datadog_api_client 2.4.0 → 2.5.0

data/.generator/schemas/v2/openapi.yaml

@@ -286,7 +286,7 @@ components:
         format: int64
         type: integer
     PageSize:
-      description: Size for a given page.
+      description: Size for a given page. The maximum allowed value is 5000.
       in: query
       name: page[size]
       required: false
@@ -316,6 +316,20 @@ components:
       required: true
       schema:
         type: string
+    SensitiveDataScannerGroupID:
+      description: The ID of a group of rules.
+      in: path
+      name: group_id
+      required: true
+      schema:
+        type: string
+    SensitiveDataScannerRuleID:
+      description: The ID of the rule.
+      in: path
+      name: rule_id
+      required: true
+      schema:
+        type: string
     ServiceAccountID:
       description: The ID of the service account.
       in: path
@@ -783,8 +797,8 @@ components:
           type: integer
         timezone:
           default: UTC
-          description: 'Timezone code. Can be specified as an offset, for example:
-            "UTC+03:00".'
+          description: The timezone can be specified as GMT, UTC, an offset from UTC
+            (like UTC+1), or as a Timezone Database identifier (like America/New_York).
           example: GMT
           type: string
       type: object
@@ -1182,6 +1196,10 @@ components:
       - max
       - avg
       - median
+      - latest
+      - earliest
+      - most_frequent
+      - delta
       example: pc90
       type: string
       x-enum-varnames:
@@ -1197,6 +1215,10 @@ components:
       - MAX
       - AVG
       - MEDIAN
+      - LATEST
+      - EARLIEST
+      - MOST_FREQUENT
+      - DELTA
     CIAppCompute:
       description: A compute rule to compute metrics or timeseries.
       properties:
@@ -1476,8 +1498,8 @@ components:
           type: integer
         timezone:
           default: UTC
-          description: 'The timezone can be specified both as an offset, for example:
-            "UTC+03:00".'
+          description: The timezone can be specified as GMT, UTC, an offset from UTC
+            (like UTC+1), or as a Timezone Database identifier (like America/New_York).
           example: GMT
           type: string
       type: object
@@ -1753,6 +1775,156 @@ components:
           example: infra_host
           type: string
       type: object
+    CloudConfigurationComplianceRuleOptions:
+      description: Options for cloud_configuration rules.
+      properties:
+        complexRule:
+          description: 'Whether the rule is a complex one.
+
+            Must be set to true if `regoRule.resourceTypes` contains more than one
+            item. Defaults to false.
+
+            '
+          type: boolean
+        regoRule:
+          $ref: '#/components/schemas/CloudConfigurationRegoRule'
+        resourceType:
+          description: 'Main resource type to be checked by the rule. It should be
+            specified again in `regoRule.resourceTypes`.
+
+            '
+          example: aws_acm
+          type: string
+      required:
+      - resourceType
+      - regoRule
+      type: object
+    CloudConfigurationRegoRule:
+      description: Rule details.
+      properties:
+        policy:
+          description: 'The policy written in `rego`, see: https://www.openpolicyagent.org/docs/latest/policy-language/'
+          example: "package datadog\n\nimport data.datadog.output as dd_output\nimport
+            future.keywords.contains\nimport future.keywords.if\nimport future.keywords.in\n\neval(resource)
+            = \"skip\" if {\n  # Logic that evaluates to true if the resource should
+            be skipped\n  true\n} else = \"pass\" {\n  # Logic that evaluates to true
+            if the resource is compliant\n  true\n} else = \"fail\" {\n  # Logic that
+            evaluates to true if the resource is not compliant\n  true\n}\n\n# This
+            part remains unchanged for all rules\nresults contains result if {\n  some
+            resource in input.resources[input.main_resource_type]\n  result := dd_output.format(resource,
+            eval(resource))\n}\n"
+          type: string
+        resourceTypes:
+          description: List of resource types that will be evaluated upon. Must have
+            at least one element.
+          example:
+          - gcp_iam_service_account
+          - gcp_iam_policy
+          items:
+            type: string
+          type: array
+      required:
+      - policy
+      - resourceTypes
+      type: object
+    CloudConfigurationRuleCaseCreate:
+      description: Description of signals.
+      properties:
+        notifications:
+          description: Notification targets for each rule case.
+          items:
+            description: Notification.
+            type: string
+          type: array
+        status:
+          $ref: '#/components/schemas/SecurityMonitoringRuleSeverity'
+      required:
+      - status
+      type: object
+    CloudConfigurationRuleComplianceSignalOptions:
+      description: How to generate compliance signals. Useful for cloud_configuration
+        rules only.
+      properties:
+        userActivationStatus:
+          description: Whether signals will be sent.
+          type: boolean
+        userGroupByFields:
+          description: Fields to use to group findings by when sending signals.
+          items:
+            type: string
+          type: array
+      type: object
+    CloudConfigurationRuleCreatePayload:
+      description: Create a new cloud configuration rule.
+      properties:
+        cases:
+          description: 'Description of generated findings and signals (severity and
+            channels to be notified in case of a signal). Must contain exactly one
+            item.
+
+            '
+          items:
+            $ref: '#/components/schemas/CloudConfigurationRuleCaseCreate'
+          type: array
+        complianceSignalOptions:
+          $ref: '#/components/schemas/CloudConfigurationRuleComplianceSignalOptions'
+        isEnabled:
+          description: Whether the rule is enabled.
+          example: true
+          type: boolean
+        message:
+          description: Message in markdown format for generated findings and signals.
+          example: '#Description
+
+            Explanation of the rule.
+
+
+            #Remediation
+
+            How to fix the security issue.
+
+            '
+          type: string
+        name:
+          description: The name of the rule.
+          example: My security monitoring rule.
+          type: string
+        options:
+          $ref: '#/components/schemas/CloudConfigurationRuleOptions'
+        tags:
+          description: Tags for generated findings and signals.
+          example:
+          - env:prod
+          - team:security
+          items:
+            description: Tag.
+            type: string
+          type: array
+        type:
+          $ref: '#/components/schemas/CloudConfigurationRuleType'
+      required:
+      - name
+      - isEnabled
+      - options
+      - complianceSignalOptions
+      - cases
+      - message
+      type: object
+    CloudConfigurationRuleOptions:
+      description: Options on cloud configuration rules.
+      properties:
+        complianceRuleOptions:
+          $ref: '#/components/schemas/CloudConfigurationComplianceRuleOptions'
+      required:
+      - complianceRuleOptions
+      type: object
+    CloudConfigurationRuleType:
+      description: The rule type.
+      enum:
+      - cloud_configuration
+      type: string
+      x-enum-varnames:
+      - CLOUD_CONFIGURATION
     CloudWorkloadSecurityAgentRuleAttributes:
       description: A Cloud Workload Security Agent rule returned by the API.
       properties:
@@ -2722,7 +2894,8 @@ components:
           type: integer
         timezone:
           default: UTC
-          description: 'The timezone can be specified as an offset, for example: `UTC+03:00`.'
+          description: The timezone can be specified as GMT, UTC, an offset from UTC
+            (like UTC+1), or as a Timezone Database identifier (like America/New_York).
           example: GMT
           type: string
       type: object
@@ -5003,6 +5176,8 @@ components:
       properties:
         aggregation_type:
           $ref: '#/components/schemas/LogsMetricComputeAggregationType'
+        include_percentiles:
+          $ref: '#/components/schemas/LogsMetricComputeIncludePercentiles'
         path:
           description: The path to the value the log-based metric will aggregate on
             (only used if the aggregation type is a "distribution").
@@ -5021,6 +5196,13 @@ components:
       x-enum-varnames:
       - COUNT
       - DISTRIBUTION
+    LogsMetricComputeIncludePercentiles:
+      description: 'Toggle to include or exclude percentile aggregations for distribution
+        metrics.
+
+        Only present when the `aggregation_type` is `distribution`.'
+      example: true
+      type: boolean
     LogsMetricCreateAttributes:
       description: The object describing the Datadog log-based metric to create.
       properties:
@@ -5112,6 +5294,8 @@ components:
       properties:
         aggregation_type:
           $ref: '#/components/schemas/LogsMetricResponseComputeAggregationType'
+        include_percentiles:
+          $ref: '#/components/schemas/LogsMetricComputeIncludePercentiles'
         path:
           description: The path to the value the log-based metric will aggregate on
             (only used if the aggregation type is a "distribution").
@@ -5173,6 +5357,8 @@ components:
     LogsMetricUpdateAttributes:
       description: The log-based metric properties that will be updated.
       properties:
+        compute:
+          $ref: '#/components/schemas/LogsMetricUpdateCompute'
         filter:
           $ref: '#/components/schemas/LogsMetricFilter'
         group_by:
@@ -5181,6 +5367,12 @@ components:
             $ref: '#/components/schemas/LogsMetricGroupBy'
           type: array
       type: object
+    LogsMetricUpdateCompute:
+      description: The compute rule to compute the log-based metric.
+      properties:
+        include_percentiles:
+          $ref: '#/components/schemas/LogsMetricComputeIncludePercentiles'
+      type: object
     LogsMetricUpdateData:
       description: The new log-based metric properties.
       properties:
@@ -5256,8 +5448,8 @@ components:
           type: integer
         timezone:
           default: UTC
-          description: 'The timezone can be specified both as an offset, for example:
-            "UTC+03:00".'
+          description: The timezone can be specified as GMT, UTC, an offset from UTC
+            (like UTC+1), or as a Timezone Database identifier (like America/New_York).
           example: GMT
           type: string
       type: object
@@ -5969,7 +6161,7 @@ components:
           format: date-time
           type: string
         include_percentiles:
-          description: 'Toggle to turn on/off percentile aggregations for distribution
+          description: 'Toggle to include or exclude percentile aggregations for distribution
             metrics.
 
             Only present when the `metric_type` is `distribution`.'
@@ -6885,6 +7077,10 @@ components:
           description: ID of the RUM application.
           example: abcd1234-0000-0000-abcd-1234abcd5678
           type: string
+        client_token:
+          description: Client token of the RUM application.
+          example: abcd1234efgh5678ijkl90abcd1234efgh0
+          type: string
         created_at:
           description: Timestamp in ms of the creation date.
           example: 1659479836169
@@ -6895,9 +7091,12 @@ components:
           example: john.doe
           type: string
         hash:
-          description: Client token of the RUM application.
-          example: abcd1234efgh5678ijkl90abcd1234efgh0
+          description: Hash of the RUM application. Optional.
           type: string
+        is_active:
+          description: Indicates if the RUM application is active.
+          example: true
+          type: boolean
         name:
           description: Name of the RUM application.
           example: my_rum_application
@@ -6924,6 +7123,7 @@ components:
           type: string
       required:
       - application_id
+      - client_token
       - created_at
       - created_by_handle
       - name
@@ -6975,6 +7175,83 @@ components:
       type: string
       x-enum-varnames:
       - RUM_APPLICATION_CREATE
+    RUMApplicationList:
+      description: RUM application list.
+      properties:
+        attributes:
+          $ref: '#/components/schemas/RUMApplicationListAttributes'
+        type:
+          $ref: '#/components/schemas/RUMApplicationListType'
+      required:
+      - attributes
+      - type
+      type: object
+    RUMApplicationListAttributes:
+      description: RUM application list attributes.
+      properties:
+        application_id:
+          description: ID of the RUM application.
+          example: abcd1234-0000-0000-abcd-1234abcd5678
+          type: string
+        created_at:
+          description: Timestamp in ms of the creation date.
+          example: 1659479836169
+          format: int64
+          type: integer
+        created_by_handle:
+          description: Handle of the creator user.
+          example: john.doe
+          type: string
+        hash:
+          description: Hash of the RUM application. Optional.
+          type: string
+        is_active:
+          description: Indicates if the RUM application is active.
+          example: true
+          type: boolean
+        name:
+          description: Name of the RUM application.
+          example: my_rum_application
+          type: string
+        org_id:
+          description: Org ID of the RUM application.
+          example: 999
+          format: int32
+          maximum: 2147483647
+          type: integer
+        type:
+          description: Type of the RUM application. Supported values are `browser`,
+            `ios`, `android`, `react-native`, `flutter`.
+          example: browser
+          type: string
+        updated_at:
+          description: Timestamp in ms of the last update date.
+          example: 1659479836169
+          format: int64
+          type: integer
+        updated_by_handle:
+          description: Handle of the updater user.
+          example: jane.doe
+          type: string
+      required:
+      - application_id
+      - created_at
+      - created_by_handle
+      - name
+      - org_id
+      - type
+      - updated_at
+      - updated_by_handle
+      type: object
+    RUMApplicationListType:
+      default: rum_application
+      description: RUM application list type.
+      enum:
+      - rum_application
+      example: rum_application
+      type: string
+      x-enum-varnames:
+      - RUM_APPLICATION
     RUMApplicationResponse:
       description: RUM application response.
       properties:
@@ -7041,7 +7318,7 @@ components:
         data:
           description: RUM applications array response.
           items:
-            $ref: '#/components/schemas/RUMApplication'
+            $ref: '#/components/schemas/RUMApplicationList'
           type: array
       type: object
     RUMBucketResponse:
@@ -7282,8 +7559,8 @@ components:
           type: integer
         timezone:
           default: UTC
-          description: 'The timezone can be specified both as an offset, for example:
-            "UTC+03:00".'
+          description: The timezone can be specified as GMT, UTC, an offset from UTC
+            (like UTC+1), or as a Timezone Database identifier (like America/New_York).
           example: GMT
           type: string
       type: object
@@ -8231,6 +8508,7 @@ components:
       oneOf:
       - $ref: '#/components/schemas/SecurityMonitoringStandardRuleCreatePayload'
       - $ref: '#/components/schemas/SecurityMonitoringSignalRuleCreatePayload'
+      - $ref: '#/components/schemas/CloudConfigurationRuleCreatePayload'
       type: object
     SecurityMonitoringRuleDecreaseCriticalityBasedOnEnv:
       description: 'If true, signals in non-production environments have a lower severity
@@ -8436,6 +8714,8 @@ components:
     SecurityMonitoringRuleOptions:
       description: Options on rules.
       properties:
+        complianceRuleOptions:
+          $ref: '#/components/schemas/CloudConfigurationComplianceRuleOptions'
         decreaseCriticalityBasedOnEnv:
           $ref: '#/components/schemas/SecurityMonitoringRuleDecreaseCriticalityBasedOnEnv'
         detectionMethod:
@@ -8530,6 +8810,8 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringRuleCase'
           type: array
+        complianceSignalOptions:
+          $ref: '#/components/schemas/CloudConfigurationRuleComplianceSignalOptions'
         filters:
           description: Additional queries to filter matched events before they are
             processed.
@@ -9210,6 +9492,8 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringRuleCase'
           type: array
+        complianceSignalOptions:
+          $ref: '#/components/schemas/CloudConfigurationRuleComplianceSignalOptions'
         createdAt:
           description: When the rule was created, timestamp in milliseconds.
           format: int64
@@ -9289,85 +9573,672 @@ components:
       required:
       - uuid
       type: object
-    ServiceAccountCreateAttributes:
-      description: Attributes of the created user.
+    SensitiveDataScannerConfigRequest:
+      description: Group reorder request.
       properties:
-        email:
-          description: The email of the user.
-          example: jane.doe@example.com
-          type: string
-        name:
-          description: The name of the user.
-          type: string
-        service_account:
-          description: Whether the user is a service account. Must be true.
-          example: true
-          type: boolean
-        title:
-          description: The title of the user.
-          type: string
+        data:
+          $ref: '#/components/schemas/SensitiveDataScannerReorderConfig'
+        meta:
+          $ref: '#/components/schemas/SensitiveDataScannerMetaVersionOnly'
       required:
-      - email
-      - service_account
+      - data
+      - meta
       type: object
-    ServiceAccountCreateData:
-      description: Object to create a service account User.
+    SensitiveDataScannerConfiguration:
+      description: A Sensitive Data Scanner configuration.
       properties:
-        attributes:
-          $ref: '#/components/schemas/ServiceAccountCreateAttributes'
-        relationships:
-          $ref: '#/components/schemas/UserRelationships'
+        id:
+          description: ID of the configuration.
+          type: string
         type:
-          $ref: '#/components/schemas/UsersType'
-      required:
-      - attributes
-      - type
+          $ref: '#/components/schemas/SensitiveDataScannerConfigurationType'
       type: object
-    ServiceAccountCreateRequest:
-      description: Create a service account.
+    SensitiveDataScannerConfigurationData:
+      description: A Sensitive Data Scanner configuration data.
       properties:
         data:
-          $ref: '#/components/schemas/ServiceAccountCreateData'
-      required:
-      - data
+          $ref: '#/components/schemas/SensitiveDataScannerConfiguration'
       type: object
-    ServiceDefinitionCreateResponse:
-      description: Create service definitions response.
+    SensitiveDataScannerConfigurationRelationships:
+      description: Relationships of the configuration.
+      properties:
+        groups:
+          $ref: '#/components/schemas/SensitiveDataScannerGroupList'
+      type: object
+    SensitiveDataScannerConfigurationType:
+      default: sensitive_data_scanner_configuration
+      description: Sensitive Data Scanner configuration type.
+      enum:
+      - sensitive_data_scanner_configuration
+      example: sensitive_data_scanner_configuration
+      type: string
+      x-enum-varnames:
+      - SENSITIVE_DATA_SCANNER_CONFIGURATIONS
+    SensitiveDataScannerCreateGroupResponse:
+      description: Create group response.
       properties:
         data:
-          description: Create service definitions response payload.
-          items:
-            $ref: '#/components/schemas/ServiceDefinitionData'
-          type: array
+          $ref: '#/components/schemas/SensitiveDataScannerGroupResponse'
+        meta:
+          $ref: '#/components/schemas/SensitiveDataScannerMetaVersionOnly'
       type: object
-    ServiceDefinitionData:
-      description: Service definition data.
+    SensitiveDataScannerCreateRuleResponse:
+      description: Create rule response.
       properties:
-        attributes:
-          $ref: '#/components/schemas/ServiceDefinitionDataAttributes'
-        type:
-          description: Service definition type.
+        data:
+          $ref: '#/components/schemas/SensitiveDataScannerRuleResponse'
+        meta:
+          $ref: '#/components/schemas/SensitiveDataScannerMetaVersionOnly'
+      type: object
+    SensitiveDataScannerFilter:
+      description: Filter for the Scanning Group.
+      properties:
+        query:
+          description: Query to filter the events.
           type: string
       type: object
-    ServiceDefinitionDataAttributes:
-      description: Service definition attributes.
+    SensitiveDataScannerGetConfigIncludedArray:
+      description: Included objects from relationships.
+      items:
+        $ref: '#/components/schemas/SensitiveDataScannerGetConfigIncludedItem'
+      type: array
+    SensitiveDataScannerGetConfigIncludedItem:
+      description: An object related to the configuration.
+      oneOf:
+      - $ref: '#/components/schemas/SensitiveDataScannerRuleIncludedItem'
+      - $ref: '#/components/schemas/SensitiveDataScannerGroupIncludedItem'
+      type: object
+    SensitiveDataScannerGetConfigResponse:
+      description: Get all groups response.
       properties:
+        data:
+          $ref: '#/components/schemas/SensitiveDataScannerGetConfigResponseData'
+        included:
+          $ref: '#/components/schemas/SensitiveDataScannerGetConfigIncludedArray'
         meta:
-          $ref: '#/components/schemas/ServiceDefinitionMeta'
-        schema:
-          $ref: '#/components/schemas/ServiceDefinitionSchema'
+          $ref: '#/components/schemas/SensitiveDataScannerMeta'
       type: object
-    ServiceDefinitionGetResponse:
-      description: Get service definition response.
+    SensitiveDataScannerGetConfigResponseData:
+      description: Response data related to the scanning groups.
       properties:
-        data:
-          $ref: '#/components/schemas/ServiceDefinitionData'
+        id:
+          description: ID of the configuration.
+          type: string
+        relationships:
+          $ref: '#/components/schemas/SensitiveDataScannerConfigurationRelationships'
+        type:
+          $ref: '#/components/schemas/SensitiveDataScannerConfigurationType'
       type: object
-    ServiceDefinitionMeta:
-      description: Metadata about a service definition.
+    SensitiveDataScannerGroup:
+      description: A scanning group.
       properties:
-        github-html-url:
-          description: GitHub HTML URL.
+        id:
+          description: ID of the group.
+          type: string
+        type:
+          $ref: '#/components/schemas/SensitiveDataScannerGroupType'
+      type: object
+    SensitiveDataScannerGroupAttributes:
+      description: Attributes of the Sensitive Data Scanner group.
+      properties:
+        description:
+          description: Description of the group.
+          type: string
+        filter:
+          $ref: '#/components/schemas/SensitiveDataScannerFilter'
+        is_enabled:
+          description: Whether or not the group is enabled.
+          type: boolean
+        name:
+          description: Name of the group.
+          type: string
+        product_list:
+          description: List of products the scanning group applies.
+          items:
+            $ref: '#/components/schemas/SensitiveDataScannerProduct'
+          type: array
+      type: object
+    SensitiveDataScannerGroupCreate:
+      description: Data related to the creation of a group.
+      properties:
+        attributes:
+          $ref: '#/components/schemas/SensitiveDataScannerGroupAttributes'
+        relationships:
+          $ref: '#/components/schemas/SensitiveDataScannerGroupRelationships'
+        type:
+          $ref: '#/components/schemas/SensitiveDataScannerGroupType'
+      required:
+      - type
+      - attributes
+      type: object
+    SensitiveDataScannerGroupCreateRequest:
+      description: Create group request.
+      properties:
+        data:
+          $ref: '#/components/schemas/SensitiveDataScannerGroupCreate'
+        meta:
+          $ref: '#/components/schemas/SensitiveDataScannerMetaVersionOnly'
+      type: object
+    SensitiveDataScannerGroupData:
+      description: A scanning group data.
+      properties:
+        data:
+          $ref: '#/components/schemas/SensitiveDataScannerGroup'
+      type: object
+    SensitiveDataScannerGroupDeleteRequest:
+      description: Delete group request.
+      properties:
+        meta:
+          $ref: '#/components/schemas/SensitiveDataScannerMetaVersionOnly'
+      required:
+      - meta
+      type: object
+    SensitiveDataScannerGroupDeleteResponse:
+      description: Delete group response.
+      properties:
+        meta:
+          $ref: '#/components/schemas/SensitiveDataScannerMetaVersionOnly'
+      type: object
+    SensitiveDataScannerGroupIncludedItem:
+      description: A Scanning Group included item.
+      properties:
+        attributes:
+          $ref: '#/components/schemas/SensitiveDataScannerGroupAttributes'
+        id:
+          description: ID of the group.
+          type: string
+        relationships:
+          $ref: '#/components/schemas/SensitiveDataScannerGroupRelationships'
+        type:
+          $ref: '#/components/schemas/SensitiveDataScannerGroupType'
+      type: object
+    SensitiveDataScannerGroupItem:
+      description: Data related to a Sensitive Data Scanner Group.
+      properties:
+        id:
+          description: ID of the group.
+          type: string
+        type:
+          $ref: '#/components/schemas/SensitiveDataScannerGroupType'
+      type: object
+    SensitiveDataScannerGroupList:
+      description: List of groups, ordered.
+      properties:
+        data:
+          description: List of groups. The order is important.
+          items:
+            $ref: '#/components/schemas/SensitiveDataScannerGroupItem'
+          type: array
+      type: object
+    SensitiveDataScannerGroupRelationships:
+      description: Relationships of the group.
+      properties:
+        configuration:
+          $ref: '#/components/schemas/SensitiveDataScannerConfigurationData'
+        rules:
+          $ref: '#/components/schemas/SensitiveDataScannerRuleData'
+      type: object
+    SensitiveDataScannerGroupResponse:
+      description: Response data related to the creation of a group.
+      properties:
+        attributes:
+          $ref: '#/components/schemas/SensitiveDataScannerGroupAttributes'
+        id:
+          description: ID of the group.
+          type: string
+        relationships:
+          $ref: '#/components/schemas/SensitiveDataScannerGroupRelationships'
+        type:
+          $ref: '#/components/schemas/SensitiveDataScannerGroupType'
+      type: object
+    SensitiveDataScannerGroupType:
+      default: sensitive_data_scanner_group
+      description: Sensitive Data Scanner group type.
+      enum:
+      - sensitive_data_scanner_group
+      example: sensitive_data_scanner_group
+      type: string
+      x-enum-varnames:
+      - SENSITIVE_DATA_SCANNER_GROUP
+    SensitiveDataScannerGroupUpdate:
+      description: Data related to the update of a group.
+      properties:
+        attributes:
+          $ref: '#/components/schemas/SensitiveDataScannerGroupAttributes'
+        id:
+          description: ID of the group.
+          type: string
+        relationships:
+          $ref: '#/components/schemas/SensitiveDataScannerGroupRelationships'
+        type:
+          $ref: '#/components/schemas/SensitiveDataScannerGroupType'
+      type: object
+    SensitiveDataScannerGroupUpdateRequest:
+      description: Update group request.
+      properties:
+        data:
+          $ref: '#/components/schemas/SensitiveDataScannerGroupUpdate'
+        meta:
+          $ref: '#/components/schemas/SensitiveDataScannerMetaVersionOnly'
+      required:
+      - data
+      - meta
+      type: object
+    SensitiveDataScannerGroupUpdateResponse:
+      description: Update group response.
+      properties:
+        meta:
+          $ref: '#/components/schemas/SensitiveDataScannerMetaVersionOnly'
+      type: object
+    SensitiveDataScannerMeta:
+      description: Meta response containing information about the API.
+      properties:
+        count_limit:
+          description: Maximum number of scanning rules allowed for the org.
+          format: int64
+          type: integer
+        group_count_limit:
+          description: Maximum number of scanning groups allowed for the org.
+          format: int64
+          type: integer
+        has_highlight_enabled:
+          description: Whether or not scanned events are highlighted in Logs or RUM
+            for the org.
+          type: boolean
+        is_pci_compliant:
+          description: Whether or not the org is compliant to the payment card industry
+            standard.
+          type: boolean
+        version:
+          description: Version of the API.
+          example: 0
+          format: int64
+          minimum: 0
+          type: integer
+      type: object
+    SensitiveDataScannerMetaVersionOnly:
+      description: Meta payload containing information about the API.
+      properties:
+        version:
+          description: Version of the API (optional).
+          example: 0
+          format: int64
+          minimum: 0
+          type: integer
+      type: object
+    SensitiveDataScannerProduct:
+      default: logs
+      description: Datadog product onto which Sensitive Data Scanner can be activated.
+      enum:
+      - logs
+      - rum
+      - events
+      - apm
+      type: string
+      x-enum-varnames:
+      - LOGS
+      - RUM
+      - EVENTS
+      - APM
+    SensitiveDataScannerReorderConfig:
+      description: Data related to the reordering of scanning groups.
+      properties:
+        id:
+          description: ID of the configuration.
+          type: string
+        relationships:
+          $ref: '#/components/schemas/SensitiveDataScannerConfigurationRelationships'
+        type:
+          $ref: '#/components/schemas/SensitiveDataScannerConfigurationType'
+      type: object
+    SensitiveDataScannerReorderGroupsResponse:
+      description: Group reorder response.
+      properties:
+        meta:
+          $ref: '#/components/schemas/SensitiveDataScannerMeta'
+      type: object
+    SensitiveDataScannerRule:
+      description: Rule item included in the group.
+      properties:
+        id:
+          description: ID of the rule.
+          type: string
+        type:
+          $ref: '#/components/schemas/SensitiveDataScannerRuleType'
+      type: object
+    SensitiveDataScannerRuleAttributes:
+      description: Attributes of the Sensitive Data Scanner rule.
+      properties:
+        description:
+          description: Description of the rule.
+          type: string
+        excluded_attributes:
+          description: Attributes excluded from the scan.
+          example:
+          - username
+          items:
+            type: string
+          type: array
+        is_enabled:
+          description: Whether or not the rule is enabled.
+          type: boolean
+        name:
+          description: Name of the rule.
+          type: string
+        pattern:
+          description: Not included if there is a relationship to a standard pattern.
+          type: string
+        tags:
+          description: List of tags.
+          items:
+            type: string
+          type: array
+        text_replacement:
+          $ref: '#/components/schemas/SensitiveDataScannerTextReplacement'
+      type: object
+    SensitiveDataScannerRuleCreate:
+      description: Data related to the creation of a rule.
+      properties:
+        attributes:
+          $ref: '#/components/schemas/SensitiveDataScannerRuleAttributes'
+        relationships:
+          $ref: '#/components/schemas/SensitiveDataScannerRuleRelationships'
+        type:
+          $ref: '#/components/schemas/SensitiveDataScannerRuleType'
+      required:
+      - type
+      - attributes
+      - relationships
+      type: object
+    SensitiveDataScannerRuleCreateRequest:
+      description: Create rule request.
+      properties:
+        data:
+          $ref: '#/components/schemas/SensitiveDataScannerRuleCreate'
+        meta:
+          $ref: '#/components/schemas/SensitiveDataScannerMetaVersionOnly'
+      required:
+      - data
+      - meta
+      type: object
+    SensitiveDataScannerRuleData:
+      description: Rules included in the group.
+      properties:
+        data:
+          description: Rules included in the group. The order is important.
+          items:
+            $ref: '#/components/schemas/SensitiveDataScannerRule'
+          type: array
+      type: object
+    SensitiveDataScannerRuleDeleteRequest:
+      description: Delete rule request.
+      properties:
+        meta:
+          $ref: '#/components/schemas/SensitiveDataScannerMetaVersionOnly'
+      required:
+      - meta
+      type: object
+    SensitiveDataScannerRuleDeleteResponse:
+      description: Delete rule response.
+      properties:
+        meta:
+          $ref: '#/components/schemas/SensitiveDataScannerMetaVersionOnly'
+      type: object
+    SensitiveDataScannerRuleIncludedItem:
+      description: A Scanning Rule included item.
+      properties:
+        attributes:
+          $ref: '#/components/schemas/SensitiveDataScannerRuleAttributes'
+        id:
+          description: ID of the rule.
+          type: string
+        relationships:
+          $ref: '#/components/schemas/SensitiveDataScannerRuleRelationships'
+        type:
+          $ref: '#/components/schemas/SensitiveDataScannerRuleType'
+      type: object
+    SensitiveDataScannerRuleRelationships:
+      description: Relationships of a scanning rule.
+      properties:
+        group:
+          $ref: '#/components/schemas/SensitiveDataScannerGroupData'
+        standard_pattern:
+          $ref: '#/components/schemas/SensitiveDataScannerStandardPatternData'
+      type: object
+    SensitiveDataScannerRuleResponse:
+      description: Response data related to the creation of a rule.
+      properties:
+        attributes:
+          $ref: '#/components/schemas/SensitiveDataScannerRuleAttributes'
+        id:
+          description: ID of the rule.
+          type: string
+        relationships:
+          $ref: '#/components/schemas/SensitiveDataScannerRuleRelationships'
+        type:
+          $ref: '#/components/schemas/SensitiveDataScannerRuleType'
+      type: object
+    SensitiveDataScannerRuleType:
+      default: sensitive_data_scanner_rule
+      description: Sensitive Data Scanner rule type.
+      enum:
+      - sensitive_data_scanner_rule
+      example: sensitive_data_scanner_rule
+      type: string
+      x-enum-varnames:
+      - SENSITIVE_DATA_SCANNER_RULE
+    SensitiveDataScannerRuleUpdate:
+      description: Data related to the update of a rule.
+      properties:
+        attributes:
+          $ref: '#/components/schemas/SensitiveDataScannerRuleAttributes'
+        id:
+          description: ID of the rule.
+          type: string
+        relationships:
+          $ref: '#/components/schemas/SensitiveDataScannerRuleRelationships'
+        type:
+          $ref: '#/components/schemas/SensitiveDataScannerRuleType'
+      type: object
+    SensitiveDataScannerRuleUpdateRequest:
+      description: Update rule request.
+      properties:
+        data:
+          $ref: '#/components/schemas/SensitiveDataScannerRuleUpdate'
+        meta:
+          $ref: '#/components/schemas/SensitiveDataScannerMetaVersionOnly'
+      required:
+      - data
+      - meta
+      type: object
+    SensitiveDataScannerRuleUpdateResponse:
+      description: Update rule response.
+      properties:
+        meta:
+          $ref: '#/components/schemas/SensitiveDataScannerMetaVersionOnly'
+      type: object
+    SensitiveDataScannerStandardPattern:
+      description: Data containing the standard pattern id.
+      properties:
+        id:
+          description: ID of the standard pattern.
+          type: string
+        type:
+          $ref: '#/components/schemas/SensitiveDataScannerStandardPatternType'
+      type: object
+    SensitiveDataScannerStandardPatternAttributes:
+      description: Attributes of the Sensitive Data Scanner standard pattern.
+      properties:
+        name:
+          description: Name of the standard pattern.
+          type: string
+        pattern:
+          description: Regex to match.
+          type: string
+        tags:
+          description: List of tags.
+          items:
+            type: string
+          type: array
+      type: object
+    SensitiveDataScannerStandardPatternData:
+      description: A standard pattern.
+      properties:
+        data:
+          $ref: '#/components/schemas/SensitiveDataScannerStandardPattern'
+      type: object
+    SensitiveDataScannerStandardPatternType:
+      default: sensitive_data_scanner_standard_pattern
+      description: Sensitive Data Scanner standard pattern type.
+      enum:
+      - sensitive_data_scanner_standard_pattern
+      example: sensitive_data_scanner_standard_pattern
+      type: string
+      x-enum-varnames:
+      - SENSITIVE_DATA_SCANNER_STANDARD_PATTERN
+    SensitiveDataScannerStandardPatternsResponse:
+      description: List Standard patterns response.
+      items:
+        $ref: '#/components/schemas/SensitiveDataScannerStandardPatternsResponseItem'
+      type: array
+    SensitiveDataScannerStandardPatternsResponseData:
+      description: List Standard patterns response data.
+      properties:
+        data:
+          $ref: '#/components/schemas/SensitiveDataScannerStandardPatternsResponse'
+      type: object
+    SensitiveDataScannerStandardPatternsResponseItem:
+      description: Standard pattern item.
+      properties:
+        attributes:
+          $ref: '#/components/schemas/SensitiveDataScannerStandardPatternAttributes'
+        id:
+          description: ID of the standard pattern.
+          type: string
+        type:
+          $ref: '#/components/schemas/SensitiveDataScannerStandardPatternType'
+      type: object
+    SensitiveDataScannerTextReplacement:
+      description: Object describing how the scanned event will be replaced.
+      properties:
+        number_of_chars:
+          description: 'Required if type == ''partial_replacement_from_beginning''
+
+            or ''partial_replacement_from_end''. It must be > 0.'
+          format: int64
+          minimum: 0
+          type: integer
+        replacement_string:
+          description: Required if type == 'replacement_string'.
+          type: string
+        type:
+          $ref: '#/components/schemas/SensitiveDataScannerTextReplacementType'
+      type: object
+    SensitiveDataScannerTextReplacementType:
+      default: none
+      description: 'Type of the replacement text. None means no replacement.
+
+        hash means the data will be stubbed. replacement_string means that
+
+        one can chose a text to replace the data. partial_replacement_from_beginning
+
+        allows a user to partially replace the data from the beginning, and
+
+        partial_replacement_from_end on the other hand, allows to replace data from
+
+        the end.'
+      enum:
+      - none
+      - hash
+      - replacement_string
+      - partial_replacement_from_beginning
+      - partial_replacement_from_end
+      type: string
+      x-enum-varnames:
+      - NONE
+      - HASH
+      - REPLACEMENT_STRING
+      - PARTIAL_REPLACEMENT_FROM_BEGINNING
+      - PARTIAL_REPLACEMENT_FROM_END
+    ServiceAccountCreateAttributes:
+      description: Attributes of the created user.
+      properties:
+        email:
+          description: The email of the user.
+          example: jane.doe@example.com
+          type: string
+        name:
+          description: The name of the user.
+          type: string
+        service_account:
+          description: Whether the user is a service account. Must be true.
+          example: true
+          type: boolean
+        title:
+          description: The title of the user.
+          type: string
+      required:
+      - email
+      - service_account
+      type: object
+    ServiceAccountCreateData:
+      description: Object to create a service account User.
+      properties:
+        attributes:
+          $ref: '#/components/schemas/ServiceAccountCreateAttributes'
+        relationships:
+          $ref: '#/components/schemas/UserRelationships'
+        type:
+          $ref: '#/components/schemas/UsersType'
+      required:
+      - attributes
+      - type
+      type: object
+    ServiceAccountCreateRequest:
+      description: Create a service account.
+      properties:
+        data:
+          $ref: '#/components/schemas/ServiceAccountCreateData'
+      required:
+      - data
+      type: object
+    ServiceDefinitionCreateResponse:
+      description: Create service definitions response.
+      properties:
+        data:
+          description: Create service definitions response payload.
+          items:
+            $ref: '#/components/schemas/ServiceDefinitionData'
+          type: array
+      type: object
+    ServiceDefinitionData:
+      description: Service definition data.
+      properties:
+        attributes:
+          $ref: '#/components/schemas/ServiceDefinitionDataAttributes'
+        type:
+          description: Service definition type.
+          type: string
+      type: object
+    ServiceDefinitionDataAttributes:
+      description: Service definition attributes.
+      properties:
+        meta:
+          $ref: '#/components/schemas/ServiceDefinitionMeta'
+        schema:
+          $ref: '#/components/schemas/ServiceDefinitionSchema'
+      type: object
+    ServiceDefinitionGetResponse:
+      description: Get service definition response.
+      properties:
+        data:
+          $ref: '#/components/schemas/ServiceDefinitionData'
+      type: object
+    ServiceDefinitionMeta:
+      description: Metadata about a service definition.
+      properties:
+        github-html-url:
+          description: GitHub HTML URL.
           type: string
         ingested-schema-version:
           description: Ingestion schema version.
@@ -14112,22 +14983,178 @@ paths:
         appKeyAuth: []
       - AuthZ:
         - user_access_manage
-      summary: Delete role
+      summary: Delete role
+      tags:
+      - Roles
+      x-codegen-request-body-name: body
+    get:
+      description: "Get a role in the organization specified by the role\u2019s `role_id`."
+      operationId: GetRole
+      parameters:
+      - $ref: '#/components/parameters/RoleID'
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RoleResponse'
+          description: OK
+        '403':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Authentication error
+        '404':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Not found
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ: []
+      summary: Get a role
+      tags:
+      - Roles
+      x-codegen-request-body-name: body
+    patch:
+      description: Edit a role. Can only be used with application keys belonging to
+        administrators.
+      operationId: UpdateRole
+      parameters:
+      - $ref: '#/components/parameters/RoleID'
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/RoleUpdateRequest'
+        required: true
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RoleUpdateResponse'
+          description: OK
+        '400':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Bad Request
+        '403':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Authentication error
+        '404':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Not found
+        '422':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Unprocessable Entity
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - user_access_manage
+      summary: Update a role
+      tags:
+      - Roles
+      x-codegen-request-body-name: body
+  /api/v2/roles/{role_id}/clone:
+    post:
+      description: Clone an existing role
+      operationId: CloneRole
+      parameters:
+      - $ref: '#/components/parameters/RoleID'
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/RoleCloneRequest'
+        required: true
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RoleResponse'
+          description: OK
+        '400':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Bad Request
+        '403':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Authentication error
+        '404':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Not found
+        '409':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Conflict
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - user_access_manage
+      summary: Create a new role by cloning an existing role
       tags:
       - Roles
       x-codegen-request-body-name: body
-    get:
-      description: "Get a role in the organization specified by the role\u2019s `role_id`."
-      operationId: GetRole
+      x-permission: OR(USER_ACCESS_MANAGE)
+  /api/v2/roles/{role_id}/permissions:
+    delete:
+      description: Removes a permission from a role.
+      operationId: RemovePermissionFromRole
       parameters:
       - $ref: '#/components/parameters/RoleID'
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/RelationshipToPermission'
+        required: true
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/RoleResponse'
+                $ref: '#/components/schemas/PermissionsResponse'
           description: OK
+        '400':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Bad Request
         '403':
           content:
             application/json:
@@ -14145,36 +15172,24 @@ paths:
       security:
       - apiKeyAuth: []
         appKeyAuth: []
-      - AuthZ: []
-      summary: Get a role
+      - AuthZ:
+        - user_access_manage
+      summary: Revoke permission
       tags:
       - Roles
       x-codegen-request-body-name: body
-    patch:
-      description: Edit a role. Can only be used with application keys belonging to
-        administrators.
-      operationId: UpdateRole
+    get:
+      description: Returns a list of all permissions for a single role.
+      operationId: ListRolePermissions
       parameters:
       - $ref: '#/components/parameters/RoleID'
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/RoleUpdateRequest'
-        required: true
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/RoleUpdateResponse'
+                $ref: '#/components/schemas/PermissionsResponse'
           description: OK
-        '400':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/APIErrorResponse'
-          description: Bad Request
         '403':
           content:
             application/json:
@@ -14187,41 +15202,33 @@ paths:
               schema:
                 $ref: '#/components/schemas/APIErrorResponse'
           description: Not found
-        '422':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/APIErrorResponse'
-          description: Unprocessable Entity
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
       security:
       - apiKeyAuth: []
         appKeyAuth: []
-      - AuthZ:
-        - user_access_manage
-      summary: Update a role
+      - AuthZ: []
+      summary: List permissions for a role
       tags:
       - Roles
       x-codegen-request-body-name: body
-  /api/v2/roles/{role_id}/clone:
     post:
-      description: Clone an existing role
-      operationId: CloneRole
+      description: Adds a permission to a role.
+      operationId: AddPermissionToRole
       parameters:
       - $ref: '#/components/parameters/RoleID'
       requestBody:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/RoleCloneRequest'
+              $ref: '#/components/schemas/RelationshipToPermission'
         required: true
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/RoleResponse'
+                $ref: '#/components/schemas/PermissionsResponse'
           description: OK
         '400':
           content:
@@ -14241,12 +15248,6 @@ paths:
               schema:
                 $ref: '#/components/schemas/APIErrorResponse'
           description: Not found
-        '409':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/APIErrorResponse'
-          description: Conflict
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
       security:
@@ -14254,29 +15255,28 @@ paths:
         appKeyAuth: []
       - AuthZ:
         - user_access_manage
-      summary: Create a new role by cloning an existing role
+      summary: Grant permission to a role
       tags:
       - Roles
       x-codegen-request-body-name: body
-      x-permission: OR(USER_ACCESS_MANAGE)
-  /api/v2/roles/{role_id}/permissions:
+  /api/v2/roles/{role_id}/users:
     delete:
-      description: Removes a permission from a role.
-      operationId: RemovePermissionFromRole
+      description: Removes a user from a role.
+      operationId: RemoveUserFromRole
       parameters:
       - $ref: '#/components/parameters/RoleID'
       requestBody:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/RelationshipToPermission'
+              $ref: '#/components/schemas/RelationshipToUser'
         required: true
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/PermissionsResponse'
+                $ref: '#/components/schemas/UsersResponse'
           description: OK
         '400':
           content:
@@ -14303,21 +15303,41 @@ paths:
         appKeyAuth: []
       - AuthZ:
         - user_access_manage
-      summary: Revoke permission
+      summary: Remove a user from a role
       tags:
       - Roles
       x-codegen-request-body-name: body
     get:
-      description: Returns a list of all permissions for a single role.
-      operationId: ListRolePermissions
+      description: Gets all users of a role.
+      operationId: ListRoleUsers
       parameters:
       - $ref: '#/components/parameters/RoleID'
+      - $ref: '#/components/parameters/PageSize'
+      - $ref: '#/components/parameters/PageNumber'
+      - description: 'User attribute to order results by. Sort order is **ascending**
+          by default.
+
+          Sort order is **descending** if the field is prefixed by a negative sign,
+
+          for example `sort=-name`. Options: `name`, `email`, `status`.'
+        in: query
+        name: sort
+        required: false
+        schema:
+          default: name
+          type: string
+      - description: Filter all users by the given string. Defaults to no filtering.
+        in: query
+        name: filter
+        required: false
+        schema:
+          type: string
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/PermissionsResponse'
+                $ref: '#/components/schemas/UsersResponse'
           description: OK
         '403':
           content:
@@ -14337,27 +15357,26 @@ paths:
       - apiKeyAuth: []
         appKeyAuth: []
       - AuthZ: []
-      summary: List permissions for a role
+      summary: Get all users of a role
       tags:
       - Roles
-      x-codegen-request-body-name: body
     post:
-      description: Adds a permission to a role.
-      operationId: AddPermissionToRole
+      description: Adds a user to a role.
+      operationId: AddUserToRole
       parameters:
       - $ref: '#/components/parameters/RoleID'
       requestBody:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/RelationshipToPermission'
+              $ref: '#/components/schemas/RelationshipToUser'
         required: true
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/PermissionsResponse'
+                $ref: '#/components/schemas/UsersResponse'
           description: OK
         '400':
           content:
@@ -14384,385 +15403,488 @@ paths:
         appKeyAuth: []
       - AuthZ:
         - user_access_manage
-      summary: Grant permission to a role
+      summary: Add a user to a role
       tags:
       - Roles
       x-codegen-request-body-name: body
-  /api/v2/roles/{role_id}/users:
+  /api/v2/rum/analytics/aggregate:
+    post:
+      description: The API endpoint to aggregate RUM events into buckets of computed
+        metrics and timeseries.
+      operationId: AggregateRUMEvents
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/RUMAggregateRequest'
+        required: true
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RUMAnalyticsAggregateResponse'
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ: []
+      summary: Aggregate RUM events
+      tags:
+      - RUM
+      x-codegen-request-body-name: body
+  /api/v2/rum/applications:
+    get:
+      description: List all the RUM applications in your organization.
+      operationId: GetRUMApplications
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RUMApplicationsResponse'
+          description: OK
+        '404':
+          $ref: '#/components/responses/NotFoundResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: List all the RUM applications
+      tags:
+      - RUM
+    post:
+      description: Create a new RUM application in your organization.
+      operationId: CreateRUMApplication
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/RUMApplicationCreateRequest'
+        required: true
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RUMApplicationResponse'
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Create a new RUM application
+      tags:
+      - RUM
+      x-codegen-request-body-name: body
+  /api/v2/rum/applications/{id}:
     delete:
-      description: Removes a user from a role.
-      operationId: RemoveUserFromRole
+      description: Delete an existing RUM application in your organization.
+      operationId: DeleteRUMApplication
+      parameters:
+      - description: RUM application ID.
+        in: path
+        name: id
+        required: true
+        schema:
+          type: string
+      responses:
+        '204':
+          description: No Content
+        '404':
+          $ref: '#/components/responses/NotFoundResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Delete a RUM application
+      tags:
+      - RUM
+    get:
+      description: Get the RUM application with given ID in your organization.
+      operationId: GetRUMApplication
+      parameters:
+      - description: RUM application ID.
+        in: path
+        name: id
+        required: true
+        schema:
+          type: string
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RUMApplicationResponse'
+          description: OK
+        '404':
+          $ref: '#/components/responses/NotFoundResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Get a RUM application
+      tags:
+      - RUM
+    patch:
+      description: Update the RUM application with given ID in your organization.
+      operationId: UpdateRUMApplication
       parameters:
-      - $ref: '#/components/parameters/RoleID'
+      - description: RUM application ID.
+        in: path
+        name: id
+        required: true
+        schema:
+          type: string
       requestBody:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/RelationshipToUser'
+              $ref: '#/components/schemas/RUMApplicationUpdateRequest'
         required: true
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/UsersResponse'
+                $ref: '#/components/schemas/RUMApplicationResponse'
           description: OK
         '400':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/APIErrorResponse'
-          description: Bad Request
-        '403':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/APIErrorResponse'
-          description: Authentication error
+          $ref: '#/components/responses/BadRequestResponse'
         '404':
+          $ref: '#/components/responses/NotFoundResponse'
+        '422':
           content:
             application/json:
               schema:
                 $ref: '#/components/schemas/APIErrorResponse'
-          description: Not found
+          description: Unprocessable Entity.
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
-      security:
-      - apiKeyAuth: []
-        appKeyAuth: []
-      - AuthZ:
-        - user_access_manage
-      summary: Remove a user from a role
+      summary: Update a RUM application
       tags:
-      - Roles
+      - RUM
       x-codegen-request-body-name: body
+  /api/v2/rum/events:
     get:
-      description: Gets all users of a role.
-      operationId: ListRoleUsers
-      parameters:
-      - $ref: '#/components/parameters/RoleID'
-      - $ref: '#/components/parameters/PageSize'
-      - $ref: '#/components/parameters/PageNumber'
-      - description: 'User attribute to order results by. Sort order is **ascending**
-          by default.
+      description: 'List endpoint returns events that match a RUM search query.
 
-          Sort order is **descending** if the field is prefixed by a negative sign,
+        [Results are paginated][1].
 
-          for example `sort=-name`. Options: `name`, `email`, `status`.'
+
+        Use this endpoint to see your latest RUM events.
+
+
+        [1]: https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination'
+      operationId: ListRUMEvents
+      parameters:
+      - description: Search query following RUM syntax.
+        example: '@type:session @application_id:xxxx'
         in: query
-        name: sort
+        name: filter[query]
         required: false
         schema:
-          default: name
           type: string
-      - description: Filter all users by the given string. Defaults to no filtering.
+      - description: Minimum timestamp for requested events.
+        example: '2019-01-02T09:42:36.320Z'
         in: query
-        name: filter
+        name: filter[from]
+        required: false
+        schema:
+          format: date-time
+          type: string
+      - description: Maximum timestamp for requested events.
+        example: '2019-01-03T09:42:36.320Z'
+        in: query
+        name: filter[to]
+        required: false
+        schema:
+          format: date-time
+          type: string
+      - description: Order of events in results.
+        in: query
+        name: sort
+        required: false
+        schema:
+          $ref: '#/components/schemas/RUMSort'
+      - description: List following results with a cursor provided in the previous
+          query.
+        example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==
+        in: query
+        name: page[cursor]
         required: false
         schema:
           type: string
+      - description: Maximum number of events in the response.
+        example: 25
+        in: query
+        name: page[limit]
+        required: false
+        schema:
+          default: 10
+          format: int32
+          maximum: 1000
+          type: integer
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/UsersResponse'
+                $ref: '#/components/schemas/RUMEventsResponse'
           description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
         '403':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/APIErrorResponse'
-          description: Authentication error
-        '404':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/APIErrorResponse'
-          description: Not found
+          $ref: '#/components/responses/NotAuthorizedResponse'
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
       security:
       - apiKeyAuth: []
         appKeyAuth: []
       - AuthZ: []
-      summary: Get all users of a role
+      summary: Get a list of RUM events
       tags:
-      - Roles
+      - RUM
+      x-pagination:
+        cursorParam: page[cursor]
+        cursorPath: meta.page.after
+        limitParam: page[limit]
+        resultsPath: data
+  /api/v2/rum/events/search:
     post:
-      description: Adds a user to a role.
-      operationId: AddUserToRole
-      parameters:
-      - $ref: '#/components/parameters/RoleID'
+      description: 'List endpoint returns RUM events that match a RUM search query.
+
+        [Results are paginated][1].
+
+
+        Use this endpoint to build complex RUM events filtering and search.
+
+
+        [1]: https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination'
+      operationId: SearchRUMEvents
       requestBody:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/RelationshipToUser'
+              $ref: '#/components/schemas/RUMSearchEventsRequest'
         required: true
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/UsersResponse'
+                $ref: '#/components/schemas/RUMEventsResponse'
           description: OK
         '400':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/APIErrorResponse'
-          description: Bad Request
+          $ref: '#/components/responses/BadRequestResponse'
         '403':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/APIErrorResponse'
-          description: Authentication error
-        '404':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/APIErrorResponse'
-          description: Not found
+          $ref: '#/components/responses/NotAuthorizedResponse'
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
       security:
       - apiKeyAuth: []
         appKeyAuth: []
-      - AuthZ:
-        - user_access_manage
-      summary: Add a user to a role
+      - AuthZ: []
+      summary: Search RUM events
       tags:
-      - Roles
+      - RUM
       x-codegen-request-body-name: body
-  /api/v2/rum/analytics/aggregate:
+      x-pagination:
+        cursorParam: body.page.cursor
+        cursorPath: meta.page.after
+        limitParam: body.page.limit
+        resultsPath: data
+  /api/v2/saml_configurations/idp_metadata:
     post:
-      description: The API endpoint to aggregate RUM events into buckets of computed
-        metrics and timeseries.
-      operationId: AggregateRUMEvents
+      description: 'Endpoint for uploading IdP metadata for SAML setup.
+
+
+        Use this endpoint to upload or replace IdP metadata for SAML login configuration.'
+      operationId: UploadIdPMetadata
       requestBody:
         content:
-          application/json:
+          multipart/form-data:
             schema:
-              $ref: '#/components/schemas/RUMAggregateRequest'
+              $ref: '#/components/schemas/IdPMetadataFormData'
         required: true
       responses:
         '200':
+          description: OK
+        '400':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/RUMAnalyticsAggregateResponse'
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Bad Request
+        '403':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Forbidden
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Upload IdP metadata
+      tags:
+      - Organizations
+      x-codegen-request-body-name: body
+  /api/v2/security/cloud_workload/policy/download:
+    get:
+      description: 'The download endpoint generates a Cloud Workload Security policy
+        file from your currently active
+
+        Cloud Workload Security rules, and downloads them as a .policy file. This
+        file can then be deployed to
+
+        your Agents to update the policy running in your environment.'
+      operationId: DownloadCloudWorkloadPolicyFile
+      responses:
+        '200':
+          content:
+            application/yaml:
+              schema:
+                format: binary
+                type: string
           description: OK
-        '400':
-          $ref: '#/components/responses/BadRequestResponse'
         '403':
           $ref: '#/components/responses/NotAuthorizedResponse'
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
-      security:
-      - apiKeyAuth: []
-        appKeyAuth: []
-      - AuthZ: []
-      summary: Aggregate RUM events
+      summary: Get the latest Cloud Workload Security policy
       tags:
-      - RUM
-      x-codegen-request-body-name: body
-  /api/v2/rum/applications:
+      - Cloud Workload Security
+  /api/v2/security_monitoring/cloud_workload_security/agent_rules:
     get:
-      description: List all the RUM applications in your organization.
-      operationId: GetRUMApplications
+      description: Get the list of Agent rules.
+      operationId: ListCloudWorkloadSecurityAgentRules
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/RUMApplicationsResponse'
+                $ref: '#/components/schemas/CloudWorkloadSecurityAgentRulesListResponse'
           description: OK
-        '404':
-          $ref: '#/components/responses/NotFoundResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
-      summary: List all the RUM applications
+      summary: Get all Cloud Workload Security Agent rules
       tags:
-      - RUM
+      - Cloud Workload Security
     post:
-      description: Create a new RUM application in your organization.
-      operationId: CreateRUMApplication
+      description: Create a new Agent rule with the given parameters.
+      operationId: CreateCloudWorkloadSecurityAgentRule
       requestBody:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/RUMApplicationCreateRequest'
+              $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleCreateRequest'
+        description: The definition of the new Agent rule.
         required: true
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/RUMApplicationResponse'
+                $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleResponse'
           description: OK
         '400':
           $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '409':
+          $ref: '#/components/responses/ConflictResponse'
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
-      summary: Create a new RUM application
+      summary: Create a Cloud Workload Security Agent rule
       tags:
-      - RUM
+      - Cloud Workload Security
       x-codegen-request-body-name: body
-  /api/v2/rum/applications/{id}:
+  /api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}:
     delete:
-      description: Delete an existing RUM application in your organization.
-      operationId: DeleteRUMApplication
+      description: Delete a specific Agent rule.
+      operationId: DeleteCloudWorkloadSecurityAgentRule
       parameters:
-      - description: RUM application ID.
-        in: path
-        name: id
-        required: true
-        schema:
-          type: string
+      - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID'
       responses:
         '204':
-          description: No Content
+          description: OK
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
         '404':
           $ref: '#/components/responses/NotFoundResponse'
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
-      summary: Delete a RUM application
+      summary: Delete a Cloud Workload Security Agent rule
       tags:
-      - RUM
+      - Cloud Workload Security
     get:
-      description: Get the RUM application with given ID in your organization.
-      operationId: GetRUMApplication
+      description: Get the details of a specific Agent rule.
+      operationId: GetCloudWorkloadSecurityAgentRule
       parameters:
-      - description: RUM application ID.
-        in: path
-        name: id
-        required: true
-        schema:
-          type: string
+      - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID'
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/RUMApplicationResponse'
+                $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleResponse'
           description: OK
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
         '404':
           $ref: '#/components/responses/NotFoundResponse'
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
-      summary: Get a RUM application
+      summary: Get a Cloud Workload Security Agent rule
       tags:
-      - RUM
+      - Cloud Workload Security
     patch:
-      description: Update the RUM application with given ID in your organization.
-      operationId: UpdateRUMApplication
+      description: 'Update a specific Agent rule.
+
+        Returns the Agent rule object when the request is successful.'
+      operationId: UpdateCloudWorkloadSecurityAgentRule
       parameters:
-      - description: RUM application ID.
-        in: path
-        name: id
-        required: true
-        schema:
-          type: string
+      - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID'
       requestBody:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/RUMApplicationUpdateRequest'
+              $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleUpdateRequest'
+        description: New definition of the Agent rule.
         required: true
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/RUMApplicationResponse'
+                $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleResponse'
           description: OK
         '400':
           $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
         '404':
           $ref: '#/components/responses/NotFoundResponse'
-        '422':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/APIErrorResponse'
-          description: Unprocessable Entity.
+        '409':
+          $ref: '#/components/responses/ConcurrentModificationResponse'
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
-      summary: Update a RUM application
+      summary: Update a Cloud Workload Security Agent rule
       tags:
-      - RUM
+      - Cloud Workload Security
       x-codegen-request-body-name: body
-  /api/v2/rum/events:
+  /api/v2/security_monitoring/configuration/security_filters:
     get:
-      description: 'List endpoint returns events that match a RUM search query.
-
-        [Results are paginated][1].
-
-
-        Use this endpoint to see your latest RUM events.
-
-
-        [1]: https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination'
-      operationId: ListRUMEvents
-      parameters:
-      - description: Search query following RUM syntax.
-        example: '@type:session @application_id:xxxx'
-        in: query
-        name: filter[query]
-        required: false
-        schema:
-          type: string
-      - description: Minimum timestamp for requested events.
-        example: '2019-01-02T09:42:36.320Z'
-        in: query
-        name: filter[from]
-        required: false
-        schema:
-          format: date-time
-          type: string
-      - description: Maximum timestamp for requested events.
-        example: '2019-01-03T09:42:36.320Z'
-        in: query
-        name: filter[to]
-        required: false
-        schema:
-          format: date-time
-          type: string
-      - description: Order of events in results.
-        in: query
-        name: sort
-        required: false
-        schema:
-          $ref: '#/components/schemas/RUMSort'
-      - description: List following results with a cursor provided in the previous
-          query.
-        example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==
-        in: query
-        name: page[cursor]
-        required: false
-        schema:
-          type: string
-      - description: Maximum number of events in the response.
-        example: 25
-        in: query
-        name: page[limit]
-        required: false
-        schema:
-          default: 10
-          format: int32
-          maximum: 1000
-          type: integer
+      description: Get the list of configured security filters with their definitions.
+      operationId: ListSecurityFilters
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/RUMEventsResponse'
+                $ref: '#/components/schemas/SecurityFiltersResponse'
           description: OK
-        '400':
-          $ref: '#/components/responses/BadRequestResponse'
         '403':
           $ref: '#/components/responses/NotAuthorizedResponse'
         '429':
@@ -14770,171 +15892,207 @@ paths:
       security:
       - apiKeyAuth: []
         appKeyAuth: []
-      - AuthZ: []
-      summary: Get a list of RUM events
+      - AuthZ:
+        - security_monitoring_filters_read
+      summary: Get all security filters
       tags:
-      - RUM
-      x-pagination:
-        cursorParam: page[cursor]
-        cursorPath: meta.page.after
-        limitParam: page[limit]
-        resultsPath: data
-  /api/v2/rum/events/search:
+      - Security Monitoring
     post:
-      description: 'List endpoint returns RUM events that match a RUM search query.
-
-        [Results are paginated][1].
-
+      description: 'Create a security filter.
 
-        Use this endpoint to build complex RUM events filtering and search.
 
+        See the [security filter guide](https://docs.datadoghq.com/security_platform/guide/how-to-setup-security-filters-using-security-monitoring-api/)
 
-        [1]: https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination'
-      operationId: SearchRUMEvents
+        for more examples.'
+      operationId: CreateSecurityFilter
       requestBody:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/RUMSearchEventsRequest'
+              $ref: '#/components/schemas/SecurityFilterCreateRequest'
+        description: The definition of the new security filter.
         required: true
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/RUMEventsResponse'
+                $ref: '#/components/schemas/SecurityFilterResponse'
           description: OK
         '400':
           $ref: '#/components/responses/BadRequestResponse'
         '403':
           $ref: '#/components/responses/NotAuthorizedResponse'
+        '409':
+          $ref: '#/components/responses/ConflictResponse'
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
       security:
       - apiKeyAuth: []
         appKeyAuth: []
-      - AuthZ: []
-      summary: Search RUM events
+      - AuthZ:
+        - security_monitoring_filters_write
+      summary: Create a security filter
       tags:
-      - RUM
+      - Security Monitoring
       x-codegen-request-body-name: body
-      x-pagination:
-        cursorParam: body.page.cursor
-        cursorPath: meta.page.after
-        limitParam: body.page.limit
-        resultsPath: data
-  /api/v2/saml_configurations/idp_metadata:
-    post:
-      description: 'Endpoint for uploading IdP metadata for SAML setup.
+  /api/v2/security_monitoring/configuration/security_filters/{security_filter_id}:
+    delete:
+      description: Delete a specific security filter.
+      operationId: DeleteSecurityFilter
+      parameters:
+      - $ref: '#/components/parameters/SecurityFilterID'
+      responses:
+        '204':
+          description: OK
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '404':
+          $ref: '#/components/responses/NotFoundResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_filters_write
+      summary: Delete a security filter
+      tags:
+      - Security Monitoring
+    get:
+      description: 'Get the details of a specific security filter.
 
 
-        Use this endpoint to upload or replace IdP metadata for SAML login configuration.'
-      operationId: UploadIdPMetadata
+        See the [security filter guide](https://docs.datadoghq.com/security_platform/guide/how-to-setup-security-filters-using-security-monitoring-api/)
+
+        for more examples.'
+      operationId: GetSecurityFilter
+      parameters:
+      - $ref: '#/components/parameters/SecurityFilterID'
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SecurityFilterResponse'
+          description: OK
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '404':
+          $ref: '#/components/responses/NotFoundResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_filters_read
+      summary: Get a security filter
+      tags:
+      - Security Monitoring
+    patch:
+      description: 'Update a specific security filter.
+
+        Returns the security filter object when the request is successful.'
+      operationId: UpdateSecurityFilter
+      parameters:
+      - $ref: '#/components/parameters/SecurityFilterID'
       requestBody:
         content:
-          multipart/form-data:
+          application/json:
             schema:
-              $ref: '#/components/schemas/IdPMetadataFormData'
+              $ref: '#/components/schemas/SecurityFilterUpdateRequest'
+        description: New definition of the security filter.
         required: true
       responses:
         '200':
-          description: OK
-        '400':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/APIErrorResponse'
-          description: Bad Request
-        '403':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/APIErrorResponse'
-          description: Forbidden
-        '429':
-          $ref: '#/components/responses/TooManyRequestsResponse'
-      summary: Upload IdP metadata
-      tags:
-      - Organizations
-      x-codegen-request-body-name: body
-  /api/v2/security/cloud_workload/policy/download:
-    get:
-      description: 'The download endpoint generates a Cloud Workload Security policy
-        file from your currently active
-
-        Cloud Workload Security rules, and downloads them as a .policy file. This
-        file can then be deployed to
-
-        your Agents to update the policy running in your environment.'
-      operationId: DownloadCloudWorkloadPolicyFile
-      responses:
-        '200':
-          content:
-            application/yaml:
-              schema:
-                format: binary
-                type: string
+                $ref: '#/components/schemas/SecurityFilterResponse'
           description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
         '403':
           $ref: '#/components/responses/NotAuthorizedResponse'
+        '404':
+          $ref: '#/components/responses/NotFoundResponse'
+        '409':
+          $ref: '#/components/responses/ConcurrentModificationResponse'
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
-      summary: Get the latest Cloud Workload Security policy
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_filters_write
+      summary: Update a security filter
       tags:
-      - Cloud Workload Security
-  /api/v2/security_monitoring/cloud_workload_security/agent_rules:
+      - Security Monitoring
+      x-codegen-request-body-name: body
+  /api/v2/security_monitoring/rules:
     get:
-      description: Get the list of Agent rules.
-      operationId: ListCloudWorkloadSecurityAgentRules
+      description: List rules.
+      operationId: ListSecurityMonitoringRules
+      parameters:
+      - $ref: '#/components/parameters/PageSize'
+      - $ref: '#/components/parameters/PageNumber'
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/CloudWorkloadSecurityAgentRulesListResponse'
+                $ref: '#/components/schemas/SecurityMonitoringListRulesResponse'
           description: OK
-        '403':
-          $ref: '#/components/responses/NotAuthorizedResponse'
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
-      summary: Get all Cloud Workload Security Agent rules
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_rules_read
+      summary: List rules
       tags:
-      - Cloud Workload Security
+      - Security Monitoring
     post:
-      description: Create a new Agent rule with the given parameters.
-      operationId: CreateCloudWorkloadSecurityAgentRule
+      description: Create a detection rule.
+      operationId: CreateSecurityMonitoringRule
       requestBody:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleCreateRequest'
-        description: The definition of the new Agent rule.
+              $ref: '#/components/schemas/SecurityMonitoringRuleCreatePayload'
         required: true
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleResponse'
+                $ref: '#/components/schemas/SecurityMonitoringRuleResponse'
           description: OK
         '400':
           $ref: '#/components/responses/BadRequestResponse'
         '403':
           $ref: '#/components/responses/NotAuthorizedResponse'
-        '409':
-          $ref: '#/components/responses/ConflictResponse'
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
-      summary: Create a Cloud Workload Security Agent rule
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_rules_write
+      summary: Create a detection rule
       tags:
-      - Cloud Workload Security
+      - Security Monitoring
       x-codegen-request-body-name: body
-  /api/v2/security_monitoring/cloud_workload_security/agent_rules/{agent_rule_id}:
+  /api/v2/security_monitoring/rules/{rule_id}:
     delete:
-      description: Delete a specific Agent rule.
-      operationId: DeleteCloudWorkloadSecurityAgentRule
+      description: Delete an existing rule. Default rules cannot be deleted.
+      operationId: DeleteSecurityMonitoringRule
       parameters:
-      - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID'
+      - $ref: '#/components/parameters/SecurityMonitoringRuleID'
       responses:
         '204':
           description: OK
@@ -14944,76 +16102,147 @@ paths:
           $ref: '#/components/responses/NotFoundResponse'
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
-      summary: Delete a Cloud Workload Security Agent rule
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_rules_write
+      summary: Delete an existing rule
       tags:
-      - Cloud Workload Security
+      - Security Monitoring
     get:
-      description: Get the details of a specific Agent rule.
-      operationId: GetCloudWorkloadSecurityAgentRule
+      description: Get a rule's details.
+      operationId: GetSecurityMonitoringRule
       parameters:
-      - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID'
+      - $ref: '#/components/parameters/SecurityMonitoringRuleID'
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleResponse'
+                $ref: '#/components/schemas/SecurityMonitoringRuleResponse'
           description: OK
-        '403':
-          $ref: '#/components/responses/NotAuthorizedResponse'
         '404':
           $ref: '#/components/responses/NotFoundResponse'
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
-      summary: Get a Cloud Workload Security Agent rule
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_rules_read
+      summary: Get a rule's details
       tags:
-      - Cloud Workload Security
-    patch:
-      description: 'Update a specific Agent rule.
+      - Security Monitoring
+    put:
+      description: 'Update an existing rule. When updating `cases`, `queries` or `options`,
+        the whole field
 
-        Returns the Agent rule object when the request is successful.'
-      operationId: UpdateCloudWorkloadSecurityAgentRule
+        must be included. For example, when modifying a query all queries must be
+        included.
+
+        Default rules can only be updated to be enabled and to change notifications.'
+      operationId: UpdateSecurityMonitoringRule
       parameters:
-      - $ref: '#/components/parameters/CloudWorkloadSecurityAgentRuleID'
+      - $ref: '#/components/parameters/SecurityMonitoringRuleID'
       requestBody:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleUpdateRequest'
-        description: New definition of the Agent rule.
+              $ref: '#/components/schemas/SecurityMonitoringRuleUpdatePayload'
         required: true
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/CloudWorkloadSecurityAgentRuleResponse'
+                $ref: '#/components/schemas/SecurityMonitoringRuleResponse'
           description: OK
         '400':
           $ref: '#/components/responses/BadRequestResponse'
+        '401':
+          $ref: '#/components/responses/ConcurrentModificationResponse'
         '403':
           $ref: '#/components/responses/NotAuthorizedResponse'
         '404':
           $ref: '#/components/responses/NotFoundResponse'
-        '409':
-          $ref: '#/components/responses/ConcurrentModificationResponse'
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
-      summary: Update a Cloud Workload Security Agent rule
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_rules_write
+      summary: Update an existing rule
       tags:
-      - Cloud Workload Security
+      - Security Monitoring
       x-codegen-request-body-name: body
-  /api/v2/security_monitoring/configuration/security_filters:
+  /api/v2/security_monitoring/signals:
     get:
-      description: Get the list of configured security filters with their definitions.
-      operationId: ListSecurityFilters
+      description: 'The list endpoint returns security signals that match a search
+        query.
+
+        Both this endpoint and the POST endpoint can be used interchangeably when
+        listing
+
+        security signals.'
+      operationId: ListSecurityMonitoringSignals
+      parameters:
+      - description: The search query for security signals.
+        example: security:attack status:high
+        in: query
+        name: filter[query]
+        required: false
+        schema:
+          type: string
+      - description: The minimum timestamp for requested security signals.
+        example: '2019-01-02T09:42:36.320Z'
+        in: query
+        name: filter[from]
+        required: false
+        schema:
+          format: date-time
+          type: string
+      - description: The maximum timestamp for requested security signals.
+        example: '2019-01-03T09:42:36.320Z'
+        in: query
+        name: filter[to]
+        required: false
+        schema:
+          format: date-time
+          type: string
+      - description: The order of the security signals in results.
+        in: query
+        name: sort
+        required: false
+        schema:
+          $ref: '#/components/schemas/SecurityMonitoringSignalsSort'
+      - description: A list of results using the cursor provided in the previous query.
+        example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==
+        in: query
+        name: page[cursor]
+        required: false
+        schema:
+          type: string
+      - description: The maximum number of security signals in the response.
+        example: 25
+        in: query
+        name: page[limit]
+        required: false
+        schema:
+          default: 10
+          format: int32
+          maximum: 1000
+          type: integer
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/SecurityFiltersResponse'
+                $ref: '#/components/schemas/SecurityMonitoringSignalsListResponse'
           description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
         '403':
           $ref: '#/components/responses/NotAuthorizedResponse'
         '429':
@@ -15022,91 +16251,69 @@ paths:
       - apiKeyAuth: []
         appKeyAuth: []
       - AuthZ:
-        - security_monitoring_filters_read
-      summary: Get all security filters
+        - security_monitoring_signals_read
+      summary: Get a quick list of security signals
       tags:
       - Security Monitoring
+      x-pagination:
+        cursorParam: page[cursor]
+        cursorPath: meta.page.after
+        limitParam: page[limit]
+        resultsPath: data
+  /api/v2/security_monitoring/signals/search:
     post:
-      description: 'Create a security filter.
-
+      description: 'Returns security signals that match a search query.
 
-        See the [security filter guide](https://docs.datadoghq.com/security_platform/guide/how-to-setup-security-filters-using-security-monitoring-api/)
+        Both this endpoint and the GET endpoint can be used interchangeably for listing
 
-        for more examples.'
-      operationId: CreateSecurityFilter
+        security signals.'
+      operationId: SearchSecurityMonitoringSignals
       requestBody:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/SecurityFilterCreateRequest'
-        description: The definition of the new security filter.
-        required: true
+              $ref: '#/components/schemas/SecurityMonitoringSignalListRequest'
+        required: false
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/SecurityFilterResponse'
+                $ref: '#/components/schemas/SecurityMonitoringSignalsListResponse'
           description: OK
         '400':
           $ref: '#/components/responses/BadRequestResponse'
         '403':
           $ref: '#/components/responses/NotAuthorizedResponse'
-        '409':
-          $ref: '#/components/responses/ConflictResponse'
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
       security:
       - apiKeyAuth: []
         appKeyAuth: []
       - AuthZ:
-        - security_monitoring_filters_write
-      summary: Create a security filter
+        - security_monitoring_signals_read
+      summary: Get a list of security signals
       tags:
       - Security Monitoring
       x-codegen-request-body-name: body
-  /api/v2/security_monitoring/configuration/security_filters/{security_filter_id}:
-    delete:
-      description: Delete a specific security filter.
-      operationId: DeleteSecurityFilter
-      parameters:
-      - $ref: '#/components/parameters/SecurityFilterID'
-      responses:
-        '204':
-          description: OK
-        '403':
-          $ref: '#/components/responses/NotAuthorizedResponse'
-        '404':
-          $ref: '#/components/responses/NotFoundResponse'
-        '429':
-          $ref: '#/components/responses/TooManyRequestsResponse'
-      security:
-      - apiKeyAuth: []
-        appKeyAuth: []
-      - AuthZ:
-        - security_monitoring_filters_write
-      summary: Delete a security filter
-      tags:
-      - Security Monitoring
+      x-pagination:
+        cursorParam: body.page.cursor
+        cursorPath: meta.page.after
+        limitParam: body.page.limit
+        resultsPath: data
+  /api/v2/security_monitoring/signals/{signal_id}:
     get:
-      description: 'Get the details of a specific security filter.
-
-
-        See the [security filter guide](https://docs.datadoghq.com/security_platform/guide/how-to-setup-security-filters-using-security-monitoring-api/)
-
-        for more examples.'
-      operationId: GetSecurityFilter
+      description: Get a signal's details.
+      operationId: GetSecurityMonitoringSignal
       parameters:
-      - $ref: '#/components/parameters/SecurityFilterID'
+      - $ref: '#/components/parameters/SignalID'
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/SecurityFilterResponse'
+                $ref: '#/components/schemas/SecurityMonitoringSignal'
           description: OK
-        '403':
-          $ref: '#/components/responses/NotAuthorizedResponse'
         '404':
           $ref: '#/components/responses/NotFoundResponse'
         '429':
@@ -15115,365 +16322,355 @@ paths:
       - apiKeyAuth: []
         appKeyAuth: []
       - AuthZ:
-        - security_monitoring_filters_read
-      summary: Get a security filter
+        - security_monitoring_signals_read
+      summary: Get a signal's details
       tags:
       - Security Monitoring
+  /api/v2/security_monitoring/signals/{signal_id}/assignee:
     patch:
-      description: 'Update a specific security filter.
-
-        Returns the security filter object when the request is successful.'
-      operationId: UpdateSecurityFilter
+      description: Modify the triage assignee of a security signal.
+      operationId: EditSecurityMonitoringSignalAssignee
       parameters:
-      - $ref: '#/components/parameters/SecurityFilterID'
+      - $ref: '#/components/parameters/SignalID'
       requestBody:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/SecurityFilterUpdateRequest'
-        description: New definition of the security filter.
+              $ref: '#/components/schemas/SecurityMonitoringSignalAssigneeUpdateRequest'
+        description: Attributes describing the signal update.
         required: true
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/SecurityFilterResponse'
+                $ref: '#/components/schemas/SecurityMonitoringSignalTriageUpdateResponse'
           description: OK
         '400':
-          $ref: '#/components/responses/BadRequestResponse'
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Bad Request
         '403':
-          $ref: '#/components/responses/NotAuthorizedResponse'
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Forbidden
         '404':
-          $ref: '#/components/responses/NotFoundResponse'
-        '409':
-          $ref: '#/components/responses/ConcurrentModificationResponse'
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Not Found
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
-      security:
-      - apiKeyAuth: []
-        appKeyAuth: []
-      - AuthZ:
-        - security_monitoring_filters_write
-      summary: Update a security filter
+      summary: Modify the triage assignee of a security signal
       tags:
       - Security Monitoring
       x-codegen-request-body-name: body
-  /api/v2/security_monitoring/rules:
-    get:
-      description: List rules.
-      operationId: ListSecurityMonitoringRules
+  /api/v2/security_monitoring/signals/{signal_id}/incidents:
+    patch:
+      description: Change the related incidents for a security signal.
+      operationId: EditSecurityMonitoringSignalIncidents
       parameters:
-      - $ref: '#/components/parameters/PageSize'
-      - $ref: '#/components/parameters/PageNumber'
+      - $ref: '#/components/parameters/SignalID'
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SecurityMonitoringSignalIncidentsUpdateRequest'
+        description: Attributes describing the signal update.
+        required: true
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/SecurityMonitoringListRulesResponse'
+                $ref: '#/components/schemas/SecurityMonitoringSignalTriageUpdateResponse'
           description: OK
         '400':
-          $ref: '#/components/responses/BadRequestResponse'
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Bad Request
+        '403':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Forbidden
+        '404':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Not Found
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
-      security:
-      - apiKeyAuth: []
-        appKeyAuth: []
-      - AuthZ:
-        - security_monitoring_rules_read
-      summary: List rules
+      summary: Change the related incidents of a security signal
       tags:
       - Security Monitoring
-    post:
-      description: Create a detection rule.
-      operationId: CreateSecurityMonitoringRule
+      x-codegen-request-body-name: body
+  /api/v2/security_monitoring/signals/{signal_id}/state:
+    patch:
+      description: Change the triage state of a security signal.
+      operationId: EditSecurityMonitoringSignalState
+      parameters:
+      - $ref: '#/components/parameters/SignalID'
       requestBody:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/SecurityMonitoringRuleCreatePayload'
+              $ref: '#/components/schemas/SecurityMonitoringSignalStateUpdateRequest'
+        description: Attributes describing the signal update.
         required: true
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/SecurityMonitoringRuleResponse'
+                $ref: '#/components/schemas/SecurityMonitoringSignalTriageUpdateResponse'
           description: OK
         '400':
-          $ref: '#/components/responses/BadRequestResponse'
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Bad Request
         '403':
-          $ref: '#/components/responses/NotAuthorizedResponse'
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Forbidden
+        '404':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Not Found
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
-      security:
-      - apiKeyAuth: []
-        appKeyAuth: []
-      - AuthZ:
-        - security_monitoring_rules_write
-      summary: Create a detection rule
+      summary: Change the triage state of a security signal
       tags:
       - Security Monitoring
       x-codegen-request-body-name: body
-  /api/v2/security_monitoring/rules/{rule_id}:
-    delete:
-      description: Delete an existing rule. Default rules cannot be deleted.
-      operationId: DeleteSecurityMonitoringRule
-      parameters:
-      - $ref: '#/components/parameters/SecurityMonitoringRuleID'
+  /api/v2/sensitive-data-scanner/config:
+    get:
+      description: List all the Scanning groups in your organization.
+      operationId: ListScanningGroups
       responses:
-        '204':
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SensitiveDataScannerGetConfigResponse'
           description: OK
+        '400':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Bad Request
         '403':
-          $ref: '#/components/responses/NotAuthorizedResponse'
-        '404':
-          $ref: '#/components/responses/NotFoundResponse'
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Authentication Error
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
-      security:
-      - apiKeyAuth: []
-        appKeyAuth: []
-      - AuthZ:
-        - security_monitoring_rules_write
-      summary: Delete an existing rule
+      summary: List Scanning Groups
       tags:
-      - Security Monitoring
-    get:
-      description: Get a rule's details.
-      operationId: GetSecurityMonitoringRule
-      parameters:
-      - $ref: '#/components/parameters/SecurityMonitoringRuleID'
+      - Sensitive Data Scanner
+    patch:
+      description: Reorder the list of groups.
+      operationId: ReorderScanningGroups
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SensitiveDataScannerConfigRequest'
+        required: true
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/SecurityMonitoringRuleResponse'
+                $ref: '#/components/schemas/SensitiveDataScannerReorderGroupsResponse'
           description: OK
-        '404':
-          $ref: '#/components/responses/NotFoundResponse'
+        '400':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Bad Request
+        '403':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Authentication Error
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
-      security:
-      - apiKeyAuth: []
-        appKeyAuth: []
-      - AuthZ:
-        - security_monitoring_rules_read
-      summary: Get a rule's details
+      summary: Reorder Groups
       tags:
-      - Security Monitoring
-    put:
-      description: 'Update an existing rule. When updating `cases`, `queries` or `options`,
-        the whole field
+      - Sensitive Data Scanner
+      x-codegen-request-body-name: body
+  /api/v2/sensitive-data-scanner/config/groups:
+    post:
+      description: 'Create a scanning group.
+
+        The request MAY include a configuration relationship.
+
+        A rules relationship can be omitted entirely, but if it is included it MUST
+        be
 
-        must be included. For example, when modifying a query all queries must be
-        included.
+        null or an empty array (rules cannot be created at the same time).
 
-        Default rules can only be updated to be enabled and to change notifications.'
-      operationId: UpdateSecurityMonitoringRule
-      parameters:
-      - $ref: '#/components/parameters/SecurityMonitoringRuleID'
+        The new group will be ordered last within the configuration.'
+      operationId: CreateScanningGroup
       requestBody:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/SecurityMonitoringRuleUpdatePayload'
+              $ref: '#/components/schemas/SensitiveDataScannerGroupCreateRequest'
         required: true
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/SecurityMonitoringRuleResponse'
+                $ref: '#/components/schemas/SensitiveDataScannerCreateGroupResponse'
           description: OK
         '400':
-          $ref: '#/components/responses/BadRequestResponse'
-        '401':
-          $ref: '#/components/responses/ConcurrentModificationResponse'
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Bad Request
         '403':
-          $ref: '#/components/responses/NotAuthorizedResponse'
-        '404':
-          $ref: '#/components/responses/NotFoundResponse'
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Authentication Error
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
-      security:
-      - apiKeyAuth: []
-        appKeyAuth: []
-      - AuthZ:
-        - security_monitoring_rules_write
-      summary: Update an existing rule
+      summary: Create Scanning Group
       tags:
-      - Security Monitoring
+      - Sensitive Data Scanner
       x-codegen-request-body-name: body
-  /api/v2/security_monitoring/signals:
-    get:
-      description: 'The list endpoint returns security signals that match a search
-        query.
-
-        Both this endpoint and the POST endpoint can be used interchangeably when
-        listing
-
-        security signals.'
-      operationId: ListSecurityMonitoringSignals
+  /api/v2/sensitive-data-scanner/config/groups/{group_id}:
+    delete:
+      description: Delete a given group.
+      operationId: DeleteScanningGroup
       parameters:
-      - description: The search query for security signals.
-        example: security:attack status:high
-        in: query
-        name: filter[query]
-        required: false
-        schema:
-          type: string
-      - description: The minimum timestamp for requested security signals.
-        example: '2019-01-02T09:42:36.320Z'
-        in: query
-        name: filter[from]
-        required: false
-        schema:
-          format: date-time
-          type: string
-      - description: The maximum timestamp for requested security signals.
-        example: '2019-01-03T09:42:36.320Z'
-        in: query
-        name: filter[to]
-        required: false
-        schema:
-          format: date-time
-          type: string
-      - description: The order of the security signals in results.
-        in: query
-        name: sort
-        required: false
-        schema:
-          $ref: '#/components/schemas/SecurityMonitoringSignalsSort'
-      - description: A list of results using the cursor provided in the previous query.
-        example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==
-        in: query
-        name: page[cursor]
-        required: false
-        schema:
-          type: string
-      - description: The maximum number of security signals in the response.
-        example: 25
-        in: query
-        name: page[limit]
-        required: false
-        schema:
-          default: 10
-          format: int32
-          maximum: 1000
-          type: integer
+      - $ref: '#/components/parameters/SensitiveDataScannerGroupID'
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SensitiveDataScannerGroupDeleteRequest'
+        required: true
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/SecurityMonitoringSignalsListResponse'
+                $ref: '#/components/schemas/SensitiveDataScannerGroupDeleteResponse'
           description: OK
         '400':
-          $ref: '#/components/responses/BadRequestResponse'
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Bad Request
         '403':
-          $ref: '#/components/responses/NotAuthorizedResponse'
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Authentication Error
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
-      security:
-      - apiKeyAuth: []
-        appKeyAuth: []
-      - AuthZ:
-        - security_monitoring_signals_read
-      summary: Get a quick list of security signals
+      summary: Delete Scanning Group
       tags:
-      - Security Monitoring
-      x-pagination:
-        cursorParam: page[cursor]
-        cursorPath: meta.page.after
-        limitParam: page[limit]
-        resultsPath: data
-  /api/v2/security_monitoring/signals/search:
-    post:
-      description: 'Returns security signals that match a search query.
+      - Sensitive Data Scanner
+      x-codegen-request-body-name: body
+    patch:
+      description: 'Update a group, including the order of the rules.
 
-        Both this endpoint and the GET endpoint can be used interchangeably for listing
+        Rules within the group are reordered by including a rules relationship. If
+        the rules
 
-        security signals.'
-      operationId: SearchSecurityMonitoringSignals
+        relationship is present, its data section MUST contain linkages for all of
+        the rules
+
+        currently in the group, and MUST NOT contain any others.'
+      operationId: UpdateScanningGroup
+      parameters:
+      - $ref: '#/components/parameters/SensitiveDataScannerGroupID'
       requestBody:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/SecurityMonitoringSignalListRequest'
-        required: false
+              $ref: '#/components/schemas/SensitiveDataScannerGroupUpdateRequest'
+        required: true
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/SecurityMonitoringSignalsListResponse'
+                $ref: '#/components/schemas/SensitiveDataScannerGroupUpdateResponse'
           description: OK
         '400':
-          $ref: '#/components/responses/BadRequestResponse'
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Bad Request
         '403':
-          $ref: '#/components/responses/NotAuthorizedResponse'
-        '429':
-          $ref: '#/components/responses/TooManyRequestsResponse'
-      security:
-      - apiKeyAuth: []
-        appKeyAuth: []
-      - AuthZ:
-        - security_monitoring_signals_read
-      summary: Get a list of security signals
-      tags:
-      - Security Monitoring
-      x-codegen-request-body-name: body
-      x-pagination:
-        cursorParam: body.page.cursor
-        cursorPath: meta.page.after
-        limitParam: body.page.limit
-        resultsPath: data
-  /api/v2/security_monitoring/signals/{signal_id}:
-    get:
-      description: Get a signal's details.
-      operationId: GetSecurityMonitoringSignal
-      parameters:
-      - $ref: '#/components/parameters/SignalID'
-      responses:
-        '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/SecurityMonitoringSignal'
-          description: OK
-        '404':
-          $ref: '#/components/responses/NotFoundResponse'
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Authentication Error
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
-      security:
-      - apiKeyAuth: []
-        appKeyAuth: []
-      - AuthZ:
-        - security_monitoring_signals_read
-      summary: Get a signal's details
+      summary: Update Scanning Group
       tags:
-      - Security Monitoring
-  /api/v2/security_monitoring/signals/{signal_id}/assignee:
-    patch:
-      description: Modify the triage assignee of a security signal.
-      operationId: EditSecurityMonitoringSignalAssignee
-      parameters:
-      - $ref: '#/components/parameters/SignalID'
+      - Sensitive Data Scanner
+      x-codegen-request-body-name: body
+  /api/v2/sensitive-data-scanner/config/rules:
+    post:
+      description: 'Create a scanning rule in a sensitive data scanner group, ordered
+        last.
+
+        The posted rule MUST include a group relationship.
+
+        It MUST include either a standard_pattern relationship or a regex attribute,
+        but not both.
+
+        If included_attributes is empty or missing, we will scan all attributes except
+
+        excluded_attributes. If both are missing, we will scan the whole event.'
+      operationId: CreateScanningRule
       requestBody:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/SecurityMonitoringSignalAssigneeUpdateRequest'
-        description: Attributes describing the signal update.
+              $ref: '#/components/schemas/SensitiveDataScannerRuleCreateRequest'
         required: true
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/SecurityMonitoringSignalTriageUpdateResponse'
+                $ref: '#/components/schemas/SensitiveDataScannerCreateRuleResponse'
           description: OK
         '400':
           content:
@@ -15486,38 +16683,31 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/APIErrorResponse'
-          description: Forbidden
-        '404':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/APIErrorResponse'
-          description: Not Found
+          description: Authentication Error
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
-      summary: Modify the triage assignee of a security signal
+      summary: Create Scanning Rule
       tags:
-      - Security Monitoring
+      - Sensitive Data Scanner
       x-codegen-request-body-name: body
-  /api/v2/security_monitoring/signals/{signal_id}/incidents:
-    patch:
-      description: Change the related incidents for a security signal.
-      operationId: EditSecurityMonitoringSignalIncidents
+  /api/v2/sensitive-data-scanner/config/rules/{rule_id}:
+    delete:
+      description: Delete a given rule.
+      operationId: DeleteScanningRule
       parameters:
-      - $ref: '#/components/parameters/SignalID'
+      - $ref: '#/components/parameters/SensitiveDataScannerRuleID'
       requestBody:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/SecurityMonitoringSignalIncidentsUpdateRequest'
-        description: Attributes describing the signal update.
+              $ref: '#/components/schemas/SensitiveDataScannerRuleDeleteRequest'
         required: true
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/SecurityMonitoringSignalTriageUpdateResponse'
+                $ref: '#/components/schemas/SensitiveDataScannerRuleDeleteResponse'
           description: OK
         '400':
           content:
@@ -15530,38 +16720,37 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/APIErrorResponse'
-          description: Forbidden
-        '404':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/APIErrorResponse'
-          description: Not Found
+          description: Authentication Error
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
-      summary: Change the related incidents of a security signal
+      summary: Delete Scanning Rule
       tags:
-      - Security Monitoring
+      - Sensitive Data Scanner
       x-codegen-request-body-name: body
-  /api/v2/security_monitoring/signals/{signal_id}/state:
     patch:
-      description: Change the triage state of a security signal.
-      operationId: EditSecurityMonitoringSignalState
+      description: 'Update a scanning rule.
+
+        The request body MUST NOT include a standard_pattern relationship, as that
+        relationship
+
+        is non-editable. Trying to edit the regex attribute of a rule with a standard_pattern
+
+        relationship will also result in an error.'
+      operationId: UpdateScanningRule
       parameters:
-      - $ref: '#/components/parameters/SignalID'
+      - $ref: '#/components/parameters/SensitiveDataScannerRuleID'
       requestBody:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/SecurityMonitoringSignalStateUpdateRequest'
-        description: Attributes describing the signal update.
+              $ref: '#/components/schemas/SensitiveDataScannerRuleUpdateRequest'
         required: true
       responses:
         '200':
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/SecurityMonitoringSignalTriageUpdateResponse'
+                $ref: '#/components/schemas/SensitiveDataScannerRuleUpdateResponse'
           description: OK
         '400':
           content:
@@ -15574,19 +16763,41 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/APIErrorResponse'
-          description: Forbidden
-        '404':
+          description: Authentication Error
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Update Scanning Rule
+      tags:
+      - Sensitive Data Scanner
+      x-codegen-request-body-name: body
+  /api/v2/sensitive-data-scanner/config/standard-patterns:
+    get:
+      description: Returns all standard patterns.
+      operationId: ListStandardPatterns
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SensitiveDataScannerStandardPatternsResponseData'
+          description: OK
+        '400':
           content:
             application/json:
               schema:
                 $ref: '#/components/schemas/APIErrorResponse'
-          description: Not Found
+          description: Bad Request
+        '403':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Authentication Error
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
-      summary: Change the triage state of a security signal
+      summary: List standard patterns
       tags:
-      - Security Monitoring
-      x-codegen-request-body-name: body
+      - Sensitive Data Scanner
   /api/v2/series:
     post:
       description: "The metrics end-point allows you to post time-series data that
@@ -16649,7 +17860,8 @@ paths:
           `online_archive`, `profiling`, `rum`, `rum_browser_sessions`, `rum_mobile_sessions`,
           `sds`, `snmp`,
 
-          `synthetics_api`, `synthetics_browser`, and `timeseries`.'
+          `synthetics_api`, `synthetics_browser`, `synthetics_parallel_testing`, and
+          `timeseries`.'
         in: query
         name: filter[product_families]
         required: true
@@ -17390,6 +18602,9 @@ tags:
 
     signals.'
   name: Security Monitoring
+- description: Create, update, delete, and retrieve sensitive data scanner groups
+    and rules.
+  name: Sensitive Data Scanner
 - description: Create, edit, and disable service accounts.
   name: Service Accounts
 - description: API to create, update, retrieve and delete service definitions.