Regenerate client from commit 0d57a17 of spec repo

Author: ci.datadog-api-spec

.generated-info

@@ -1,4 +1,4 @@
 {
-  "spec_repo_commit": "04d09cb",
-  "generated": "2025-07-23 09:22:24.045"
+  "spec_repo_commit": "0d57a17",
+  "generated": "2025-07-23 13:37:40.455"
 }

.generator/schemas/v2/openapi.yaml

@@ -34885,6 +34885,27 @@ components:
       - $ref: '#/components/schemas/SecurityMonitoringStandardRulePayload'
       - $ref: '#/components/schemas/SecurityMonitoringSignalRulePayload'
       - $ref: '#/components/schemas/CloudConfigurationRulePayload'
+    SecurityMonitoringSchedulingOptions:
+      description: Options for scheduled rules. When this field is present, the rule
+        runs based on the schedule. When absent, it runs real-time on ingested logs.
+      nullable: true
+      properties:
+        rrule:
+          description: Schedule for the rule queries, written in RRULE syntax. See
+            [RFC](https://icalendar.org/iCalendar-RFC-5545/3-8-5-3-recurrence-rule.html)
+            for syntax reference.
+          example: FREQ=HOURLY;INTERVAL=1;
+          type: string
+        start:
+          description: Start date for the schedule, in ISO 8601 format without timezone.
+          example: '2025-07-14T12:00:00'
+          type: string
+        timezone:
+          description: Time zone of the start date, in the [tz database](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones)
+            format.
+          example: America/New_York
+          type: string
+      type: object
     SecurityMonitoringSignal:
       description: Object description of a security signal.
       properties:
@@ -35563,6 +35584,12 @@ components:
     SecurityMonitoringStandardRuleCreatePayload:
       description: Create a new rule.
       properties:
+        calculatedFields:
+          description: Calculated fields. Only allowed for scheduled rules, i.e. when
+            schedulingOptions is also defined.
+          items:
+            $ref: '#/components/schemas/CalculatedField'
+          type: array
         cases:
           description: Cases for generating signals.
           example: []
@@ -35615,6 +35642,8 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringReferenceTable'
           type: array
+        schedulingOptions:
+          $ref: '#/components/schemas/SecurityMonitoringSchedulingOptions'
         tags:
           description: Tags for generated signals.
           example:
@@ -35760,6 +35789,14 @@ components:
           example: false
           readOnly: true
           type: boolean
+        index:
+          description: '**This field is currently unstable and might be removed in
+            minor version upgrade.**
+
+            The index to run the query on, if the `dataSource` is `logs`. Only used
+            for scheduled rules, i.e. when the `schedulingOptions` field is present
+            in the rule payload.'
+          type: string
         metric:
           deprecated: true
           description: '(Deprecated) The target field to aggregate over when using

examples/v2/security-monitoring/CreateSecurityMonitoringRule_868881438.rb

@@ -0,0 +1,41 @@
+# Create a scheduled detection rule returns "OK" response
+
+require "datadog_api_client"
+api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
+
+body = DatadogAPIClient::V2::SecurityMonitoringStandardRuleCreatePayload.new({
+  name: "Example-Security-Monitoring",
+  queries: [
+    DatadogAPIClient::V2::SecurityMonitoringStandardRuleQuery.new({
+      query: "@test:true",
+      aggregation: DatadogAPIClient::V2::SecurityMonitoringRuleQueryAggregation::COUNT,
+      group_by_fields: [],
+      distinct_fields: [],
+      index: "main",
+    }),
+  ],
+  filters: [],
+  cases: [
+    DatadogAPIClient::V2::SecurityMonitoringRuleCaseCreate.new({
+      name: "",
+      status: DatadogAPIClient::V2::SecurityMonitoringRuleSeverity::INFO,
+      condition: "a > 0",
+      notifications: [],
+    }),
+  ],
+  options: DatadogAPIClient::V2::SecurityMonitoringRuleOptions.new({
+    evaluation_window: DatadogAPIClient::V2::SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES,
+    keep_alive: DatadogAPIClient::V2::SecurityMonitoringRuleKeepAlive::ONE_HOUR,
+    max_signal_duration: DatadogAPIClient::V2::SecurityMonitoringRuleMaxSignalDuration::ONE_DAY,
+  }),
+  message: "Test rule",
+  tags: [],
+  is_enabled: true,
+  type: DatadogAPIClient::V2::SecurityMonitoringRuleTypeCreate::LOG_DETECTION,
+  scheduling_options: DatadogAPIClient::V2::SecurityMonitoringSchedulingOptions.new({
+    rrule: "FREQ=HOURLY;INTERVAL=2;",
+    start: "2025-06-18T12:00:00",
+    timezone: "Europe/Paris",
+  }),
+})
+p api_instance.create_security_monitoring_rule(body)

features/v2/security_monitoring.feature

@@ -295,6 +295,24 @@ Feature: Security Monitoring
     When the request is sent
     Then the response status is 201 Successfully created the notification rule.
 
+  @team:DataDog/k9-cloud-security-platform
+  Scenario: Create a scheduled detection rule returns "OK" response
+    Given new "CreateSecurityMonitoringRule" request
+    And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"index":"main"}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type":"log_detection", "schedulingOptions": {"rrule": "FREQ=HOURLY;INTERVAL=2;", "start": "2025-06-18T12:00:00", "timezone": "Europe/Paris"}}
+    When the request is sent
+    Then the response status is 200 OK
+    And the response "name" is equal to "{{ unique }}"
+    And the response "type" is equal to "log_detection"
+    And the response "message" is equal to "Test rule"
+    And the response "schedulingOptions" is equal to {"rrule": "FREQ=HOURLY;INTERVAL=2;", "start": "2025-06-18T12:00:00", "timezone": "Europe/Paris"}
+
+  @team:DataDog/k9-cloud-security-platform
+  Scenario: Create a scheduled rule without rrule returns "Bad Request" response
+    Given new "CreateSecurityMonitoringRule" request
+    And body with value {"name":"{{ unique }}", "queries":[{"query":"@test:true","aggregation":"count","groupByFields":[],"distinctFields":[],"index":"main"}],"filters":[],"cases":[{"name":"","status":"info","condition":"a > 0","notifications":[]}],"options":{"evaluationWindow":900,"keepAlive":3600,"maxSignalDuration":86400},"message":"Test rule","tags":[],"isEnabled":true, "type":"log_detection", "schedulingOptions": {"start": "2025-06-18T12:00:00", "timezone": "Europe/Paris"}}
+    When the request is sent
+    Then the response status is 400 Bad Request
+
   @generated @skip @team:DataDog/k9-cloud-security-platform
   Scenario: Create a security filter returns "Bad Request" response
     Given new "CreateSecurityFilter" request

lib/datadog_api_client/inflector.rb

@@ -3091,6 +3091,7 @@ def overrides
           "v2.security_monitoring_rule_type_test" => "SecurityMonitoringRuleTypeTest",
           "v2.security_monitoring_rule_update_payload" => "SecurityMonitoringRuleUpdatePayload",
           "v2.security_monitoring_rule_validate_payload" => "SecurityMonitoringRuleValidatePayload",
+          "v2.security_monitoring_scheduling_options" => "SecurityMonitoringSchedulingOptions",
           "v2.security_monitoring_signal" => "SecurityMonitoringSignal",
           "v2.security_monitoring_signal_archive_reason" => "SecurityMonitoringSignalArchiveReason",
           "v2.security_monitoring_signal_assignee_update_attributes" => "SecurityMonitoringSignalAssigneeUpdateAttributes",

lib/datadog_api_client/v2/models/security_monitoring_scheduling_options.rb

@@ -0,0 +1,125 @@
+=begin
+#Datadog API V2 Collection
+
+#Collection of all Datadog Public endpoints.
+
+The version of the OpenAPI document: 1.0
+Contact: support@datadoghq.com
+Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator
+
+ Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+ This product includes software developed at Datadog (https://www.datadoghq.com/).
+ Copyright 2020-Present Datadog, Inc.
+
+=end
+
+require 'date'
+require 'time'
+
+module DatadogAPIClient::V2
+  # Options for scheduled rules. When this field is present, the rule runs based on the schedule. When absent, it runs real-time on ingested logs.
+  class SecurityMonitoringSchedulingOptions
+    include BaseGenericModel
+
+    # Schedule for the rule queries, written in RRULE syntax. See [RFC](https://icalendar.org/iCalendar-RFC-5545/3-8-5-3-recurrence-rule.html) for syntax reference.
+    attr_accessor :rrule
+
+    # Start date for the schedule, in ISO 8601 format without timezone.
+    attr_accessor :start
+
+    # Time zone of the start date, in the [tz database](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) format.
+    attr_accessor :timezone
+
+    attr_accessor :additional_properties
+
+    # Attribute mapping from ruby-style variable name to JSON key.
+    # @!visibility private
+    def self.attribute_map
+      {
+        :'rrule' => :'rrule',
+        :'start' => :'start',
+        :'timezone' => :'timezone'
+      }
+    end
+
+    # Attribute type mapping.
+    # @!visibility private
+    def self.openapi_types
+      {
+        :'rrule' => :'String',
+        :'start' => :'String',
+        :'timezone' => :'String'
+      }
+    end
+
+    # Initializes the object
+    # @param attributes [Hash] Model attributes in the form of hash
+    # @!visibility private
+    def initialize(attributes = {})
+      if (!attributes.is_a?(Hash))
+        fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::SecurityMonitoringSchedulingOptions` initialize method"
+      end
+
+      self.additional_properties = {}
+      # check to see if the attribute exists and convert string to symbol for hash key
+      attributes = attributes.each_with_object({}) { |(k, v), h|
+        if (!self.class.attribute_map.key?(k.to_sym))
+          self.additional_properties[k.to_sym] = v
+        else
+          h[k.to_sym] = v
+        end
+      }
+
+      if attributes.key?(:'rrule')
+        self.rrule = attributes[:'rrule']
+      end
+
+      if attributes.key?(:'start')
+        self.start = attributes[:'start']
+      end
+
+      if attributes.key?(:'timezone')
+        self.timezone = attributes[:'timezone']
+      end
+    end
+
+    # Returns the object in the form of hash, with additionalProperties support.
+    # @return [Hash] Returns the object in the form of hash
+    # @!visibility private
+    def to_hash
+      hash = {}
+      self.class.attribute_map.each_pair do |attr, param|
+        value = self.send(attr)
+        if value.nil?
+          is_nullable = self.class.openapi_nullable.include?(attr)
+          next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
+        end
+
+        hash[param] = _to_hash(value)
+      end
+      self.additional_properties.each_pair do |attr, value|
+        hash[attr] = value
+      end
+      hash
+    end
+
+    # Checks equality by comparing each attribute.
+    # @param o [Object] Object to be compared
+    # @!visibility private
+    def ==(o)
+      return true if self.equal?(o)
+      self.class == o.class &&
+          rrule == o.rrule &&
+          start == o.start &&
+          timezone == o.timezone &&
+          additional_properties == o.additional_properties
+    end
+
+    # Calculates hash code according to all attributes.
+    # @return [Integer] Hash code
+    # @!visibility private
+    def hash
+      [rrule, start, timezone, additional_properties].hash
+    end
+  end
+end

lib/datadog_api_client/v2/models/security_monitoring_standard_rule_create_payload.rb

@@ -21,6 +21,9 @@ module DatadogAPIClient::V2
   class SecurityMonitoringStandardRuleCreatePayload
     include BaseGenericModel
 
+    # Calculated fields. Only allowed for scheduled rules, i.e. when schedulingOptions is also defined.
+    attr_accessor :calculated_fields
+
     # Cases for generating signals.
     attr_reader :cases
 
@@ -51,6 +54,9 @@ class SecurityMonitoringStandardRuleCreatePayload
     # Reference tables for the rule.
     attr_accessor :reference_tables
 
+    # Options for scheduled rules. When this field is present, the rule runs based on the schedule. When absent, it runs real-time on ingested logs.
+    attr_accessor :scheduling_options
+
     # Tags for generated signals.
     attr_accessor :tags
 
@@ -66,6 +72,7 @@ class SecurityMonitoringStandardRuleCreatePayload
     # @!visibility private
     def self.attribute_map
       {
+        :'calculated_fields' => :'calculatedFields',
         :'cases' => :'cases',
         :'filters' => :'filters',
         :'group_signals_by' => :'groupSignalsBy',
@@ -76,6 +83,7 @@ def self.attribute_map
         :'options' => :'options',
         :'queries' => :'queries',
         :'reference_tables' => :'referenceTables',
+        :'scheduling_options' => :'schedulingOptions',
         :'tags' => :'tags',
         :'third_party_cases' => :'thirdPartyCases',
         :'type' => :'type'
@@ -86,6 +94,7 @@ def self.attribute_map
     # @!visibility private
     def self.openapi_types
       {
+        :'calculated_fields' => :'Array<CalculatedField>',
         :'cases' => :'Array<SecurityMonitoringRuleCaseCreate>',
         :'filters' => :'Array<SecurityMonitoringFilter>',
         :'group_signals_by' => :'Array<String>',
@@ -96,12 +105,21 @@ def self.openapi_types
         :'options' => :'SecurityMonitoringRuleOptions',
         :'queries' => :'Array<SecurityMonitoringStandardRuleQuery>',
         :'reference_tables' => :'Array<SecurityMonitoringReferenceTable>',
+        :'scheduling_options' => :'SecurityMonitoringSchedulingOptions',
         :'tags' => :'Array<String>',
         :'third_party_cases' => :'Array<SecurityMonitoringThirdPartyRuleCaseCreate>',
         :'type' => :'SecurityMonitoringRuleTypeCreate'
       }
     end
 
+    # List of attributes with nullable: true
+    # @!visibility private
+    def self.openapi_nullable
+      Set.new([
+        :'scheduling_options',
+      ])
+    end
+
     # Initializes the object
     # @param attributes [Hash] Model attributes in the form of hash
     # @!visibility private
@@ -120,6 +138,12 @@ def initialize(attributes = {})
         end
       }
 
+      if attributes.key?(:'calculated_fields')
+        if (value = attributes[:'calculated_fields']).is_a?(Array)
+          self.calculated_fields = value
+        end
+      end
+
       if attributes.key?(:'cases')
         if (value = attributes[:'cases']).is_a?(Array)
           self.cases = value
@@ -170,6 +194,10 @@ def initialize(attributes = {})
         end
       end
 
+      if attributes.key?(:'scheduling_options')
+        self.scheduling_options = attributes[:'scheduling_options']
+      end
+
       if attributes.key?(:'tags')
         if (value = attributes[:'tags']).is_a?(Array)
           self.tags = value
@@ -286,6 +314,7 @@ def to_hash
     def ==(o)
       return true if self.equal?(o)
       self.class == o.class &&
+          calculated_fields == o.calculated_fields &&
           cases == o.cases &&
           filters == o.filters &&
           group_signals_by == o.group_signals_by &&
@@ -296,6 +325,7 @@ def ==(o)
           options == o.options &&
           queries == o.queries &&
           reference_tables == o.reference_tables &&
+          scheduling_options == o.scheduling_options &&
           tags == o.tags &&
           third_party_cases == o.third_party_cases &&
           type == o.type &&
@@ -306,7 +336,7 @@ def ==(o)
     # @return [Integer] Hash code
     # @!visibility private
     def hash
-      [cases, filters, group_signals_by, has_extended_title, is_enabled, message, name, options, queries, reference_tables, tags, third_party_cases, type, additional_properties].hash
+      [calculated_fields, cases, filters, group_signals_by, has_extended_title, is_enabled, message, name, options, queries, reference_tables, scheduling_options, tags, third_party_cases, type, additional_properties].hash
     end
   end
 end