Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
311 changes: 308 additions & 3 deletions .generator/schemas/v2/openapi.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -87258,6 +87258,38 @@ components:
x-enum-varnames:
- DONE
- TIMEOUT
SecurityMonitoringAzureAppRegistration:
description: An Azure App Registration discovered for the organization.
properties:
client_id:
description: The client ID of the App Registration.
example: 66666666-7777-8888-9999-000000000000
type: string
error_count:
description: The number of errors encountered while crawling resources for this App Registration.
example: 0
format: int64
type: integer
resource_collection_enabled:
description: Whether resource collection is enabled for this App Registration.
example: true
type: boolean
subscription_count:
description: The number of Azure subscriptions associated with this App Registration.
example: 3
format: int64
type: integer
tenant_id:
description: The Azure tenant ID of the App Registration.
example: 11111111-2222-3333-4444-555555555555
type: string
required:
- tenant_id
- client_id
- resource_collection_enabled
- subscription_count
- error_count
type: object
SecurityMonitoringContentPackActivation:
description: The activation status of a content pack.
enum:
Expand Down Expand Up @@ -88153,6 +88185,68 @@ components:
(for example, `siem_entity_identity` for identities). Defaults to `entity` when the kind is unknown.
example: siem_entity_identity
type: string
SecurityMonitoringEntraIdAzureAppRegistrationsAttributes:
description: The attributes of the Entra ID Azure App Registration prerequisites.
properties:
azure_app_registrations:
description: The Azure App Registrations discovered for the organization.
items:
$ref: "#/components/schemas/SecurityMonitoringAzureAppRegistration"
type: array
has_valid_prerequisite:
description: Whether at least one Azure App Registration has resource collection enabled.
example: true
type: boolean
integration_id:
description: The ID of the Entra ID integration configuration, if one exists.
example: 11111111-2222-3333-4444-555555555555
type: string
is_enabled:
description: Whether the Entra ID integration configuration is enabled, if one exists.
example: true
type: boolean
subscribed_at:
description: The time at which the Entra ID integration configuration was created, if one exists.
example: "2026-05-01T12:00:00Z"
format: date-time
type: string
required:
- azure_app_registrations
- has_valid_prerequisite
type: object
SecurityMonitoringEntraIdAzureAppRegistrationsData:
description: The Azure App Registration prerequisites for the Entra ID integration.
properties:
attributes:
$ref: "#/components/schemas/SecurityMonitoringEntraIdAzureAppRegistrationsAttributes"
id:
description: The ID of the organization the Azure App Registrations belong to.
example: "123456"
type: string
type:
$ref: "#/components/schemas/SecurityMonitoringEntraIdAzureAppRegistrationsResourceType"
required:
- id
- type
- attributes
type: object
SecurityMonitoringEntraIdAzureAppRegistrationsResourceType:
default: entra_id_azure_app_registrations
description: The type of the resource. The value should always be `entra_id_azure_app_registrations`.
enum:
- entra_id_azure_app_registrations
example: entra_id_azure_app_registrations
type: string
x-enum-varnames:
- ENTRA_ID_AZURE_APP_REGISTRATIONS
SecurityMonitoringEntraIdAzureAppRegistrationsResponse:
description: Response containing the Azure App Registration prerequisites for the Entra ID integration.
properties:
data:
$ref: "#/components/schemas/SecurityMonitoringEntraIdAzureAppRegistrationsData"
required:
- data
type: object
SecurityMonitoringFilter:
description: The rule's suppression filter.
properties:
Expand All @@ -88171,6 +88265,43 @@ components:
x-enum-varnames:
- REQUIRE
- SUPPRESS
SecurityMonitoringIntegrationActivateAttributes:
description: Overrides applied when activating the integration. All fields are optional.
properties:
domain:
description: The domain associated with the external entity source.
example: default
type: string
name:
description: The display name for the entity context sync configuration.
example: My Entra ID Integration
type: string
settings:
$ref: "#/components/schemas/SecurityMonitoringIntegrationConfigSettings"
type: object
SecurityMonitoringIntegrationActivateData:
description: The configuration overrides for the integration to activate.
properties:
attributes:
$ref: "#/components/schemas/SecurityMonitoringIntegrationActivateAttributes"
type:
$ref: "#/components/schemas/SecurityMonitoringIntegrationActivateResourceType"
type: object
SecurityMonitoringIntegrationActivateRequest:
description: Request body to activate an entity context sync integration for a source type that does not require secrets.
properties:
data:
$ref: "#/components/schemas/SecurityMonitoringIntegrationActivateData"
type: object
SecurityMonitoringIntegrationActivateResourceType:
default: activate_entra_id_request
description: The type of the resource. The value should always be `activate_entra_id_request`.
enum:
- activate_entra_id_request
example: activate_entra_id_request
type: string
x-enum-varnames:
- ACTIVATE_ENTRA_ID_REQUEST
SecurityMonitoringIntegrationConfigAttributes:
description: The attributes of an entity context sync configuration as returned by the API.
properties:
Expand Down Expand Up @@ -88228,7 +88359,6 @@ components:
- integration_type
- domain
- name
- secrets
type: object
SecurityMonitoringIntegrationConfigCreateData:
description: The entity context sync configuration to create.
Expand Down Expand Up @@ -88284,7 +88414,9 @@ components:
type: object
SecurityMonitoringIntegrationConfigSecrets:
additionalProperties: {}
description: The secrets used to authenticate against the external entity source. The accepted keys depend on the source type (for example, `admin_email` for Google Workspace).
description: |-
The secrets used to authenticate against the external entity source. The accepted keys depend on the source type
(for example, `admin_email` for Google Workspace). Not required for source types that do not use secrets (for example, `ENTRA_ID`).
example:
admin_email: test@example.com
type: object
Expand Down Expand Up @@ -88372,7 +88504,6 @@ components:
required:
- integration_type
- domain
- secrets
type: object
SecurityMonitoringIntegrationCredentialsValidateData:
description: The credentials to validate.
Expand Down Expand Up @@ -178092,6 +178223,54 @@ paths:
x-unstable: |-
**Note**: This endpoint is in preview and is subject to change.
If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
/api/v2/security_monitoring/configuration/integration_config/entra_id/azure_app_registrations:
get:
description: |-
Get the Azure App Registrations discovered for the organization and whether at least one of them has
resource collection enabled, which is a prerequisite for activating the Entra ID entity context sync integration.
operationId: GetEntraIdAzureAppRegistrations
responses:
"200":
content:
application/json:
examples:
default:
value:
data:
attributes:
azure_app_registrations:
- client_id: 66666666-7777-8888-9999-000000000000
error_count: 0
resource_collection_enabled: true
subscription_count: 3
tenant_id: 11111111-2222-3333-4444-555555555555
has_valid_prerequisite: true
integration_id: 11111111-2222-3333-4444-555555555555
is_enabled: true
subscribed_at: "2026-05-01T12:00:00Z"
id: "123456"
type: entra_id_azure_app_registrations
schema:
$ref: "#/components/schemas/SecurityMonitoringEntraIdAzureAppRegistrationsResponse"
description: OK
"403":
$ref: "#/components/responses/NotAuthorizedResponse"
"429":
$ref: "#/components/responses/TooManyRequestsResponse"
security:
- apiKeyAuth: []
appKeyAuth: []
- AuthZ:
- integrations_read
summary: Get Entra ID Azure App Registration prerequisites
tags: ["Security Monitoring"]
x-permission:
operator: OR
permissions:
- integrations_read
x-unstable: |-
**Note**: This endpoint is in preview and is subject to change.
If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
/api/v2/security_monitoring/configuration/integration_config/validate:
post:
description: |-
Expand Down Expand Up @@ -178317,6 +178496,132 @@ paths:
x-unstable: |-
**Note**: This endpoint is in preview and is subject to change.
If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
/api/v2/security_monitoring/configuration/integration_config/{integration_type}/activate:
post:
description: |-
Activate an entity context sync integration for a source type that does not require manually
supplied credentials (for example, Entra ID). If an integration of this type already exists,
it is returned (re-enabling it first if it was disabled) instead of creating a duplicate.
operationId: ActivateIntegration
parameters:
- description: The integration type to activate (for example, `entra_id`).
in: path
name: integration_type
required: true
schema:
example: entra_id
type: string
requestBody:
content:
application/json:
examples:
default:
value:
data:
attributes:
name: My Entra ID Integration
type: activate_entra_id_request
schema:
$ref: "#/components/schemas/SecurityMonitoringIntegrationActivateRequest"
description: Optional configuration overrides for the integration to activate.
required: false
responses:
"200":
content:
application/json:
examples:
default:
value:
data:
attributes:
created_at: "2026-05-01T12:00:00Z"
domain: default
enabled: true
integration_type: ENTRA_ID
modified_at: "2026-05-01T12:00:00Z"
name: My Entra ID Integration
state: valid
id: 11111111-2222-3333-4444-555555555555
type: integration_config
schema:
$ref: "#/components/schemas/SecurityMonitoringIntegrationConfigResponse"
description: OK
"400":
$ref: "#/components/responses/BadRequestResponse"
"403":
$ref: "#/components/responses/NotAuthorizedResponse"
"404":
$ref: "#/components/responses/NotFoundResponse"
"429":
$ref: "#/components/responses/TooManyRequestsResponse"
security:
- apiKeyAuth: []
appKeyAuth: []
- AuthZ:
- manage_integrations
summary: Activate an entity context sync integration
tags: ["Security Monitoring"]
x-codegen-request-body-name: body
x-permission:
operator: OR
permissions:
- manage_integrations
x-unstable: |-
**Note**: This endpoint is in preview and is subject to change.
If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
/api/v2/security_monitoring/configuration/integration_config/{integration_type}/deactivate:
post:
description: Deactivate all active entity context sync integrations of the given source type (for example, Entra ID).
operationId: DeactivateIntegration
parameters:
- description: The integration type to deactivate (for example, `entra_id`).
in: path
name: integration_type
required: true
schema:
example: entra_id
type: string
responses:
"200":
content:
application/json:
examples:
default:
value:
data:
attributes:
created_at: "2026-05-01T12:00:00Z"
domain: default
enabled: false
integration_type: ENTRA_ID
modified_at: "2026-05-08T12:00:00Z"
name: My Entra ID Integration
state: valid
id: 11111111-2222-3333-4444-555555555555
type: integration_config
schema:
$ref: "#/components/schemas/SecurityMonitoringIntegrationConfigResponse"
description: OK
"403":
$ref: "#/components/responses/NotAuthorizedResponse"
"404":
$ref: "#/components/responses/NotFoundResponse"
"429":
$ref: "#/components/responses/TooManyRequestsResponse"
security:
- apiKeyAuth: []
appKeyAuth: []
- AuthZ:
- manage_integrations
summary: Deactivate an entity context sync integration
tags: ["Security Monitoring"]
x-permission:
operator: OR
permissions:
- manage_integrations
x-unstable: |-
**Note**: This endpoint is in preview and is subject to change.
If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
/api/v2/security_monitoring/configuration/notification_rules/send_notification_preview:
post:
description: Send a notification preview to test that a notification rule's targets are properly configured.
Expand Down
Loading
Loading