output: Whether the job outputs signals when results are converted. + :type signal_output: bool, optional """ if from_rule is not unset: kwargs["from_rule"] = from_rule - if id is not unset: - kwargs["id"] = id if job_definition is not unset: kwargs["job_definition"] = job_definition + if signal_output is not unset: + kwargs["signal_output"] = signal_output super().__init__(kwargs) diff --git a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_bad_request_response.frozen b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_bad_request_response.frozen index a87300297a..1c7c9a559c 100644 --- a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_bad_request_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_bad_request_response.frozen @@ -1 +1 @@ -2026-04-13T09:15:40.141Z \ No newline at end of file +2026-05-26T20:45:58.257Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_not_found_response.frozen b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_not_found_response.frozen index 5ffbfe4c37..d6cc65f023 100644 --- a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_not_found_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_not_found_response.frozen @@ -1 +1 @@ -2026-04-13T09:15:41.174Z \ No newline at end of file +2026-05-26T20:45:58.957Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_ok_response.frozen b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_ok_response.frozen index be59fd60df..9b5b661937 100644 --- a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_ok_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_ok_response.frozen @@ -1 +1 @@ -2026-04-13T09:15:41.286Z \ No newline at end of file +2026-05-26T20:45:59.561Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_ok_response.yaml b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_ok_response.yaml index 8d2ad99dcf..a88523de57 100644 --- a/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_ok_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_cancel_a_historical_job_returns_ok_response.yaml @@ -12,7 +12,7 @@ interactions: uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs response: body: - string: '{"data":{"id":"67278df4-84b8-4413-884b-88d9facdb68a","type":"historicalDetectionsJob"}}' + string: '{"data":{"id":"21011d0e-e7e3-49e1-91d4-74d6791382c8","type":"historicalDetectionsJob"}}' headers: content-type: - application/vnd.api+json @@ -25,7 +25,7 @@ interactions: accept: - '*/*' method: PATCH - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/67278df4-84b8-4413-884b-88d9facdb68a/cancel + uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/21011d0e-e7e3-49e1-91d4-74d6791382c8/cancel response: body: string: '' diff --git a/tests/v2/cassettes/test_scenarios/test_convert_a_job_result_to_a_signal_returns_bad_request_response.frozen b/tests/v2/cassettes/test_scenarios/test_convert_a_job_result_to_a_signal_returns_bad_request_response.frozen index b22ac5b07a..f1456e24df 100644 --- a/tests/v2/cassettes/test_scenarios/test_convert_a_job_result_to_a_signal_returns_bad_request_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_convert_a_job_result_to_a_signal_returns_bad_request_response.frozen @@ -1 +1 @@ -2026-04-13T09:15:41.656Z \ No newline at end of file +2026-05-26T20:46:00.730Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_bad_request_response.frozen b/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_bad_request_response.frozen index 3b7d74bd4b..37e5dc1097 100644 --- a/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_bad_request_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_bad_request_response.frozen @@ -1 +1 @@ -2026-04-13T09:15:41.819Z \ No newline at end of file +2026-05-26T20:46:01.231Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_not_found_response.frozen b/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_not_found_response.frozen index 7528bc4877..d35b34f86e 100644 --- a/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_not_found_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_delete_an_existing_job_returns_not_found_response.frozen @@ -1 +1 @@ -2026-04-13T09:15:42.455Z \ No newline at end of file +2026-05-26T20:46:01.667Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_bad_request_response.frozen b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_bad_request_response.frozen index f959b7469a..8eb6d70767 100644 --- a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_bad_request_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_bad_request_response.frozen @@ -1 +1 @@ -2026-04-13T09:15:42.536Z \ No newline at end of file +2026-05-26T20:46:02.116Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_not_found_response.frozen b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_not_found_response.frozen index be224ded31..a0ded07257 100644 --- a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_not_found_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_not_found_response.frozen @@ -1 +1 @@ -2026-04-13T09:15:42.599Z \ No newline at end of file +2026-05-26T20:46:02.616Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_ok_response.frozen b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_ok_response.frozen index 24ebe9b192..a81d2bd50b 100644 --- a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_ok_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_ok_response.frozen @@ -1 +1 @@ -2026-04-13T09:15:42.662Z \ No newline at end of file +2026-05-26T20:46:03.044Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_ok_response.yaml b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_ok_response.yaml index 6d15e1ed37..8415610022 100644 --- a/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_ok_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_get_a_jobs_details_returns_ok_response.yaml @@ -12,7 +12,7 @@ interactions: uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs response: body: - string: '{"data":{"id":"876b8334-58f8-4b7d-8e62-0101cb019208","type":"historicalDetectionsJob"}}' + string: '{"data":{"id":"4590ff3a-0a23-4f80-b974-d06df0d9b1e6","type":"historicalDetectionsJob"}}' headers: content-type: - application/vnd.api+json @@ -25,17 +25,16 @@ interactions: accept: - application/json method: GET - uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/876b8334-58f8-4b7d-8e62-0101cb019208 + uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs/4590ff3a-0a23-4f80-b974-d06df0d9b1e6 response: body: - string: '{"data":{"id":"876b8334-58f8-4b7d-8e62-0101cb019208","type":"historicalDetectionsJob","attributes":{"createdAt":"2026-04-13 - 09:15:42.715435+00","createdByHandle":"9919ec9b-ebc7-49ee-8dc8-03626e717cca","createdByName":"CI - Account","jobDefinition":{"from":1730387522611,"to":1730387532611,"index":"main","name":"Excessive + string: '{"data":{"id":"4590ff3a-0a23-4f80-b974-d06df0d9b1e6","type":"historicalDetectionsJob","attributes":{"createdAt":"2026-05-26 + 20:46:03.567462+00","createdByHandle":"frog@datadoghq.com","createdByName":"frog","jobDefinition":{"from":1730387522611,"to":1730387532611,"index":"main","name":"Excessive number of failed attempts.","cases":[{"name":"Condition 1","status":"info","notifications":[],"condition":"a \u003e 1"}],"queries":[{"query":"source:non_existing_src_weekend","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"","dataSource":"logs"}],"options":{"evaluationWindow":900,"detectionMethod":"threshold","maxSignalDuration":86400,"keepAlive":3600},"message":"A large number of failed login attempts.","tags":[],"type":"log_detection"},"jobName":"Excessive - number of failed attempts.","jobStatus":"pending","modifiedAt":"2026-04-13 - 09:15:42.715435+00","signalOutput":false}}}' + number of failed attempts.","jobStatus":"pending","modifiedAt":"2026-05-26 + 20:46:03.567462+00","signalOutput":false}}}' headers: content-type: - application/vnd.api+json diff --git a/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_bad_request_response.frozen b/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_bad_request_response.frozen index 69151c224c..a4d0d95155 100644 --- a/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_bad_request_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_bad_request_response.frozen @@ -1 +1 @@ -2026-04-13T09:15:42.851Z \ No newline at end of file +2026-05-26T20:46:04.068Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_not_found_response.frozen b/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_not_found_response.frozen index 765e43e866..94db8e42bc 100644 --- a/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_not_found_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_not_found_response.frozen @@ -1 +1 @@ -2026-04-13T09:15:42.922Z \ No newline at end of file +2026-05-26T20:46:04.592Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_status_created_response.frozen b/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_status_created_response.frozen index ee9c040c77..74da5caa26 100644 --- a/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_status_created_response.frozen +++ b/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_status_created_response.frozen @@ -1 +1 @@ -2026-04-13T09:15:42.979Z \ No newline at end of file +2026-05-26T20:46:05.019Z \ No newline at end of file diff --git a/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_status_created_response.yaml b/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_status_created_response.yaml index f78965771d..fa8662e7e8 100644 --- a/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_status_created_response.yaml +++ b/tests/v2/cassettes/test_scenarios/test_run_a_historical_job_returns_status_created_response.yaml @@ -12,7 +12,7 @@ interactions: uri: https://api.datadoghq.com/api/v2/siem-historical-detections/jobs response: body: - string: '{"data":{"id":"8ce2a4d4-db9e-445d-93bb-b60980d56d25","type":"historicalDetectionsJob"}}' + string: '{"data":{"id":"1fa783c4-c6ce-430c-972c-43a2ccde1420","type":"historicalDetectionsJob"}}' headers: content-type: - application/vnd.api+json