DataDog
diff --git a/‎.apigentools-info
+4-4 b/‎.apigentools-info
+4-4
diff --git a/‎.generator/schemas/v2/openapi.yaml
+93-1 b/‎.generator/schemas/v2/openapi.yaml
+93-1
diff --git a/‎docs/datadog_api_client.v2.model.rst
+21 b/‎docs/datadog_api_client.v2.model.rst
+21
diff --git a/‎examples/v2/security-monitoring/CreateSecurityMonitoringRule_1965169892.py
+82 b/‎examples/v2/security-monitoring/CreateSecurityMonitoringRule_1965169892.py
+82
diff --git a/‎src/datadog_api_client/v2/api/ci_visibility_tests_api.py
+1-1 b/‎src/datadog_api_client/v2/api/ci_visibility_tests_api.py
+1-1
diff --git a/‎src/datadog_api_client/v2/model/job_definition.py
+8 b/‎src/datadog_api_client/v2/model/job_definition.py
+8
diff --git a/‎src/datadog_api_client/v2/model/security_monitoring_rule_case.py
+10 b/‎src/datadog_api_client/v2/model/security_monitoring_rule_case.py
+10
@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-02-10 19:09:31.767881",
-            "spec_repo_commit": "824f78a1"
+            "regenerated": "2025-02-11 20:44:50.145502",
+            "spec_repo_commit": "b53b7d50"
         },
         "v2": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-02-10 19:09:31.783166",
-            "spec_repo_commit": "824f78a1"
+            "regenerated": "2025-02-11 20:44:50.160572",
+            "spec_repo_commit": "b53b7d50"
         }
     }
 }
@@ -15657,6 +15657,15 @@ components:
           example: 1729843470000
           format: int64
           type: integer
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups.
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         index:
           description: Index used to load the data.
           example: cloud_siem
@@ -24242,6 +24251,11 @@ components:
     SecurityMonitoringRuleCase:
       description: Case when signal is generated.
       properties:
+        actions:
+          description: Action to perform for each rule case.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringRuleCaseAction'
+          type: array
         condition:
           description: 'A rule case contains logical operations (`>`,`>=`, `&&`, `||`)
             to determine if a signal should be generated
@@ -24260,9 +24274,42 @@ components:
         status:
           $ref: '#/components/schemas/SecurityMonitoringRuleSeverity'
       type: object
+    SecurityMonitoringRuleCaseAction:
+      description: Action to perform when a signal is triggered. Only available for
+        Application Security rule type.
+      properties:
+        options:
+          $ref: '#/components/schemas/SecurityMonitoringRuleCaseActionOptions'
+        type:
+          $ref: '#/components/schemas/SecurityMonitoringRuleCaseActionType'
+      type: object
+    SecurityMonitoringRuleCaseActionOptions:
+      description: Options for the rule action
+      properties:
+        duration:
+          description: Duration of the action in seconds. 0 indicates no expiration.
+          example: 0
+          format: int64
+          minimum: 0
+          type: integer
+      type: object
+    SecurityMonitoringRuleCaseActionType:
+      description: The action type.
+      enum:
+      - block_ip
+      - block_user
+      type: string
+      x-enum-varnames:
+      - BLOCK_IP
+      - BLOCK_USER
     SecurityMonitoringRuleCaseCreate:
       description: Case when signal is generated.
       properties:
+        actions:
+          description: Action to perform for each rule case.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringRuleCaseAction'
+          type: array
         condition:
           description: 'A case contains logical operations (`>`,`>=`, `&&`, `||`)
             to determine if a signal should be generated
@@ -24724,6 +24771,15 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringFilter'
           type: array
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups.
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         hasExtendedTitle:
           description: Whether the notifications include the triggering group-by values
             in their title.
@@ -25429,6 +25485,15 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringFilter'
           type: array
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups.
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         hasExtendedTitle:
           description: Whether the notifications include the triggering group-by values
             in their title.
@@ -25501,6 +25566,15 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringFilter'
           type: array
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups.
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         hasExtendedTitle:
           description: Whether the notifications include the triggering group-by values
             in their title.
@@ -25642,6 +25716,15 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringFilter'
           type: array
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups.
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         hasExtendedTitle:
           description: Whether the notifications include the triggering group-by values
             in their title.
@@ -25719,6 +25802,15 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringFilter'
           type: array
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups.
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         hasExtendedTitle:
           description: Whether the notifications include the triggering group-by values
             in their title.
@@ -49972,7 +50064,7 @@ tags:
     for more information.
   name: CI Visibility Pipelines
 - description: Search or aggregate your CI Visibility test events over HTTP. See the
-    [Test Visibility in Datadog page](https://docs.datadoghq.com/tests/) for more
+    [Test Optimization in Datadog](https://docs.datadoghq.com/tests/) page for more
     information.
   name: CI Visibility Tests
 - description: 'Datadog Cloud Security Management (CSM) delivers real-time threat
 
@@ -10686,6 +10686,27 @@ datadog\_api\_client.v2.model.security\_monitoring\_rule\_case module
    :members:
    :show-inheritance:
 
+datadog\_api\_client.v2.model.security\_monitoring\_rule\_case\_action module
+-----------------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.security_monitoring_rule_case_action
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.security\_monitoring\_rule\_case\_action\_options module
+--------------------------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.security_monitoring_rule_case_action_options
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.security\_monitoring\_rule\_case\_action\_type module
+-----------------------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.security_monitoring_rule_case_action_type
+   :members:
+   :show-inheritance:
+
 datadog\_api\_client.v2.model.security\_monitoring\_rule\_case\_create module
 -----------------------------------------------------------------------------
 
 
@@ -0,0 +1,82 @@
+"""
+Create a detection rule with type 'application_security 'returns "OK" response
+"""
+
+from datadog_api_client import ApiClient, Configuration
+from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
+from datadog_api_client.v2.model.security_monitoring_rule_case_action import SecurityMonitoringRuleCaseAction
+from datadog_api_client.v2.model.security_monitoring_rule_case_action_options import (
+    SecurityMonitoringRuleCaseActionOptions,
+)
+from datadog_api_client.v2.model.security_monitoring_rule_case_action_type import SecurityMonitoringRuleCaseActionType
+from datadog_api_client.v2.model.security_monitoring_rule_case_create import SecurityMonitoringRuleCaseCreate
+from datadog_api_client.v2.model.security_monitoring_rule_detection_method import SecurityMonitoringRuleDetectionMethod
+from datadog_api_client.v2.model.security_monitoring_rule_evaluation_window import (
+    SecurityMonitoringRuleEvaluationWindow,
+)
+from datadog_api_client.v2.model.security_monitoring_rule_keep_alive import SecurityMonitoringRuleKeepAlive
+from datadog_api_client.v2.model.security_monitoring_rule_max_signal_duration import (
+    SecurityMonitoringRuleMaxSignalDuration,
+)
+from datadog_api_client.v2.model.security_monitoring_rule_options import SecurityMonitoringRuleOptions
+from datadog_api_client.v2.model.security_monitoring_rule_query_aggregation import (
+    SecurityMonitoringRuleQueryAggregation,
+)
+from datadog_api_client.v2.model.security_monitoring_rule_severity import SecurityMonitoringRuleSeverity
+from datadog_api_client.v2.model.security_monitoring_rule_type_create import SecurityMonitoringRuleTypeCreate
+from datadog_api_client.v2.model.security_monitoring_standard_rule_create_payload import (
+    SecurityMonitoringStandardRuleCreatePayload,
+)
+from datadog_api_client.v2.model.security_monitoring_standard_rule_query import SecurityMonitoringStandardRuleQuery
+
+body = SecurityMonitoringStandardRuleCreatePayload(
+    type=SecurityMonitoringRuleTypeCreate.APPLICATION_SECURITY,
+    name="Example-Security-Monitoring_appsec_rule",
+    queries=[
+        SecurityMonitoringStandardRuleQuery(
+            query="@appsec.security_activity:business_logic.users.login.failure",
+            aggregation=SecurityMonitoringRuleQueryAggregation.COUNT,
+            group_by_fields=[
+                "service",
+                "@http.client_ip",
+            ],
+            distinct_fields=[],
+        ),
+    ],
+    filters=[],
+    cases=[
+        SecurityMonitoringRuleCaseCreate(
+            name="",
+            status=SecurityMonitoringRuleSeverity.INFO,
+            notifications=[],
+            condition="a > 100000",
+            actions=[
+                SecurityMonitoringRuleCaseAction(
+                    type=SecurityMonitoringRuleCaseActionType.BLOCK_IP,
+                    options=SecurityMonitoringRuleCaseActionOptions(
+                        duration=900,
+                    ),
+                ),
+            ],
+        ),
+    ],
+    options=SecurityMonitoringRuleOptions(
+        keep_alive=SecurityMonitoringRuleKeepAlive.ONE_HOUR,
+        max_signal_duration=SecurityMonitoringRuleMaxSignalDuration.ONE_DAY,
+        evaluation_window=SecurityMonitoringRuleEvaluationWindow.FIFTEEN_MINUTES,
+        detection_method=SecurityMonitoringRuleDetectionMethod.THRESHOLD,
+    ),
+    is_enabled=True,
+    message="Test rule",
+    tags=[],
+    group_signals_by=[
+        "service",
+    ],
+)
+
+configuration = Configuration()
+with ApiClient(configuration) as api_client:
+    api_instance = SecurityMonitoringApi(api_client)
+    response = api_instance.create_security_monitoring_rule(body=body)
+
+    print(response)
@@ -25,7 +25,7 @@
 
 class CIVisibilityTestsApi:
     """
-    Search or aggregate your CI Visibility test events over HTTP. See the `Test Visibility in Datadog page <https://docs.datadoghq.com/tests/>`_ for more information.
+    Search or aggregate your CI Visibility test events over HTTP. See the `Test Optimization in Datadog <https://docs.datadoghq.com/tests/>`_ page for more information.
     """
 
     def __init__(self, api_client=None):
 
@@ -40,6 +40,7 @@ def openapi_types(_):
             "calculated_fields": ([CalculatedField],),
             "cases": ([SecurityMonitoringRuleCaseCreate],),
             "_from": (int,),
+            "group_signals_by": ([str],),
             "index": (str,),
             "message": (str,),
             "name": (str,),
@@ -56,6 +57,7 @@ def openapi_types(_):
         "calculated_fields": "calculatedFields",
         "cases": "cases",
         "_from": "from",
+        "group_signals_by": "groupSignalsBy",
         "index": "index",
         "message": "message",
         "name": "name",
@@ -78,6 +80,7 @@ def __init__(
         queries: List[HistoricalJobQuery],
         to: int,
         calculated_fields: Union[List[CalculatedField], UnsetType] = unset,
+        group_signals_by: Union[List[str], UnsetType] = unset,
         options: Union[HistoricalJobOptions, UnsetType] = unset,
         reference_tables: Union[List[SecurityMonitoringReferenceTable], UnsetType] = unset,
         tags: Union[List[str], UnsetType] = unset,
@@ -97,6 +100,9 @@ def __init__(
         :param _from: Starting time of data analyzed by the job.
         :type _from: int
 
+        :param group_signals_by: Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups.
+        :type group_signals_by: [str], optional
+
         :param index: Index used to load the data.
         :type index: str
 
@@ -129,6 +135,8 @@ def __init__(
         """
         if calculated_fields is not unset:
             kwargs["calculated_fields"] = calculated_fields
+        if group_signals_by is not unset:
+            kwargs["group_signals_by"] = group_signals_by
         if options is not unset:
             kwargs["options"] = options
         if reference_tables is not unset:
 
@@ -14,22 +14,26 @@
 
 
 if TYPE_CHECKING:
+    from datadog_api_client.v2.model.security_monitoring_rule_case_action import SecurityMonitoringRuleCaseAction
     from datadog_api_client.v2.model.security_monitoring_rule_severity import SecurityMonitoringRuleSeverity
 
 
 class SecurityMonitoringRuleCase(ModelNormal):
     @cached_property
     def openapi_types(_):
+        from datadog_api_client.v2.model.security_monitoring_rule_case_action import SecurityMonitoringRuleCaseAction
         from datadog_api_client.v2.model.security_monitoring_rule_severity import SecurityMonitoringRuleSeverity
 
         return {
+            "actions": ([SecurityMonitoringRuleCaseAction],),
             "condition": (str,),
             "name": (str,),
             "notifications": ([str],),
             "status": (SecurityMonitoringRuleSeverity,),
         }
 
     attribute_map = {
+        "actions": "actions",
         "condition": "condition",
         "name": "name",
         "notifications": "notifications",
@@ -38,6 +42,7 @@ def openapi_types(_):
 
     def __init__(
         self_,
+        actions: Union[List[SecurityMonitoringRuleCaseAction], UnsetType] = unset,
         condition: Union[str, UnsetType] = unset,
         name: Union[str, UnsetType] = unset,
         notifications: Union[List[str], UnsetType] = unset,
@@ -47,6 +52,9 @@ def __init__(
         """
         Case when signal is generated.
 
+        :param actions: Action to perform for each rule case.
+        :type actions: [SecurityMonitoringRuleCaseAction], optional
+
         :param condition: A rule case contains logical operations ( ``>`` , ``>=`` , ``&&`` , ``||`` ) to determine if a signal should be generated
             based on the event counts in the previously defined queries.
         :type condition: str, optional
@@ -60,6 +68,8 @@ def __init__(
         :param status: Severity of the Security Signal.
         :type status: SecurityMonitoringRuleSeverity, optional
         """
+        if actions is not unset:
+            kwargs["actions"] = actions
         if condition is not unset:
             kwargs["condition"] = condition
         if name is not unset:
Original file line number	Diff line number	Diff line change
`@@ -4,13 +4,13 @@`
`4`	`4`	`"spec_versions": {`
`5`	`5`	`"v1": {`
`6`	`6`	`"apigentools_version": "1.6.6",`
`7`		`- "regenerated": "2025-02-10 19:09:31.767881",`
`8`		`- "spec_repo_commit": "824f78a1"`
	`7`	`+ "regenerated": "2025-02-11 20:44:50.145502",`
	`8`	`+ "spec_repo_commit": "b53b7d50"`
`9`	`9`	`},`
`10`	`10`	`"v2": {`
`11`	`11`	`"apigentools_version": "1.6.6",`
`12`		`- "regenerated": "2025-02-10 19:09:31.783166",`
`13`		`- "spec_repo_commit": "824f78a1"`
	`12`	`+ "regenerated": "2025-02-11 20:44:50.160572",`
	`13`	`+ "spec_repo_commit": "b53b7d50"`
`14`	`14`	`}`
`15`	`15`	`}`
`16`	`16`	`}`