Support Cloud SIEM scheduled rules in API client (#3242)

Co-authored-by: ci.datadog-api-spec <packages@datadoghq.com>

Author: api-clients-generation-pipeline[bot]

.generated-info

@@ -1,4 +1,4 @@
 {
-  "spec_repo_commit": "c5cca50",
-  "generated": "2025-08-07 18:05:06.066"
+  "spec_repo_commit": "d02c8a3",
+  "generated": "2025-08-08 12:08:37.437"
 }

.generator/schemas/v2/openapi.yaml

@@ -36336,6 +36336,12 @@ components:
     SecurityMonitoringRuleUpdatePayload:
       description: Update an existing rule.
       properties:
+        calculatedFields:
+          description: Calculated fields. Only allowed for scheduled rules - in other
+            words, when schedulingOptions is also defined.
+          items:
+            $ref: '#/components/schemas/CalculatedField'
+          type: array
         cases:
           description: Cases for generating signals.
           items:
@@ -36392,6 +36398,8 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringReferenceTable'
           type: array
+        schedulingOptions:
+          $ref: '#/components/schemas/SecurityMonitoringSchedulingOptions'
         tags:
           description: Tags for generated signals.
           items:
@@ -36418,6 +36426,27 @@ components:
       - $ref: '#/components/schemas/SecurityMonitoringStandardRulePayload'
       - $ref: '#/components/schemas/SecurityMonitoringSignalRulePayload'
       - $ref: '#/components/schemas/CloudConfigurationRulePayload'
+    SecurityMonitoringSchedulingOptions:
+      description: Options for scheduled rules. When this field is present, the rule
+        runs based on the schedule. When absent, it runs real-time on ingested logs.
+      nullable: true
+      properties:
+        rrule:
+          description: Schedule for the rule queries, written in RRULE syntax. See
+            [RFC](https://icalendar.org/iCalendar-RFC-5545/3-8-5-3-recurrence-rule.html)
+            for syntax reference.
+          example: FREQ=HOURLY;INTERVAL=1;
+          type: string
+        start:
+          description: Start date for the schedule, in ISO 8601 format without timezone.
+          example: '2025-07-14T12:00:00'
+          type: string
+        timezone:
+          description: Time zone of the start date, in the [tz database](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones)
+            format.
+          example: America/New_York
+          type: string
+      type: object
     SecurityMonitoringSignal:
       description: Object description of a security signal.
       properties:
@@ -37096,6 +37125,12 @@ components:
     SecurityMonitoringStandardRuleCreatePayload:
       description: Create a new rule.
       properties:
+        calculatedFields:
+          description: Calculated fields. Only allowed for scheduled rules - in other
+            words, when schedulingOptions is also defined.
+          items:
+            $ref: '#/components/schemas/CalculatedField'
+          type: array
         cases:
           description: Cases for generating signals.
           example: []
@@ -37148,6 +37183,8 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringReferenceTable'
           type: array
+        schedulingOptions:
+          $ref: '#/components/schemas/SecurityMonitoringSchedulingOptions'
         tags:
           description: Tags for generated signals.
           example:
@@ -37177,6 +37214,12 @@ components:
     SecurityMonitoringStandardRulePayload:
       description: The payload of a rule.
       properties:
+        calculatedFields:
+          description: Calculated fields. Only allowed for scheduled rules - in other
+            words, when schedulingOptions is also defined.
+          items:
+            $ref: '#/components/schemas/CalculatedField'
+          type: array
         cases:
           description: Cases for generating signals.
           example: []
@@ -37237,6 +37280,8 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringReferenceTable'
           type: array
+        schedulingOptions:
+          $ref: '#/components/schemas/SecurityMonitoringSchedulingOptions'
         tags:
           description: Tags for generated signals.
           example:
@@ -37293,6 +37338,14 @@ components:
           example: false
           readOnly: true
           type: boolean
+        index:
+          description: '**This field is currently unstable and might be removed in
+            a minor version upgrade.**
+
+            The index to run the query on, if the `dataSource` is `logs`. Only used
+            for scheduled rules - in other words, when the `schedulingOptions` field
+            is present in the rule payload.'
+          type: string
         metric:
           deprecated: true
           description: '(Deprecated) The target field to aggregate over when using
@@ -37320,6 +37373,12 @@ components:
     SecurityMonitoringStandardRuleResponse:
       description: Rule.
       properties:
+        calculatedFields:
+          description: Calculated fields. Only allowed for scheduled rules - in other
+            words, when schedulingOptions is also defined.
+          items:
+            $ref: '#/components/schemas/CalculatedField'
+          type: array
         cases:
           description: Cases for generating signals.
           items:
@@ -37405,6 +37464,8 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringReferenceTable'
           type: array
+        schedulingOptions:
+          $ref: '#/components/schemas/SecurityMonitoringSchedulingOptions'
         tags:
           description: Tags for generated signals.
           items:
@@ -37436,6 +37497,12 @@ components:
     SecurityMonitoringStandardRuleTestPayload:
       description: The payload of a rule to test
       properties:
+        calculatedFields:
+          description: Calculated fields. Only allowed for scheduled rules - in other
+            words, when schedulingOptions is also defined.
+          items:
+            $ref: '#/components/schemas/CalculatedField'
+          type: array
         cases:
           description: Cases for generating signals.
           example: []
@@ -37488,6 +37555,8 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringReferenceTable'
           type: array
+        schedulingOptions:
+          $ref: '#/components/schemas/SecurityMonitoringSchedulingOptions'
         tags:
           description: Tags for generated signals.
           example:

api/datadogV2/model_security_monitoring_rule_update_payload.go

@@ -10,6 +10,8 @@ import (
 
 // SecurityMonitoringRuleUpdatePayload Update an existing rule.
 type SecurityMonitoringRuleUpdatePayload struct {
+	// Calculated fields. Only allowed for scheduled rules - in other words, when schedulingOptions is also defined.
+	CalculatedFields []CalculatedField `json:"calculatedFields,omitempty"`
 	// Cases for generating signals.
 	Cases []SecurityMonitoringRuleCase `json:"cases,omitempty"`
 	// How to generate compliance signals. Useful for cloud_configuration rules only.
@@ -36,6 +38,8 @@ type SecurityMonitoringRuleUpdatePayload struct {
 	Queries []SecurityMonitoringRuleQuery `json:"queries,omitempty"`
 	// Reference tables for the rule.
 	ReferenceTables []SecurityMonitoringReferenceTable `json:"referenceTables,omitempty"`
+	// Options for scheduled rules. When this field is present, the rule runs based on the schedule. When absent, it runs real-time on ingested logs.
+	SchedulingOptions NullableSecurityMonitoringSchedulingOptions `json:"schedulingOptions,omitempty"`
 	// Tags for generated signals.
 	Tags []string `json:"tags,omitempty"`
 	// Cases for generating signals from third-party rules. Only available for third-party rules.
@@ -64,6 +68,34 @@ func NewSecurityMonitoringRuleUpdatePayloadWithDefaults() *SecurityMonitoringRul
 	return &this
 }
 
+// GetCalculatedFields returns the CalculatedFields field value if set, zero value otherwise.
+func (o *SecurityMonitoringRuleUpdatePayload) GetCalculatedFields() []CalculatedField {
+	if o == nil || o.CalculatedFields == nil {
+		var ret []CalculatedField
+		return ret
+	}
+	return o.CalculatedFields
+}
+
+// GetCalculatedFieldsOk returns a tuple with the CalculatedFields field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *SecurityMonitoringRuleUpdatePayload) GetCalculatedFieldsOk() (*[]CalculatedField, bool) {
+	if o == nil || o.CalculatedFields == nil {
+		return nil, false
+	}
+	return &o.CalculatedFields, true
+}
+
+// HasCalculatedFields returns a boolean if a field has been set.
+func (o *SecurityMonitoringRuleUpdatePayload) HasCalculatedFields() bool {
+	return o != nil && o.CalculatedFields != nil
+}
+
+// SetCalculatedFields gets a reference to the given []CalculatedField and assigns it to the CalculatedFields field.
+func (o *SecurityMonitoringRuleUpdatePayload) SetCalculatedFields(v []CalculatedField) {
+	o.CalculatedFields = v
+}
+
 // GetCases returns the Cases field value if set, zero value otherwise.
 func (o *SecurityMonitoringRuleUpdatePayload) GetCases() []SecurityMonitoringRuleCase {
 	if o == nil || o.Cases == nil {
@@ -428,6 +460,45 @@ func (o *SecurityMonitoringRuleUpdatePayload) SetReferenceTables(v []SecurityMon
 	o.ReferenceTables = v
 }
 
+// GetSchedulingOptions returns the SchedulingOptions field value if set, zero value otherwise (both if not set or set to explicit null).
+func (o *SecurityMonitoringRuleUpdatePayload) GetSchedulingOptions() SecurityMonitoringSchedulingOptions {
+	if o == nil || o.SchedulingOptions.Get() == nil {
+		var ret SecurityMonitoringSchedulingOptions
+		return ret
+	}
+	return *o.SchedulingOptions.Get()
+}
+
+// GetSchedulingOptionsOk returns a tuple with the SchedulingOptions field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+// NOTE: If the value is an explicit nil, `nil, true` will be returned.
+func (o *SecurityMonitoringRuleUpdatePayload) GetSchedulingOptionsOk() (*SecurityMonitoringSchedulingOptions, bool) {
+	if o == nil {
+		return nil, false
+	}
+	return o.SchedulingOptions.Get(), o.SchedulingOptions.IsSet()
+}
+
+// HasSchedulingOptions returns a boolean if a field has been set.
+func (o *SecurityMonitoringRuleUpdatePayload) HasSchedulingOptions() bool {
+	return o != nil && o.SchedulingOptions.IsSet()
+}
+
+// SetSchedulingOptions gets a reference to the given NullableSecurityMonitoringSchedulingOptions and assigns it to the SchedulingOptions field.
+func (o *SecurityMonitoringRuleUpdatePayload) SetSchedulingOptions(v SecurityMonitoringSchedulingOptions) {
+	o.SchedulingOptions.Set(&v)
+}
+
+// SetSchedulingOptionsNil sets the value for SchedulingOptions to be an explicit nil.
+func (o *SecurityMonitoringRuleUpdatePayload) SetSchedulingOptionsNil() {
+	o.SchedulingOptions.Set(nil)
+}
+
+// UnsetSchedulingOptions ensures that no value is present for SchedulingOptions, not even an explicit nil.
+func (o *SecurityMonitoringRuleUpdatePayload) UnsetSchedulingOptions() {
+	o.SchedulingOptions.Unset()
+}
+
 // GetTags returns the Tags field value if set, zero value otherwise.
 func (o *SecurityMonitoringRuleUpdatePayload) GetTags() []string {
 	if o == nil || o.Tags == nil {
@@ -518,6 +589,9 @@ func (o SecurityMonitoringRuleUpdatePayload) MarshalJSON() ([]byte, error) {
 	if o.UnparsedObject != nil {
 		return datadog.Marshal(o.UnparsedObject)
 	}
+	if o.CalculatedFields != nil {
+		toSerialize["calculatedFields"] = o.CalculatedFields
+	}
 	if o.Cases != nil {
 		toSerialize["cases"] = o.Cases
 	}
@@ -557,6 +631,9 @@ func (o SecurityMonitoringRuleUpdatePayload) MarshalJSON() ([]byte, error) {
 	if o.ReferenceTables != nil {
 		toSerialize["referenceTables"] = o.ReferenceTables
 	}
+	if o.SchedulingOptions.IsSet() {
+		toSerialize["schedulingOptions"] = o.SchedulingOptions.Get()
+	}
 	if o.Tags != nil {
 		toSerialize["tags"] = o.Tags
 	}
@@ -576,6 +653,7 @@ func (o SecurityMonitoringRuleUpdatePayload) MarshalJSON() ([]byte, error) {
 // UnmarshalJSON deserializes the given payload.
 func (o *SecurityMonitoringRuleUpdatePayload) UnmarshalJSON(bytes []byte) (err error) {
 	all := struct {
+		CalculatedFields        []CalculatedField                              `json:"calculatedFields,omitempty"`
 		Cases                   []SecurityMonitoringRuleCase                   `json:"cases,omitempty"`
 		ComplianceSignalOptions *CloudConfigurationRuleComplianceSignalOptions `json:"complianceSignalOptions,omitempty"`
 		CustomMessage           *string                                        `json:"customMessage,omitempty"`
@@ -589,6 +667,7 @@ func (o *SecurityMonitoringRuleUpdatePayload) UnmarshalJSON(bytes []byte) (err e
 		Options                 *SecurityMonitoringRuleOptions                 `json:"options,omitempty"`
 		Queries                 []SecurityMonitoringRuleQuery                  `json:"queries,omitempty"`
 		ReferenceTables         []SecurityMonitoringReferenceTable             `json:"referenceTables,omitempty"`
+		SchedulingOptions       NullableSecurityMonitoringSchedulingOptions    `json:"schedulingOptions,omitempty"`
 		Tags                    []string                                       `json:"tags,omitempty"`
 		ThirdPartyCases         []SecurityMonitoringThirdPartyRuleCase         `json:"thirdPartyCases,omitempty"`
 		Version                 *int32                                         `json:"version,omitempty"`
@@ -598,12 +677,13 @@ func (o *SecurityMonitoringRuleUpdatePayload) UnmarshalJSON(bytes []byte) (err e
 	}
 	additionalProperties := make(map[string]interface{})
 	if err = datadog.Unmarshal(bytes, &additionalProperties); err == nil {
-		datadog.DeleteKeys(additionalProperties, &[]string{"cases", "complianceSignalOptions", "customMessage", "customName", "filters", "groupSignalsBy", "hasExtendedTitle", "isEnabled", "message", "name", "options", "queries", "referenceTables", "tags", "thirdPartyCases", "version"})
+		datadog.DeleteKeys(additionalProperties, &[]string{"calculatedFields", "cases", "complianceSignalOptions", "customMessage", "customName", "filters", "groupSignalsBy", "hasExtendedTitle", "isEnabled", "message", "name", "options", "queries", "referenceTables", "schedulingOptions", "tags", "thirdPartyCases", "version"})
 	} else {
 		return err
 	}
 
 	hasInvalidField := false
+	o.CalculatedFields = all.CalculatedFields
 	o.Cases = all.Cases
 	if all.ComplianceSignalOptions != nil && all.ComplianceSignalOptions.UnparsedObject != nil && o.UnparsedObject == nil {
 		hasInvalidField = true
@@ -623,6 +703,7 @@ func (o *SecurityMonitoringRuleUpdatePayload) UnmarshalJSON(bytes []byte) (err e
 	o.Options = all.Options
 	o.Queries = all.Queries
 	o.ReferenceTables = all.ReferenceTables
+	o.SchedulingOptions = all.SchedulingOptions
 	o.Tags = all.Tags
 	o.ThirdPartyCases = all.ThirdPartyCases
 	o.Version = all.Version