datadog_api_client 2.48.0 → 2.49.0

data/.generator/schemas/v2/openapi.yaml

@@ -1023,6 +1023,13 @@ components:
       required: true
       schema:
         type: string
+    SecurityMonitoringCriticalAssetID:
+      description: The ID of the critical asset.
+      in: path
+      name: critical_asset_id
+      required: true
+      schema:
+        type: string
     SecurityMonitoringRuleID:
       description: The ID of the rule.
       in: path
@@ -1485,8 +1492,6 @@ components:
           $ref: '#/components/schemas/AWSAccountPartition'
         aws_regions:
           $ref: '#/components/schemas/AWSRegions'
-        ccm_config:
-          $ref: '#/components/schemas/AWSCCMConfig'
         logs_config:
           $ref: '#/components/schemas/AWSLogsConfig'
         metrics_config:
@@ -1552,8 +1557,6 @@ components:
           $ref: '#/components/schemas/AWSAccountPartition'
         aws_regions:
           $ref: '#/components/schemas/AWSRegions'
-        ccm_config:
-          $ref: '#/components/schemas/AWSCCMConfig'
         created_at:
           description: Timestamp of when the account integration was created.
           format: date-time
@@ -1627,8 +1630,6 @@ components:
           $ref: '#/components/schemas/AWSAccountPartition'
         aws_regions:
           $ref: '#/components/schemas/AWSRegions'
-        ccm_config:
-          $ref: '#/components/schemas/AWSCCMConfig'
         logs_config:
           $ref: '#/components/schemas/AWSLogsConfig'
         metrics_config:
@@ -1760,15 +1761,6 @@ components:
       required:
       - role_name
       type: object
-    AWSCCMConfig:
-      description: AWS Cloud Cost Management config.
-      properties:
-        data_export_configs:
-          description: List of data export configurations for Cost and Usage Reports.
-          items:
-            $ref: '#/components/schemas/DataExportConfig'
-          type: array
-      type: object
     AWSCredentials:
       description: The definition of `AWSCredentials` object.
       oneOf:
@@ -6677,8 +6669,11 @@ components:
       x-enum-varnames:
       - AZURE_SCAN_OPTIONS
     AzureStorageDestination:
-      description: The `azure_storage` destination forwards logs to an Azure Blob
+      description: 'The `azure_storage` destination forwards logs to an Azure Blob
         Storage container.
+
+
+        **Supported pipeline types:** logs'
       properties:
         blob_prefix:
           description: Optional prefix for blobs written to the container.
@@ -6709,6 +6704,8 @@ components:
       - inputs
       - container_name
       type: object
+      x-pipeline-types:
+      - logs
     AzureStorageDestinationType:
       default: azure_storage
       description: The destination type. The value should always be `azure_storage`.
@@ -7075,19 +7072,27 @@ components:
     BatchUpsertRowsRequestDataAttributes:
       description: Attributes containing row data values for row creation or update
         operations.
+      example:
+        values: {}
       properties:
         values:
           additionalProperties:
-            x-required-field: true
-          description: Key-value pairs representing row data, where keys are field
-            names from the schema.
-          example:
-            example_key_value: primary_key_value
-            name: row_name
+            $ref: '#/components/schemas/BatchUpsertRowsRequestDataAttributesValue'
+          description: Key-value pairs representing row data, where keys are schema
+            field names and values match the corresponding column types.
           type: object
       required:
       - values
       type: object
+    BatchUpsertRowsRequestDataAttributesValue:
+      description: Types allowed for Reference Table row values.
+      oneOf:
+      - example: row_name
+        type: string
+      - example: 25
+        format: int32
+        maximum: 2147483647
+        type: integer
     BillConfig:
       description: Bill config.
       properties:
@@ -16806,30 +16811,6 @@ components:
           example: canceled
           type: string
       type: object
-    DataExportConfig:
-      description: AWS Cost and Usage Report data export configuration.
-      properties:
-        bucket_name:
-          description: Name of the S3 bucket where the Cost and Usage Report is stored.
-          example: billing
-          type: string
-        bucket_region:
-          description: AWS region of the S3 bucket.
-          example: us-east-1
-          type: string
-        report_name:
-          description: Name of the Cost and Usage Report.
-          example: cost-and-usage-report
-          type: string
-        report_prefix:
-          description: S3 prefix where the Cost and Usage Report is stored.
-          example: reports
-          type: string
-        report_type:
-          description: Type of the Cost and Usage Report.
-          example: CUR2.0
-          type: string
-      type: object
     DataRelationshipsTeams:
       description: Associates teams with this schedule in a data structure.
       properties:
@@ -24015,6 +23996,13 @@ components:
             product for this service account. Note: This requires resource_collection_enabled
             to be set to true.'
           type: boolean
+        is_global_location_enabled:
+          default: true
+          description: When enabled, Datadog collects metrics where location is explicitly
+            stated as "global" or where location information cannot be deduced from
+            GCP labels.
+          example: true
+          type: boolean
         is_per_project_quota_enabled:
           default: false
           description: When enabled, Datadog applies the `X-Goog-User-Project` header,
@@ -24056,6 +24044,18 @@ components:
           items:
             $ref: '#/components/schemas/GCPMonitoredResourceConfig'
           type: array
+        region_filter_configs:
+          description: Configurations for GCP location filtering, such as region,
+            multi-region, or zone. Only monitored resources that match the specified
+            regions are imported into Datadog. By default, Datadog collects from all
+            locations.
+          example:
+          - nam4
+          - europe-north1
+          items:
+            description: Region Filter Configs
+            type: string
+          type: array
         resource_collection_enabled:
           description: When enabled, Datadog scans for all resources in your GCP environment.
           type: boolean
@@ -30917,6 +30917,19 @@ components:
           example: /api/v2/scorecard/rules?page%5Blimit%5D=2&page%5Boffset%5D=2&page%5Bsize%5D=2
           type: string
       type: object
+    ListSecurityFindingsResponse:
+      description: The expected response schema when listing security findings.
+      properties:
+        data:
+          description: Array of security findings matching the search query.
+          items:
+            $ref: '#/components/schemas/SecurityFindingsData'
+          type: array
+        links:
+          $ref: '#/components/schemas/SecurityFindingsLinks'
+        meta:
+          $ref: '#/components/schemas/SecurityFindingsMeta'
+      type: object
     ListTagsResponse:
       description: List tags response.
       properties:
@@ -33607,8 +33620,11 @@ components:
       - query
       type: object
     MicrosoftSentinelDestination:
-      description: The `microsoft_sentinel` destination forwards logs to Microsoft
+      description: 'The `microsoft_sentinel` destination forwards logs to Microsoft
         Sentinel.
+
+
+        **Supported pipeline types:** logs'
       properties:
         client_id:
           description: Azure AD client ID used for authentication.
@@ -33649,6 +33665,8 @@ components:
       - dcr_immutable_id
       - table
       type: object
+      x-pipeline-types:
+      - logs
     MicrosoftSentinelDestinationType:
       default: microsoft_sentinel
       description: The destination type. The value should always be `microsoft_sentinel`.
@@ -35353,13 +35371,16 @@ components:
       - data
       type: object
     ObservabilityPipelineAddEnvVarsProcessor:
-      description: The `add_env_vars` processor adds environment variable values to
-        log events.
+      description: 'The `add_env_vars` processor adds environment variable values
+        to log events.
+
+
+        **Supported pipeline types:** logs'
       properties:
         display_name:
           $ref: '#/components/schemas/ObservabilityPipelineComponentDisplayName'
         enabled:
-          description: Whether this processor is enabled.
+          description: Indicates whether the processor is enabled.
           example: true
           type: boolean
         id:
@@ -35386,6 +35407,8 @@ components:
       - variables
       - enabled
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineAddEnvVarsProcessorType:
       default: add_env_vars
       description: The processor type. The value should always be `add_env_vars`.
@@ -35411,12 +35434,15 @@ components:
       - name
       type: object
     ObservabilityPipelineAddFieldsProcessor:
-      description: The `add_fields` processor adds static key-value fields to logs.
+      description: 'The `add_fields` processor adds static key-value fields to logs.
+
+
+        **Supported pipeline types:** logs'
       properties:
         display_name:
           $ref: '#/components/schemas/ObservabilityPipelineComponentDisplayName'
         enabled:
-          description: Whether this processor is enabled.
+          description: Indicates whether the processor is enabled.
           example: true
           type: boolean
         fields:
@@ -35426,8 +35452,8 @@ components:
             $ref: '#/components/schemas/ObservabilityPipelineFieldValue'
           type: array
         id:
-          description: The unique identifier for this component. Used to reference
-            this component in other parts of the pipeline (for example, as the `input`
+          description: The unique identifier for this component. Used in other parts
+            of the pipeline to reference this component (for example, as the `input`
             to downstream components).
           example: add-fields-processor
           type: string
@@ -35445,6 +35471,8 @@ components:
       - fields
       - enabled
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineAddFieldsProcessorType:
       default: add_fields
       description: The processor type. The value should always be `add_fields`.
@@ -35454,15 +35482,60 @@ components:
       type: string
       x-enum-varnames:
       - ADD_FIELDS
+    ObservabilityPipelineAddHostnameProcessor:
+      description: 'The `add_hostname` processor adds the hostname to log events.
+
+
+        **Supported pipeline types:** logs'
+      properties:
+        display_name:
+          $ref: '#/components/schemas/ObservabilityPipelineComponentDisplayName'
+        enabled:
+          description: Indicates whether the processor is enabled.
+          example: true
+          type: boolean
+        id:
+          description: The unique identifier for this component. Used in other parts
+            of the pipeline to reference this component (for example, as the `input`
+            to downstream components).
+          example: add-hostname-processor
+          type: string
+        include:
+          description: A Datadog search query used to determine which logs this processor
+            targets.
+          example: service:my-service
+          type: string
+        type:
+          $ref: '#/components/schemas/ObservabilityPipelineAddHostnameProcessorType'
+      required:
+      - id
+      - type
+      - include
+      - enabled
+      type: object
+      x-pipeline-types:
+      - logs
+    ObservabilityPipelineAddHostnameProcessorType:
+      default: add_hostname
+      description: The processor type. The value should always be `add_hostname`.
+      enum:
+      - add_hostname
+      example: add_hostname
+      type: string
+      x-enum-varnames:
+      - ADD_HOSTNAME
     ObservabilityPipelineAmazonDataFirehoseSource:
-      description: The `amazon_data_firehose` source ingests logs from AWS Data Firehose.
+      description: 'The `amazon_data_firehose` source ingests logs from AWS Data Firehose.
+
+
+        **Supported pipeline types:** logs'
       properties:
         auth:
           $ref: '#/components/schemas/ObservabilityPipelineAwsAuth'
         id:
-          description: The unique identifier for this component. Used to reference
-            this component in other parts of the pipeline (e.g., as input to downstream
-            components).
+          description: The unique identifier for this component. Used in other parts
+            of the pipeline to reference this component (for example, as the `input`
+            to downstream components).
           example: amazon-firehose-source
           type: string
         tls:
@@ -35473,6 +35546,8 @@ components:
       - id
       - type
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineAmazonDataFirehoseSourceType:
       default: amazon_data_firehose
       description: The source type. The value should always be `amazon_data_firehose`.
@@ -35483,7 +35558,10 @@ components:
       x-enum-varnames:
       - AMAZON_DATA_FIREHOSE
     ObservabilityPipelineAmazonOpenSearchDestination:
-      description: The `amazon_opensearch` destination writes logs to Amazon OpenSearch.
+      description: 'The `amazon_opensearch` destination writes logs to Amazon OpenSearch.
+
+
+        **Supported pipeline types:** logs'
       properties:
         auth:
           $ref: '#/components/schemas/ObservabilityPipelineAmazonOpenSearchDestinationAuth'
@@ -35511,6 +35589,8 @@ components:
       - inputs
       - auth
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineAmazonOpenSearchDestinationAuth:
       description: 'Authentication settings for the Amazon OpenSearch destination.
 
@@ -35554,8 +35634,11 @@ components:
       x-enum-varnames:
       - AMAZON_OPENSEARCH
     ObservabilityPipelineAmazonS3Destination:
-      description: The `amazon_s3` destination sends your logs in Datadog-rehydratable
+      description: 'The `amazon_s3` destination sends your logs in Datadog-rehydratable
         format to an Amazon S3 bucket for archiving.
+
+
+        **Supported pipeline types:** logs'
       properties:
         auth:
           $ref: '#/components/schemas/ObservabilityPipelineAwsAuth'
@@ -35596,6 +35679,8 @@ components:
       - region
       - storage_class
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineAmazonS3DestinationStorageClass:
       description: S3 storage class.
       enum:
@@ -35632,14 +35717,17 @@ components:
     ObservabilityPipelineAmazonS3Source:
       description: 'The `amazon_s3` source ingests logs from an Amazon S3 bucket.
 
-        It supports AWS authentication and TLS encryption.'
+        It supports AWS authentication and TLS encryption.
+
+
+        **Supported pipeline types:** logs'
       properties:
         auth:
           $ref: '#/components/schemas/ObservabilityPipelineAwsAuth'
         id:
-          description: The unique identifier for this component. Used to reference
-            this component in other parts of the pipeline (e.g., as input to downstream
-            components).
+          description: The unique identifier for this component. Used in other parts
+            of the pipeline to reference this component (for example, as the `input`
+            to downstream components).
           example: aws-s3-source
           type: string
         region:
@@ -35655,6 +35743,8 @@ components:
       - type
       - region
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineAmazonS3SourceType:
       default: amazon_s3
       description: The source type. Always `amazon_s3`.
@@ -35665,8 +35755,11 @@ components:
       x-enum-varnames:
       - AMAZON_S3
     ObservabilityPipelineAmazonSecurityLakeDestination:
-      description: The `amazon_security_lake` destination sends your logs to Amazon
+      description: 'The `amazon_security_lake` destination sends your logs to Amazon
         Security Lake.
+
+
+        **Supported pipeline types:** logs'
       properties:
         auth:
           $ref: '#/components/schemas/ObservabilityPipelineAwsAuth'
@@ -35706,6 +35799,8 @@ components:
       - region
       - custom_source_name
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineAmazonSecurityLakeDestinationType:
       default: amazon_security_lake
       description: The destination type. Always `amazon_security_lake`.
@@ -35731,6 +35826,42 @@ components:
             role session.
           type: string
       type: object
+    ObservabilityPipelineCloudPremDestination:
+      description: 'The `cloud_prem` destination sends logs to Datadog CloudPrem.
+
+
+        **Supported pipeline types:** logs'
+      properties:
+        id:
+          description: The unique identifier for this component.
+          example: cloud-prem-destination
+          type: string
+        inputs:
+          description: A list of component IDs whose output is used as the `input`
+            for this component.
+          example:
+          - filter-processor
+          items:
+            type: string
+          type: array
+        type:
+          $ref: '#/components/schemas/ObservabilityPipelineCloudPremDestinationType'
+      required:
+      - id
+      - type
+      - inputs
+      type: object
+      x-pipeline-types:
+      - logs
+    ObservabilityPipelineCloudPremDestinationType:
+      default: cloud_prem
+      description: The destination type. The value should always be `cloud_prem`.
+      enum:
+      - cloud_prem
+      example: cloud_prem
+      type: string
+      x-enum-varnames:
+      - CLOUD_PREM
     ObservabilityPipelineComponentDisplayName:
       description: The display name for a component.
       example: my component
@@ -35744,12 +35875,14 @@ components:
           example:
           - id: datadog-logs-destination
             inputs:
-            - filter-processor
+            - my-processor-group
             type: datadog_logs
           items:
             $ref: '#/components/schemas/ObservabilityPipelineConfigDestinationItem'
           type: array
-        processors:
+        pipeline_type:
+          $ref: '#/components/schemas/ObservabilityPipelineConfigPipelineType'
+        processor_groups:
           description: A list of processor groups that transform or enrich log data.
           example:
           - enabled: true
@@ -35770,6 +35903,17 @@ components:
           items:
             $ref: '#/components/schemas/ObservabilityPipelineConfigProcessorGroup'
           type: array
+        processors:
+          deprecated: true
+          description: 'A list of processor groups that transform or enrich log data.
+
+
+            **Deprecated:** This field is deprecated, you should now use the processor_groups
+            field.'
+          example: []
+          items:
+            $ref: '#/components/schemas/ObservabilityPipelineConfigProcessorGroup'
+          type: array
         sources:
           description: A list of configured data sources for the pipeline.
           example:
@@ -35785,25 +35929,40 @@ components:
     ObservabilityPipelineConfigDestinationItem:
       description: A destination for the pipeline.
       oneOf:
-      - $ref: '#/components/schemas/ObservabilityPipelineDatadogLogsDestination'
+      - $ref: '#/components/schemas/ObservabilityPipelineHttpClientDestination'
+      - $ref: '#/components/schemas/ObservabilityPipelineAmazonOpenSearchDestination'
       - $ref: '#/components/schemas/ObservabilityPipelineAmazonS3Destination'
-      - $ref: '#/components/schemas/ObservabilityPipelineGoogleCloudStorageDestination'
-      - $ref: '#/components/schemas/ObservabilityPipelineSplunkHecDestination'
-      - $ref: '#/components/schemas/ObservabilityPipelineSumoLogicDestination'
-      - $ref: '#/components/schemas/ObservabilityPipelineElasticsearchDestination'
-      - $ref: '#/components/schemas/ObservabilityPipelineRsyslogDestination'
-      - $ref: '#/components/schemas/ObservabilityPipelineSyslogNgDestination'
+      - $ref: '#/components/schemas/ObservabilityPipelineAmazonSecurityLakeDestination'
       - $ref: '#/components/schemas/AzureStorageDestination'
-      - $ref: '#/components/schemas/MicrosoftSentinelDestination'
+      - $ref: '#/components/schemas/ObservabilityPipelineCloudPremDestination'
+      - $ref: '#/components/schemas/ObservabilityPipelineCrowdStrikeNextGenSiemDestination'
+      - $ref: '#/components/schemas/ObservabilityPipelineDatadogLogsDestination'
+      - $ref: '#/components/schemas/ObservabilityPipelineElasticsearchDestination'
       - $ref: '#/components/schemas/ObservabilityPipelineGoogleChronicleDestination'
+      - $ref: '#/components/schemas/ObservabilityPipelineGoogleCloudStorageDestination'
+      - $ref: '#/components/schemas/ObservabilityPipelineGooglePubSubDestination'
+      - $ref: '#/components/schemas/ObservabilityPipelineKafkaDestination'
+      - $ref: '#/components/schemas/MicrosoftSentinelDestination'
       - $ref: '#/components/schemas/ObservabilityPipelineNewRelicDestination'
-      - $ref: '#/components/schemas/ObservabilityPipelineSentinelOneDestination'
       - $ref: '#/components/schemas/ObservabilityPipelineOpenSearchDestination'
-      - $ref: '#/components/schemas/ObservabilityPipelineAmazonOpenSearchDestination'
+      - $ref: '#/components/schemas/ObservabilityPipelineRsyslogDestination'
+      - $ref: '#/components/schemas/ObservabilityPipelineSentinelOneDestination'
       - $ref: '#/components/schemas/ObservabilityPipelineSocketDestination'
-      - $ref: '#/components/schemas/ObservabilityPipelineAmazonSecurityLakeDestination'
-      - $ref: '#/components/schemas/ObservabilityPipelineCrowdStrikeNextGenSiemDestination'
-      - $ref: '#/components/schemas/ObservabilityPipelineGooglePubSubDestination'
+      - $ref: '#/components/schemas/ObservabilityPipelineSplunkHecDestination'
+      - $ref: '#/components/schemas/ObservabilityPipelineSumoLogicDestination'
+      - $ref: '#/components/schemas/ObservabilityPipelineSyslogNgDestination'
+      - $ref: '#/components/schemas/ObservabilityPipelineDatadogMetricsDestination'
+    ObservabilityPipelineConfigPipelineType:
+      default: logs
+      description: The type of data being ingested. Defaults to `logs` if not specified.
+      enum:
+      - logs
+      - metrics
+      example: logs
+      type: string
+      x-enum-varnames:
+      - LOGS
+      - METRICS
     ObservabilityPipelineConfigProcessorGroup:
       description: A group of processors.
       example:
@@ -35877,45 +36036,53 @@ components:
       description: A processor for the pipeline.
       oneOf:
       - $ref: '#/components/schemas/ObservabilityPipelineFilterProcessor'
+      - $ref: '#/components/schemas/ObservabilityPipelineAddEnvVarsProcessor'
+      - $ref: '#/components/schemas/ObservabilityPipelineAddFieldsProcessor'
+      - $ref: '#/components/schemas/ObservabilityPipelineAddHostnameProcessor'
+      - $ref: '#/components/schemas/ObservabilityPipelineCustomProcessor'
+      - $ref: '#/components/schemas/ObservabilityPipelineDatadogTagsProcessor'
+      - $ref: '#/components/schemas/ObservabilityPipelineDedupeProcessor'
+      - $ref: '#/components/schemas/ObservabilityPipelineEnrichmentTableProcessor'
+      - $ref: '#/components/schemas/ObservabilityPipelineGenerateMetricsProcessor'
+      - $ref: '#/components/schemas/ObservabilityPipelineOcsfMapperProcessor'
+      - $ref: '#/components/schemas/ObservabilityPipelineParseGrokProcessor'
       - $ref: '#/components/schemas/ObservabilityPipelineParseJSONProcessor'
+      - $ref: '#/components/schemas/ObservabilityPipelineParseXMLProcessor'
       - $ref: '#/components/schemas/ObservabilityPipelineQuotaProcessor'
-      - $ref: '#/components/schemas/ObservabilityPipelineAddFieldsProcessor'
+      - $ref: '#/components/schemas/ObservabilityPipelineReduceProcessor'
       - $ref: '#/components/schemas/ObservabilityPipelineRemoveFieldsProcessor'
       - $ref: '#/components/schemas/ObservabilityPipelineRenameFieldsProcessor'
-      - $ref: '#/components/schemas/ObservabilityPipelineGenerateMetricsProcessor'
       - $ref: '#/components/schemas/ObservabilityPipelineSampleProcessor'
-      - $ref: '#/components/schemas/ObservabilityPipelineParseGrokProcessor'
       - $ref: '#/components/schemas/ObservabilityPipelineSensitiveDataScannerProcessor'
-      - $ref: '#/components/schemas/ObservabilityPipelineOcsfMapperProcessor'
-      - $ref: '#/components/schemas/ObservabilityPipelineAddEnvVarsProcessor'
-      - $ref: '#/components/schemas/ObservabilityPipelineDedupeProcessor'
-      - $ref: '#/components/schemas/ObservabilityPipelineEnrichmentTableProcessor'
-      - $ref: '#/components/schemas/ObservabilityPipelineReduceProcessor'
+      - $ref: '#/components/schemas/ObservabilityPipelineSplitArrayProcessor'
       - $ref: '#/components/schemas/ObservabilityPipelineThrottleProcessor'
-      - $ref: '#/components/schemas/ObservabilityPipelineCustomProcessor'
-      - $ref: '#/components/schemas/ObservabilityPipelineDatadogTagsProcessor'
+      - $ref: '#/components/schemas/ObservabilityPipelineMetricTagsProcessor'
     ObservabilityPipelineConfigSourceItem:
       description: A data source for the pipeline.
       oneOf:
-      - $ref: '#/components/schemas/ObservabilityPipelineKafkaSource'
       - $ref: '#/components/schemas/ObservabilityPipelineDatadogAgentSource'
-      - $ref: '#/components/schemas/ObservabilityPipelineSplunkTcpSource'
-      - $ref: '#/components/schemas/ObservabilityPipelineSplunkHecSource'
+      - $ref: '#/components/schemas/ObservabilityPipelineAmazonDataFirehoseSource'
       - $ref: '#/components/schemas/ObservabilityPipelineAmazonS3Source'
-      - $ref: '#/components/schemas/ObservabilityPipelineFluentdSource'
       - $ref: '#/components/schemas/ObservabilityPipelineFluentBitSource'
-      - $ref: '#/components/schemas/ObservabilityPipelineHttpServerSource'
-      - $ref: '#/components/schemas/ObservabilityPipelineSumoLogicSource'
-      - $ref: '#/components/schemas/ObservabilityPipelineRsyslogSource'
-      - $ref: '#/components/schemas/ObservabilityPipelineSyslogNgSource'
-      - $ref: '#/components/schemas/ObservabilityPipelineAmazonDataFirehoseSource'
+      - $ref: '#/components/schemas/ObservabilityPipelineFluentdSource'
       - $ref: '#/components/schemas/ObservabilityPipelineGooglePubSubSource'
       - $ref: '#/components/schemas/ObservabilityPipelineHttpClientSource'
+      - $ref: '#/components/schemas/ObservabilityPipelineHttpServerSource'
+      - $ref: '#/components/schemas/ObservabilityPipelineKafkaSource'
       - $ref: '#/components/schemas/ObservabilityPipelineLogstashSource'
+      - $ref: '#/components/schemas/ObservabilityPipelineRsyslogSource'
       - $ref: '#/components/schemas/ObservabilityPipelineSocketSource'
+      - $ref: '#/components/schemas/ObservabilityPipelineSplunkHecSource'
+      - $ref: '#/components/schemas/ObservabilityPipelineSplunkTcpSource'
+      - $ref: '#/components/schemas/ObservabilityPipelineSumoLogicSource'
+      - $ref: '#/components/schemas/ObservabilityPipelineSyslogNgSource'
+      - $ref: '#/components/schemas/ObservabilityPipelineOpentelemetrySource'
     ObservabilityPipelineCrowdStrikeNextGenSiemDestination:
-      description: The `crowdstrike_next_gen_siem` destination forwards logs to CrowdStrike
+      description: 'The `crowdstrike_next_gen_siem` destination forwards logs to CrowdStrike
         Next Gen SIEM.
+
+
+        **Supported pipeline types:** logs'
       properties:
         compression:
           $ref: '#/components/schemas/ObservabilityPipelineCrowdStrikeNextGenSiemDestinationCompression'
@@ -35943,6 +36110,8 @@ components:
       - inputs
       - encoding
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineCrowdStrikeNextGenSiemDestinationCompression:
       description: Compression configuration for log events.
       properties:
@@ -35986,14 +36155,17 @@ components:
       x-enum-varnames:
       - CROWDSTRIKE_NEXT_GEN_SIEM
     ObservabilityPipelineCustomProcessor:
-      description: The `custom_processor` processor transforms events using [Vector
+      description: 'The `custom_processor` processor transforms events using [Vector
         Remap Language (VRL)](https://vector.dev/docs/reference/vrl/) scripts with
         advanced filtering capabilities.
+
+
+        **Supported pipeline types:** logs'
       properties:
         display_name:
           $ref: '#/components/schemas/ObservabilityPipelineComponentDisplayName'
         enabled:
-          description: Whether this processor is enabled.
+          description: Indicates whether the processor is enabled.
           example: true
           type: boolean
         id:
@@ -36022,6 +36194,8 @@ components:
       - remaps
       - enabled
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineCustomProcessorRemap:
       description: Defines a single VRL remap rule with its own filtering and transformation
         logic.
@@ -36097,12 +36271,16 @@ components:
       - config
       type: object
     ObservabilityPipelineDatadogAgentSource:
-      description: The `datadog_agent` source collects logs from the Datadog Agent.
+      description: 'The `datadog_agent` source collects logs/metrics from the Datadog
+        Agent.
+
+
+        **Supported pipeline types:** logs, metrics'
       properties:
         id:
-          description: The unique identifier for this component. Used to reference
-            this component in other parts of the pipeline (e.g., as input to downstream
-            components).
+          description: The unique identifier for this component. Used in other parts
+            of the pipeline to reference this component (for example, as the `input`
+            to downstream components).
           example: datadog-agent-source
           type: string
         tls:
@@ -36113,6 +36291,9 @@ components:
       - id
       - type
       type: object
+      x-pipeline-types:
+      - logs
+      - metrics
     ObservabilityPipelineDatadogAgentSourceType:
       default: datadog_agent
       description: The source type. The value should always be `datadog_agent`.
@@ -36123,7 +36304,10 @@ components:
       x-enum-varnames:
       - DATADOG_AGENT
     ObservabilityPipelineDatadogLogsDestination:
-      description: The `datadog_logs` destination forwards logs to Datadog Log Management.
+      description: 'The `datadog_logs` destination forwards logs to Datadog Log Management.
+
+
+        **Supported pipeline types:** logs'
       properties:
         id:
           description: The unique identifier for this component.
@@ -36144,6 +36328,8 @@ components:
       - type
       - inputs
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineDatadogLogsDestinationType:
       default: datadog_logs
       description: The destination type. The value should always be `datadog_logs`.
@@ -36153,21 +36339,60 @@ components:
       type: string
       x-enum-varnames:
       - DATADOG_LOGS
+    ObservabilityPipelineDatadogMetricsDestination:
+      description: 'The `datadog_metrics` destination forwards metrics to Datadog.
+
+
+        **Supported pipeline types:** metrics'
+      properties:
+        id:
+          description: The unique identifier for this component.
+          example: datadog-metrics-destination
+          type: string
+        inputs:
+          description: A list of component IDs whose output is used as the input for
+            this component.
+          example:
+          - metric-tags-processor
+          items:
+            type: string
+          type: array
+        type:
+          $ref: '#/components/schemas/ObservabilityPipelineDatadogMetricsDestinationType'
+      required:
+      - id
+      - type
+      - inputs
+      type: object
+      x-pipeline-types:
+      - metrics
+    ObservabilityPipelineDatadogMetricsDestinationType:
+      default: datadog_metrics
+      description: The destination type. The value should always be `datadog_metrics`.
+      enum:
+      - datadog_metrics
+      example: datadog_metrics
+      type: string
+      x-enum-varnames:
+      - DATADOG_METRICS
     ObservabilityPipelineDatadogTagsProcessor:
-      description: The `datadog_tags` processor includes or excludes specific Datadog
+      description: 'The `datadog_tags` processor includes or excludes specific Datadog
         tags in your logs.
+
+
+        **Supported pipeline types:** logs'
       properties:
         action:
           $ref: '#/components/schemas/ObservabilityPipelineDatadogTagsProcessorAction'
         display_name:
           $ref: '#/components/schemas/ObservabilityPipelineComponentDisplayName'
         enabled:
-          description: Whether this processor is enabled.
+          description: Indicates whether the processor is enabled.
           example: true
           type: boolean
         id:
-          description: The unique identifier for this component. Used to reference
-            this component in other parts of the pipeline (for example, as the `input`
+          description: The unique identifier for this component. Used in other parts
+            of the pipeline to reference this component (for example, as the `input`
             to downstream components).
           example: datadog-tags-processor
           type: string
@@ -36198,6 +36423,8 @@ components:
       - keys
       - enabled
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineDatadogTagsProcessorAction:
       description: The action to take on tags with matching keys.
       enum:
@@ -36240,12 +36467,15 @@ components:
       - DECODE_JSON
       - DECODE_SYSLOG
     ObservabilityPipelineDedupeProcessor:
-      description: The `dedupe` processor removes duplicate fields in log events.
+      description: 'The `dedupe` processor removes duplicate fields in log events.
+
+
+        **Supported pipeline types:** logs'
       properties:
         display_name:
           $ref: '#/components/schemas/ObservabilityPipelineComponentDisplayName'
         enabled:
-          description: Whether this processor is enabled.
+          description: Indicates whether the processor is enabled.
           example: true
           type: boolean
         fields:
@@ -36277,6 +36507,8 @@ components:
       - mode
       - enabled
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineDedupeProcessorMode:
       description: The deduplication mode to apply to the fields.
       enum:
@@ -36297,8 +36529,11 @@ components:
       x-enum-varnames:
       - DEDUPE
     ObservabilityPipelineElasticsearchDestination:
-      description: The `elasticsearch` destination writes logs to an Elasticsearch
+      description: 'The `elasticsearch` destination writes logs to an Elasticsearch
         cluster.
+
+
+        **Supported pipeline types:** logs'
       properties:
         api_version:
           $ref: '#/components/schemas/ObservabilityPipelineElasticsearchDestinationApiVersion'
@@ -36306,6 +36541,8 @@ components:
           description: The index to write logs to in Elasticsearch.
           example: logs-index
           type: string
+        data_stream:
+          $ref: '#/components/schemas/ObservabilityPipelineElasticsearchDestinationDataStream'
         id:
           description: The unique identifier for this component.
           example: elasticsearch-destination
@@ -36325,6 +36562,8 @@ components:
       - type
       - inputs
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineElasticsearchDestinationApiVersion:
       description: The Elasticsearch API version to use. Set to `auto` to auto-detect.
       enum:
@@ -36339,6 +36578,23 @@ components:
       - V6
       - V7
       - V8
+    ObservabilityPipelineElasticsearchDestinationDataStream:
+      description: Configuration options for writing to Elasticsearch Data Streams
+        instead of a fixed index.
+      properties:
+        dataset:
+          description: The data stream dataset for your logs. This groups logs by
+            their source or application.
+          type: string
+        dtype:
+          description: The data stream type for your logs. This determines how logs
+            are categorized within the data stream.
+          type: string
+        namespace:
+          description: The data stream namespace for your logs. This separates logs
+            into different environments or domains.
+          type: string
+      type: object
     ObservabilityPipelineElasticsearchDestinationType:
       default: elasticsearch
       description: The destination type. The value should always be `elasticsearch`.
@@ -36478,13 +36734,17 @@ components:
       - path
       type: object
     ObservabilityPipelineEnrichmentTableProcessor:
-      description: The `enrichment_table` processor enriches logs using a static CSV
-        file or GeoIP database.
+      description: 'The `enrichment_table` processor enriches logs using a static
+        CSV file, GeoIP database, or reference table. Exactly one of `file`, `geoip`,
+        or `reference_table` must be configured.
+
+
+        **Supported pipeline types:** logs'
       properties:
         display_name:
           $ref: '#/components/schemas/ObservabilityPipelineComponentDisplayName'
         enabled:
-          description: Whether this processor is enabled.
+          description: Indicates whether the processor is enabled.
           example: true
           type: boolean
         file:
@@ -36500,6 +36760,8 @@ components:
             targets.
           example: source:my-source
           type: string
+        reference_table:
+          $ref: '#/components/schemas/ObservabilityPipelineEnrichmentTableReferenceTable'
         target:
           description: Path where enrichment results should be stored in the log.
           example: enriched.geoip
@@ -36513,6 +36775,8 @@ components:
       - target
       - enabled
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineEnrichmentTableProcessorType:
       default: enrichment_table
       description: The processor type. The value should always be `enrichment_table`.
@@ -36522,6 +36786,28 @@ components:
       type: string
       x-enum-varnames:
       - ENRICHMENT_TABLE
+    ObservabilityPipelineEnrichmentTableReferenceTable:
+      description: Uses a Datadog reference table to enrich logs.
+      properties:
+        columns:
+          description: List of column names to include from the reference table. If
+            not provided, all columns are included.
+          items:
+            type: string
+          type: array
+        key_field:
+          description: Path to the field in the log event to match against the reference
+            table.
+          example: log.user.id
+          type: string
+        table_id:
+          description: The unique identifier of the reference table.
+          example: 550e8400-e29b-41d4-a716-446655440000
+          type: string
+      required:
+      - key_field
+      - table_id
+      type: object
     ObservabilityPipelineFieldValue:
       description: Represents a static key-value pair used in various processors.
       properties:
@@ -36538,26 +36824,29 @@ components:
       - value
       type: object
     ObservabilityPipelineFilterProcessor:
-      description: The `filter` processor allows conditional processing of logs based
-        on a Datadog search query. Logs that match the `include` query are passed
-        through; others are discarded.
+      description: 'The `filter` processor allows conditional processing of logs/metrics
+        based on a Datadog search query. Logs/metrics that match the `include` query
+        are passed through; others are discarded.
+
+
+        **Supported pipeline types:** logs, metrics'
       properties:
         display_name:
           $ref: '#/components/schemas/ObservabilityPipelineComponentDisplayName'
         enabled:
-          description: Whether this processor is enabled.
+          description: Indicates whether the processor is enabled.
           example: true
           type: boolean
         id:
-          description: The unique identifier for this component. Used to reference
-            this component in other parts of the pipeline (for example, as the `input`
+          description: The unique identifier for this component. Used in other parts
+            of the pipeline to reference this component (for example, as the `input`
             to downstream components).
           example: filter-processor
           type: string
         include:
-          description: A Datadog search query used to determine which logs should
-            pass through the filter. Logs that match this query continue to downstream
-            components; others are dropped.
+          description: A Datadog search query used to determine which logs/metrics
+            should pass through the filter. Logs/metrics that match this query continue
+            to downstream components; others are dropped.
           example: service:my-service
           type: string
         type:
@@ -36568,6 +36857,9 @@ components:
       - include
       - enabled
       type: object
+      x-pipeline-types:
+      - logs
+      - metrics
     ObservabilityPipelineFilterProcessorType:
       default: filter
       description: The processor type. The value should always be `filter`.
@@ -36578,11 +36870,14 @@ components:
       x-enum-varnames:
       - FILTER
     ObservabilityPipelineFluentBitSource:
-      description: The `fluent_bit` source ingests logs from Fluent Bit.
+      description: 'The `fluent_bit` source ingests logs from Fluent Bit.
+
+
+        **Supported pipeline types:** logs'
       properties:
         id:
-          description: The unique identifier for this component. Used to reference
-            this component in other parts of the pipeline (for example, as the `input`
+          description: The unique identifier for this component. Used in other parts
+            of the pipeline to reference this component (for example, as the `input`
             to downstream components).
           example: fluent-source
           type: string
@@ -36594,6 +36889,8 @@ components:
       - id
       - type
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineFluentBitSourceType:
       default: fluent_bit
       description: The source type. The value should always be `fluent_bit`.
@@ -36604,11 +36901,14 @@ components:
       x-enum-varnames:
       - FLUENT_BIT
     ObservabilityPipelineFluentdSource:
-      description: The `fluentd` source ingests logs from a Fluentd-compatible service.
+      description: 'The `fluentd` source ingests logs from a Fluentd-compatible service.
+
+
+        **Supported pipeline types:** logs'
       properties:
         id:
-          description: The unique identifier for this component. Used to reference
-            this component in other parts of the pipeline (for example, as the `input`
+          description: The unique identifier for this component. Used in other parts
+            of the pipeline to reference this component (for example, as the `input`
             to downstream components).
           example: fluent-source
           type: string
@@ -36620,6 +36920,8 @@ components:
       - id
       - type
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineFluentdSourceType:
       default: fluentd
       description: The source type. The value should always be `fluentd.
@@ -36644,12 +36946,15 @@ components:
         from logs and sends them to Datadog.
 
         Metrics can be counters, gauges, or distributions and optionally grouped by
-        log fields.'
+        log fields.
+
+
+        **Supported pipeline types:** logs'
       properties:
         display_name:
           $ref: '#/components/schemas/ObservabilityPipelineComponentDisplayName'
         enabled:
-          description: Whether this processor is enabled.
+          description: Indicates whether the processor is enabled.
           example: true
           type: boolean
         id:
@@ -36674,6 +36979,8 @@ components:
       - type
       - enabled
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineGenerateMetricsProcessorType:
       default: generate_datadog_metrics
       description: The processor type. Always `generate_datadog_metrics`.
@@ -36768,7 +37075,10 @@ components:
       - GAUGE
       - DISTRIBUTION
     ObservabilityPipelineGoogleChronicleDestination:
-      description: The `google_chronicle` destination sends logs to Google Chronicle.
+      description: 'The `google_chronicle` destination sends logs to Google Chronicle.
+
+
+        **Supported pipeline types:** logs'
       properties:
         auth:
           $ref: '#/components/schemas/ObservabilityPipelineGcpAuth'
@@ -36802,6 +37112,8 @@ components:
       - inputs
       - customer_id
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineGoogleChronicleDestinationEncoding:
       description: The encoding format for the logs sent to Chronicle.
       enum:
@@ -36825,7 +37137,10 @@ components:
       description: 'The `google_cloud_storage` destination stores logs in a Google
         Cloud Storage (GCS) bucket.
 
-        It requires a bucket name, GCP authentication, and metadata fields.'
+        It requires a bucket name, GCP authentication, and metadata fields.
+
+
+        **Supported pipeline types:** logs'
       properties:
         acl:
           $ref: '#/components/schemas/ObservabilityPipelineGoogleCloudStorageDestinationAcl'
@@ -36867,6 +37182,8 @@ components:
       - bucket
       - storage_class
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineGoogleCloudStorageDestinationAcl:
       description: Access control list setting for objects written to the bucket.
       enum:
@@ -36909,8 +37226,11 @@ components:
       x-enum-varnames:
       - GOOGLE_CLOUD_STORAGE
     ObservabilityPipelineGooglePubSubDestination:
-      description: The `google_pubsub` destination publishes logs to a Google Cloud
+      description: 'The `google_pubsub` destination publishes logs to a Google Cloud
         Pub/Sub topic.
+
+
+        **Supported pipeline types:** logs'
       properties:
         auth:
           $ref: '#/components/schemas/ObservabilityPipelineGcpAuth'
@@ -36948,6 +37268,8 @@ components:
       - project
       - topic
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineGooglePubSubDestinationEncoding:
       description: Encoding format for log events.
       enum:
@@ -36968,17 +37290,20 @@ components:
       x-enum-varnames:
       - GOOGLE_PUBSUB
     ObservabilityPipelineGooglePubSubSource:
-      description: The `google_pubsub` source ingests logs from a Google Cloud Pub/Sub
+      description: 'The `google_pubsub` source ingests logs from a Google Cloud Pub/Sub
         subscription.
+
+
+        **Supported pipeline types:** logs'
       properties:
         auth:
           $ref: '#/components/schemas/ObservabilityPipelineGcpAuth'
         decoding:
           $ref: '#/components/schemas/ObservabilityPipelineDecoding'
         id:
-          description: The unique identifier for this component. Used to reference
-            this component in other parts of the pipeline (e.g., as input to downstream
-            components).
+          description: The unique identifier for this component. Used in other parts
+            of the pipeline to reference this component (for example, as the `input`
+            to downstream components).
           example: google-pubsub-source
           type: string
         project:
@@ -37000,6 +37325,8 @@ components:
       - project
       - subscription
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineGooglePubSubSourceType:
       default: google_pubsub
       description: The source type. The value should always be `google_pubsub`.
@@ -37009,18 +37336,103 @@ components:
       type: string
       x-enum-varnames:
       - GOOGLE_PUBSUB
+    ObservabilityPipelineHttpClientDestination:
+      description: 'The `http_client` destination sends data to an HTTP endpoint.
+
+
+        **Supported pipeline types:** logs, metrics'
+      properties:
+        auth_strategy:
+          $ref: '#/components/schemas/ObservabilityPipelineHttpClientDestinationAuthStrategy'
+        compression:
+          $ref: '#/components/schemas/ObservabilityPipelineHttpClientDestinationCompression'
+        encoding:
+          $ref: '#/components/schemas/ObservabilityPipelineHttpClientDestinationEncoding'
+        id:
+          description: The unique identifier for this component.
+          example: http-client-destination
+          type: string
+        inputs:
+          description: A list of component IDs whose output is used as the input for
+            this component.
+          example:
+          - filter-processor
+          items:
+            type: string
+          type: array
+        tls:
+          $ref: '#/components/schemas/ObservabilityPipelineTls'
+        type:
+          $ref: '#/components/schemas/ObservabilityPipelineHttpClientDestinationType'
+      required:
+      - id
+      - type
+      - inputs
+      - encoding
+      type: object
+      x-pipeline-types:
+      - logs
+      - metrics
+    ObservabilityPipelineHttpClientDestinationAuthStrategy:
+      description: HTTP authentication strategy.
+      enum:
+      - none
+      - basic
+      - bearer
+      example: basic
+      type: string
+      x-enum-varnames:
+      - NONE
+      - BASIC
+      - BEARER
+    ObservabilityPipelineHttpClientDestinationCompression:
+      description: Compression configuration for HTTP requests.
+      properties:
+        algorithm:
+          $ref: '#/components/schemas/ObservabilityPipelineHttpClientDestinationCompressionAlgorithm'
+      required:
+      - algorithm
+      type: object
+    ObservabilityPipelineHttpClientDestinationCompressionAlgorithm:
+      description: Compression algorithm.
+      enum:
+      - gzip
+      example: gzip
+      type: string
+      x-enum-varnames:
+      - GZIP
+    ObservabilityPipelineHttpClientDestinationEncoding:
+      description: Encoding format for log events.
+      enum:
+      - json
+      example: json
+      type: string
+      x-enum-varnames:
+      - JSON
+    ObservabilityPipelineHttpClientDestinationType:
+      default: http_client
+      description: The destination type. The value should always be `http_client`.
+      enum:
+      - http_client
+      example: http_client
+      type: string
+      x-enum-varnames:
+      - HTTP_CLIENT
     ObservabilityPipelineHttpClientSource:
-      description: The `http_client` source scrapes logs from HTTP endpoints at regular
+      description: 'The `http_client` source scrapes logs from HTTP endpoints at regular
         intervals.
+
+
+        **Supported pipeline types:** logs'
       properties:
         auth_strategy:
           $ref: '#/components/schemas/ObservabilityPipelineHttpClientSourceAuthStrategy'
         decoding:
           $ref: '#/components/schemas/ObservabilityPipelineDecoding'
         id:
-          description: The unique identifier for this component. Used to reference
-            this component in other parts of the pipeline (e.g., as input to downstream
-            components).
+          description: The unique identifier for this component. Used in other parts
+            of the pipeline to reference this component (for example, as the `input`
+            to downstream components).
           example: http-client-source
           type: string
         scrape_interval_secs:
@@ -37042,14 +37454,18 @@ components:
       - type
       - decoding
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineHttpClientSourceAuthStrategy:
       description: Optional authentication strategy for HTTP requests.
       enum:
+      - none
       - basic
       - bearer
       example: basic
       type: string
       x-enum-varnames:
+      - NONE
       - BASIC
       - BEARER
     ObservabilityPipelineHttpClientSourceType:
@@ -37062,8 +37478,11 @@ components:
       x-enum-varnames:
       - HTTP_CLIENT
     ObservabilityPipelineHttpServerSource:
-      description: The `http_server` source collects logs over HTTP POST from external
+      description: 'The `http_server` source collects logs over HTTP POST from external
         services.
+
+
+        **Supported pipeline types:** logs'
       properties:
         auth_strategy:
           $ref: '#/components/schemas/ObservabilityPipelineHttpServerSourceAuthStrategy'
@@ -37083,6 +37502,8 @@ components:
       - auth_strategy
       - decoding
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineHttpServerSourceAuthStrategy:
       description: HTTP authentication method.
       enum:
@@ -37102,50 +37523,125 @@ components:
       type: string
       x-enum-varnames:
       - HTTP_SERVER
-    ObservabilityPipelineKafkaSource:
-      description: The `kafka` source ingests data from Apache Kafka topics.
+    ObservabilityPipelineKafkaDestination:
+      description: 'The `kafka` destination sends logs to Apache Kafka topics.
+
+
+        **Supported pipeline types:** logs'
       properties:
-        group_id:
-          description: Consumer group ID used by the Kafka client.
-          example: consumer-group-0
+        compression:
+          $ref: '#/components/schemas/ObservabilityPipelineKafkaDestinationCompression'
+        encoding:
+          $ref: '#/components/schemas/ObservabilityPipelineKafkaDestinationEncoding'
+        headers_key:
+          description: The field name to use for Kafka message headers.
+          example: headers
           type: string
         id:
-          description: The unique identifier for this component. Used to reference
-            this component in other parts of the pipeline (e.g., as input to downstream
-            components).
-          example: kafka-source
+          description: The unique identifier for this component.
+          example: kafka-destination
+          type: string
+        inputs:
+          description: A list of component IDs whose output is used as the `input`
+            for this component.
+          example:
+          - filter-processor
+          items:
+            type: string
+          type: array
+        key_field:
+          description: The field name to use as the Kafka message key.
+          example: message_id
           type: string
         librdkafka_options:
-          description: Optional list of advanced Kafka client configuration options,
+          description: Optional list of advanced Kafka producer configuration options,
             defined as key-value pairs.
           items:
-            $ref: '#/components/schemas/ObservabilityPipelineKafkaSourceLibrdkafkaOption'
+            $ref: '#/components/schemas/ObservabilityPipelineKafkaLibrdkafkaOption'
           type: array
+        message_timeout_ms:
+          description: Maximum time in milliseconds to wait for message delivery confirmation.
+          example: 300000
+          format: int64
+          minimum: 1
+          type: integer
+        rate_limit_duration_secs:
+          description: Duration in seconds for the rate limit window.
+          example: 1
+          format: int64
+          minimum: 1
+          type: integer
+        rate_limit_num:
+          description: Maximum number of messages allowed per rate limit duration.
+          example: 1000
+          format: int64
+          minimum: 1
+          type: integer
         sasl:
-          $ref: '#/components/schemas/ObservabilityPipelineKafkaSourceSasl'
+          $ref: '#/components/schemas/ObservabilityPipelineKafkaSasl'
+        socket_timeout_ms:
+          description: Socket timeout in milliseconds for network requests.
+          example: 60000
+          format: int64
+          maximum: 300000
+          minimum: 10
+          type: integer
         tls:
           $ref: '#/components/schemas/ObservabilityPipelineTls'
-        topics:
-          description: A list of Kafka topic names to subscribe to. The source ingests
-            messages from each topic specified.
-          example:
-          - topic1
-          - topic2
-          items:
-            type: string
-          type: array
+        topic:
+          description: The Kafka topic name to publish logs to.
+          example: logs-topic
+          type: string
         type:
-          $ref: '#/components/schemas/ObservabilityPipelineKafkaSourceType'
+          $ref: '#/components/schemas/ObservabilityPipelineKafkaDestinationType'
       required:
       - id
       - type
-      - group_id
-      - topics
+      - inputs
+      - topic
+      - encoding
       type: object
-    ObservabilityPipelineKafkaSourceLibrdkafkaOption:
+      x-pipeline-types:
+      - logs
+    ObservabilityPipelineKafkaDestinationCompression:
+      description: Compression codec for Kafka messages.
+      enum:
+      - none
+      - gzip
+      - snappy
+      - lz4
+      - zstd
+      example: gzip
+      type: string
+      x-enum-varnames:
+      - NONE
+      - GZIP
+      - SNAPPY
+      - LZ4
+      - ZSTD
+    ObservabilityPipelineKafkaDestinationEncoding:
+      description: Encoding format for log events.
+      enum:
+      - json
+      - raw_message
+      example: json
+      type: string
+      x-enum-varnames:
+      - JSON
+      - RAW_MESSAGE
+    ObservabilityPipelineKafkaDestinationType:
+      default: kafka
+      description: The destination type. The value should always be `kafka`.
+      enum:
+      - kafka
+      example: kafka
+      type: string
+      x-enum-varnames:
+      - KAFKA
+    ObservabilityPipelineKafkaLibrdkafkaOption:
       description: Represents a key-value pair used to configure low-level `librdkafka`
-        client options for Kafka sources, such as timeouts, buffer sizes, and security
-        settings.
+        client options for Kafka source and destination, such as timeouts, buffer
+        sizes, and security settings.
       properties:
         name:
           description: The name of the `librdkafka` configuration option to set.
@@ -37160,12 +37656,68 @@ components:
       - name
       - value
       type: object
-    ObservabilityPipelineKafkaSourceSasl:
+    ObservabilityPipelineKafkaSasl:
       description: Specifies the SASL mechanism for authenticating with a Kafka cluster.
       properties:
         mechanism:
-          $ref: '#/components/schemas/ObservabilityPipelinePipelineKafkaSourceSaslMechanism'
+          $ref: '#/components/schemas/ObservabilityPipelineKafkaSaslMechanism'
       type: object
+    ObservabilityPipelineKafkaSaslMechanism:
+      description: SASL mechanism used for Kafka authentication.
+      enum:
+      - PLAIN
+      - SCRAM-SHA-256
+      - SCRAM-SHA-512
+      type: string
+      x-enum-varnames:
+      - PLAIN
+      - SCRAMNOT_SHANOT_256
+      - SCRAMNOT_SHANOT_512
+    ObservabilityPipelineKafkaSource:
+      description: 'The `kafka` source ingests data from Apache Kafka topics.
+
+
+        **Supported pipeline types:** logs'
+      properties:
+        group_id:
+          description: Consumer group ID used by the Kafka client.
+          example: consumer-group-0
+          type: string
+        id:
+          description: The unique identifier for this component. Used in other parts
+            of the pipeline to reference this component (for example, as the `input`
+            to downstream components).
+          example: kafka-source
+          type: string
+        librdkafka_options:
+          description: Optional list of advanced Kafka client configuration options,
+            defined as key-value pairs.
+          items:
+            $ref: '#/components/schemas/ObservabilityPipelineKafkaLibrdkafkaOption'
+          type: array
+        sasl:
+          $ref: '#/components/schemas/ObservabilityPipelineKafkaSasl'
+        tls:
+          $ref: '#/components/schemas/ObservabilityPipelineTls'
+        topics:
+          description: A list of Kafka topic names to subscribe to. The source ingests
+            messages from each topic specified.
+          example:
+          - topic1
+          - topic2
+          items:
+            type: string
+          type: array
+        type:
+          $ref: '#/components/schemas/ObservabilityPipelineKafkaSourceType'
+      required:
+      - id
+      - type
+      - group_id
+      - topics
+      type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineKafkaSourceType:
       default: kafka
       description: The source type. The value should always be `kafka`.
@@ -37176,12 +37728,15 @@ components:
       x-enum-varnames:
       - KAFKA
     ObservabilityPipelineLogstashSource:
-      description: The `logstash` source ingests logs from a Logstash forwarder.
+      description: 'The `logstash` source ingests logs from a Logstash forwarder.
+
+
+        **Supported pipeline types:** logs'
       properties:
         id:
-          description: The unique identifier for this component. Used to reference
-            this component in other parts of the pipeline (e.g., as input to downstream
-            components).
+          description: The unique identifier for this component. Used in other parts
+            of the pipeline to reference this component (for example, as the `input`
+            to downstream components).
           example: logstash-source
           type: string
         tls:
@@ -37192,6 +37747,8 @@ components:
       - id
       - type
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineLogstashSourceType:
       default: logstash
       description: The source type. The value should always be `logstash`.
@@ -37216,13 +37773,112 @@ components:
       - name
       - value
       type: object
+    ObservabilityPipelineMetricTagsProcessor:
+      description: 'The `metric_tags` processor filters metrics based on their tags
+        using Datadog tag key patterns.
+
+
+        **Supported pipeline types:** metrics'
+      properties:
+        display_name:
+          $ref: '#/components/schemas/ObservabilityPipelineComponentDisplayName'
+        enabled:
+          description: Indicates whether the processor is enabled.
+          example: true
+          type: boolean
+        id:
+          description: The unique identifier for this component. Used in other parts
+            of the pipeline to reference this component (for example, as the `input`
+            to downstream components).
+          example: metric-tags-processor
+          type: string
+        include:
+          description: A Datadog search query that determines which metrics the processor
+            targets.
+          example: '*'
+          type: string
+        rules:
+          description: A list of rules for filtering metric tags.
+          items:
+            $ref: '#/components/schemas/ObservabilityPipelineMetricTagsProcessorRule'
+          maxItems: 100
+          minItems: 1
+          type: array
+        type:
+          $ref: '#/components/schemas/ObservabilityPipelineMetricTagsProcessorType'
+      required:
+      - id
+      - type
+      - include
+      - rules
+      - enabled
+      type: object
+      x-pipeline-types:
+      - metrics
+    ObservabilityPipelineMetricTagsProcessorRule:
+      description: Defines a rule for filtering metric tags based on key patterns.
+      properties:
+        action:
+          $ref: '#/components/schemas/ObservabilityPipelineMetricTagsProcessorRuleAction'
+        include:
+          description: A Datadog search query used to determine which metrics this
+            rule targets.
+          example: '*'
+          type: string
+        keys:
+          description: A list of tag keys to include or exclude.
+          example:
+          - env
+          - service
+          - version
+          items:
+            type: string
+          type: array
+        mode:
+          $ref: '#/components/schemas/ObservabilityPipelineMetricTagsProcessorRuleMode'
+      required:
+      - include
+      - mode
+      - action
+      - keys
+      type: object
+    ObservabilityPipelineMetricTagsProcessorRuleAction:
+      description: The action to take on tags with matching keys.
+      enum:
+      - include
+      - exclude
+      example: include
+      type: string
+      x-enum-varnames:
+      - INCLUDE
+      - EXCLUDE
+    ObservabilityPipelineMetricTagsProcessorRuleMode:
+      description: The processing mode for tag filtering.
+      enum:
+      - filter
+      example: filter
+      type: string
+      x-enum-varnames:
+      - FILTER
+    ObservabilityPipelineMetricTagsProcessorType:
+      default: metric_tags
+      description: The processor type. The value should always be `metric_tags`.
+      enum:
+      - metric_tags
+      example: metric_tags
+      type: string
+      x-enum-varnames:
+      - METRIC_TAGS
     ObservabilityPipelineMetricValue:
       description: Specifies how the value of the generated metric is computed.
       oneOf:
       - $ref: '#/components/schemas/ObservabilityPipelineGeneratedMetricIncrementByOne'
       - $ref: '#/components/schemas/ObservabilityPipelineGeneratedMetricIncrementByField'
     ObservabilityPipelineNewRelicDestination:
-      description: The `new_relic` destination sends logs to the New Relic platform.
+      description: 'The `new_relic` destination sends logs to the New Relic platform.
+
+
+        **Supported pipeline types:** logs'
       properties:
         id:
           description: The unique identifier for this component.
@@ -37246,6 +37902,8 @@ components:
       - inputs
       - region
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineNewRelicDestinationRegion:
       description: The New Relic region.
       enum:
@@ -37266,13 +37924,16 @@ components:
       x-enum-varnames:
       - NEW_RELIC
     ObservabilityPipelineOcsfMapperProcessor:
-      description: The `ocsf_mapper` processor transforms logs into the OCSF schema
+      description: 'The `ocsf_mapper` processor transforms logs into the OCSF schema
         using a predefined mapping configuration.
+
+
+        **Supported pipeline types:** logs'
       properties:
         display_name:
           $ref: '#/components/schemas/ObservabilityPipelineComponentDisplayName'
         enabled:
-          description: Whether this processor is enabled.
+          description: Indicates whether the processor is enabled.
           example: true
           type: boolean
         id:
@@ -37299,6 +37960,8 @@ components:
       - mappings
       - enabled
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineOcsfMapperProcessorMapping:
       description: Defines how specific events are transformed to OCSF using a mapping
         configuration.
@@ -37358,7 +38021,10 @@ components:
       - OKTA_SYSTEM_LOG_AUTHENTICATION
       - PALO_ALTO_NETWORKS_FIREWALL_TRAFFIC
     ObservabilityPipelineOpenSearchDestination:
-      description: The `opensearch` destination writes logs to an OpenSearch cluster.
+      description: 'The `opensearch` destination writes logs to an OpenSearch cluster.
+
+
+        **Supported pipeline types:** logs'
       properties:
         bulk_index:
           description: The index to write logs to.
@@ -37383,6 +38049,8 @@ components:
       - type
       - inputs
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineOpenSearchDestinationType:
       default: opensearch
       description: The destination type. The value should always be `opensearch`.
@@ -37392,9 +38060,56 @@ components:
       type: string
       x-enum-varnames:
       - OPENSEARCH
+    ObservabilityPipelineOpentelemetrySource:
+      description: 'The `opentelemetry` source receives telemetry data using the OpenTelemetry
+        Protocol (OTLP) over gRPC and HTTP.
+
+
+        **Supported pipeline types:** logs'
+      properties:
+        grpc_address_key:
+          description: Environment variable name containing the gRPC server address
+            for receiving OTLP data. Must be a valid environment variable name (alphanumeric
+            characters and underscores only).
+          example: OTEL_GRPC_ADDRESS
+          type: string
+        http_address_key:
+          description: Environment variable name containing the HTTP server address
+            for receiving OTLP data. Must be a valid environment variable name (alphanumeric
+            characters and underscores only).
+          example: OTEL_HTTP_ADDRESS
+          type: string
+        id:
+          description: The unique identifier for this component. Used in other parts
+            of the pipeline to reference this component (for example, as the `input`
+            to downstream components).
+          example: opentelemetry-source
+          type: string
+        tls:
+          $ref: '#/components/schemas/ObservabilityPipelineTls'
+        type:
+          $ref: '#/components/schemas/ObservabilityPipelineOpentelemetrySourceType'
+      required:
+      - id
+      - type
+      type: object
+      x-pipeline-types:
+      - logs
+    ObservabilityPipelineOpentelemetrySourceType:
+      default: opentelemetry
+      description: The source type. The value should always be `opentelemetry`.
+      enum:
+      - opentelemetry
+      example: opentelemetry
+      type: string
+      x-enum-varnames:
+      - OPENTELEMETRY
     ObservabilityPipelineParseGrokProcessor:
-      description: The `parse_grok` processor extracts structured fields from unstructured
+      description: 'The `parse_grok` processor extracts structured fields from unstructured
         log messages using Grok patterns.
+
+
+        **Supported pipeline types:** logs'
       properties:
         disable_library_rules:
           default: false
@@ -37405,7 +38120,7 @@ components:
         display_name:
           $ref: '#/components/schemas/ObservabilityPipelineComponentDisplayName'
         enabled:
-          description: Whether this processor is enabled.
+          description: Indicates whether the processor is enabled.
           example: true
           type: boolean
         id:
@@ -37433,6 +38148,8 @@ components:
       - rules
       - enabled
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineParseGrokProcessorRule:
       description: 'A Grok parsing rule used in the `parse_grok` processor. Each rule
         defines how to extract structured fields
@@ -37512,14 +38229,17 @@ components:
       x-enum-varnames:
       - PARSE_GROK
     ObservabilityPipelineParseJSONProcessor:
-      description: The `parse_json` processor extracts JSON from a specified field
+      description: 'The `parse_json` processor extracts JSON from a specified field
         and flattens it into the event. This is useful when logs contain embedded
         JSON as a string.
+
+
+        **Supported pipeline types:** logs'
       properties:
         display_name:
           $ref: '#/components/schemas/ObservabilityPipelineComponentDisplayName'
         enabled:
-          description: Whether this processor is enabled.
+          description: Indicates whether the processor is enabled.
           example: true
           type: boolean
         field:
@@ -37546,6 +38266,8 @@ components:
       - field
       - enabled
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineParseJSONProcessorType:
       default: parse_json
       description: The processor type. The value should always be `parse_json`.
@@ -37555,37 +38277,101 @@ components:
       type: string
       x-enum-varnames:
       - PARSE_JSON
-    ObservabilityPipelinePipelineKafkaSourceSaslMechanism:
-      description: SASL mechanism used for Kafka authentication.
+    ObservabilityPipelineParseXMLProcessor:
+      description: 'The `parse_xml` processor parses XML from a specified field and
+        extracts it into the event.
+
+
+        **Supported pipeline types:** logs'
+      properties:
+        always_use_text_key:
+          description: Whether to always use a text key for element content.
+          type: boolean
+        attr_prefix:
+          description: The prefix to use for XML attributes in the parsed output.
+          type: string
+        display_name:
+          $ref: '#/components/schemas/ObservabilityPipelineComponentDisplayName'
+        enabled:
+          description: Indicates whether the processor is enabled.
+          example: true
+          type: boolean
+        field:
+          description: The name of the log field that contains an XML string.
+          example: message
+          type: string
+        id:
+          description: The unique identifier for this component. Used in other parts
+            of the pipeline to reference this component (for example, as the `input`
+            to downstream components).
+          example: parse-xml-processor
+          type: string
+        include:
+          description: A Datadog search query used to determine which logs this processor
+            targets.
+          example: service:my-service
+          type: string
+        include_attr:
+          description: Whether to include XML attributes in the parsed output.
+          type: boolean
+        parse_bool:
+          description: Whether to parse boolean values from strings.
+          type: boolean
+        parse_null:
+          description: Whether to parse null values.
+          type: boolean
+        parse_number:
+          description: Whether to parse numeric values from strings.
+          type: boolean
+        text_key:
+          description: The key name to use for text content within XML elements. Must
+            be at least 1 character if specified.
+          minLength: 1
+          type: string
+        type:
+          $ref: '#/components/schemas/ObservabilityPipelineParseXMLProcessorType'
+      required:
+      - id
+      - type
+      - include
+      - field
+      - enabled
+      type: object
+      x-pipeline-types:
+      - logs
+    ObservabilityPipelineParseXMLProcessorType:
+      default: parse_xml
+      description: The processor type. The value should always be `parse_xml`.
       enum:
-      - PLAIN
-      - SCRAM-SHA-256
-      - SCRAM-SHA-512
+      - parse_xml
+      example: parse_xml
       type: string
       x-enum-varnames:
-      - PLAIN
-      - SCRAMNOT_SHANOT_256
-      - SCRAMNOT_SHANOT_512
+      - PARSE_XML
     ObservabilityPipelineQuotaProcessor:
-      description: The Quota Processor measures logging traffic for logs that match
+      description: 'The `quota` processor measures logging traffic for logs that match
         a specified filter. When the configured daily quota is met, the processor
         can drop or alert.
+
+
+        **Supported pipeline types:** logs'
       properties:
         display_name:
           $ref: '#/components/schemas/ObservabilityPipelineComponentDisplayName'
         drop_events:
-          description: If set to `true`, logs that matched the quota filter and sent
-            after the quota has been met are dropped; only logs that did not match
-            the filter query continue through the pipeline.
+          description: 'If set to `true`, logs that match the quota filter and are
+            sent after the quota is exceeded are dropped. Logs that do not match the
+            filter continue through the pipeline. **Note**: You can set either `drop_events`
+            or `overflow_action`, but not both.'
           example: false
           type: boolean
         enabled:
-          description: Whether this processor is enabled.
+          description: Indicates whether the processor is enabled.
           example: true
           type: boolean
         id:
-          description: The unique identifier for this component. Used to reference
-            this component in other parts of the pipeline (for example, as the `input`
+          description: The unique identifier for this component. Used in other parts
+            of the pipeline to reference this component (for example, as the `input`
             to downstream components).
           example: quota-processor
           type: string
@@ -37620,6 +38406,8 @@ components:
           items:
             type: string
           type: array
+        too_many_buckets_action:
+          $ref: '#/components/schemas/ObservabilityPipelineQuotaProcessorOverflowAction'
         type:
           $ref: '#/components/schemas/ObservabilityPipelineQuotaProcessorType'
       required:
@@ -37630,6 +38418,8 @@ components:
       - limit
       - enabled
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineQuotaProcessorLimit:
       description: The maximum amount of data or number of events allowed before the
         quota is enforced. Can be specified in bytes or events.
@@ -37657,7 +38447,8 @@ components:
       - BYTES
       - EVENTS
     ObservabilityPipelineQuotaProcessorOverflowAction:
-      description: 'The action to take when the quota is exceeded. Options:
+      description: 'The action to take when the quota or bucket limit is exceeded.
+        Options:
 
         - `drop`: Drop the event.
 
@@ -37701,13 +38492,16 @@ components:
       x-enum-varnames:
       - QUOTA
     ObservabilityPipelineReduceProcessor:
-      description: The `reduce` processor aggregates and merges logs based on matching
+      description: 'The `reduce` processor aggregates and merges logs based on matching
         keys and merge strategies.
+
+
+        **Supported pipeline types:** logs'
       properties:
         display_name:
           $ref: '#/components/schemas/ObservabilityPipelineComponentDisplayName'
         enabled:
-          description: Whether this processor is enabled.
+          description: Indicates whether the processor is enabled.
           example: true
           type: boolean
         group_by:
@@ -37743,6 +38537,8 @@ components:
       - merge_strategies
       - enabled
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineReduceProcessorMergeStrategy:
       description: Defines how a specific field should be merged across grouped events.
       properties:
@@ -37796,12 +38592,15 @@ components:
       x-enum-varnames:
       - REDUCE
     ObservabilityPipelineRemoveFieldsProcessor:
-      description: The `remove_fields` processor deletes specified fields from logs.
+      description: 'The `remove_fields` processor deletes specified fields from logs.
+
+
+        **Supported pipeline types:** logs'
       properties:
         display_name:
           $ref: '#/components/schemas/ObservabilityPipelineComponentDisplayName'
         enabled:
-          description: Whether this processor is enabled.
+          description: Indicates whether the processor is enabled.
           example: true
           type: boolean
         fields:
@@ -37813,9 +38612,9 @@ components:
             type: string
           type: array
         id:
-          description: The unique identifier for this component. Used to reference
-            this component in other parts of the pipeline (e.g., as input to downstream
-            components).
+          description: The unique identifier for this component. Used in other parts
+            of the pipeline to reference this component (for example, as the `input`
+            to downstream components).
           example: remove-fields-processor
           type: string
         include:
@@ -37832,6 +38631,8 @@ components:
       - fields
       - enabled
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineRemoveFieldsProcessorType:
       default: remove_fields
       description: The processor type. The value should always be `remove_fields`.
@@ -37842,12 +38643,15 @@ components:
       x-enum-varnames:
       - REMOVE_FIELDS
     ObservabilityPipelineRenameFieldsProcessor:
-      description: The `rename_fields` processor changes field names.
+      description: 'The `rename_fields` processor changes field names.
+
+
+        **Supported pipeline types:** logs'
       properties:
         display_name:
           $ref: '#/components/schemas/ObservabilityPipelineComponentDisplayName'
         enabled:
-          description: Whether this processor is enabled.
+          description: Indicates whether the processor is enabled.
           example: true
           type: boolean
         fields:
@@ -37877,6 +38681,8 @@ components:
       - fields
       - enabled
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineRenameFieldsProcessorField:
       description: Defines how to rename a field in log events.
       properties:
@@ -37908,8 +38714,11 @@ components:
       x-enum-varnames:
       - RENAME_FIELDS
     ObservabilityPipelineRsyslogDestination:
-      description: The `rsyslog` destination forwards logs to an external `rsyslog`
+      description: 'The `rsyslog` destination forwards logs to an external `rsyslog`
         server over TCP or UDP using the syslog protocol.
+
+
+        **Supported pipeline types:** logs'
       properties:
         id:
           description: The unique identifier for this component.
@@ -37938,6 +38747,8 @@ components:
       - type
       - inputs
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineRsyslogDestinationType:
       default: rsyslog
       description: The destination type. The value should always be `rsyslog`.
@@ -37948,13 +38759,16 @@ components:
       x-enum-varnames:
       - RSYSLOG
     ObservabilityPipelineRsyslogSource:
-      description: The `rsyslog` source listens for logs over TCP or UDP from an `rsyslog`
-        server using the syslog protocol.
+      description: 'The `rsyslog` source listens for logs over TCP or UDP from an
+        `rsyslog` server using the syslog protocol.
+
+
+        **Supported pipeline types:** logs'
       properties:
         id:
-          description: The unique identifier for this component. Used to reference
-            this component in other parts of the pipeline (e.g., as input to downstream
-            components).
+          description: The unique identifier for this component. Used in other parts
+            of the pipeline to reference this component (for example, as the `input`
+            to downstream components).
           example: rsyslog-source
           type: string
         mode:
@@ -37968,6 +38782,8 @@ components:
       - type
       - mode
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineRsyslogSourceType:
       default: rsyslog
       description: The source type. The value should always be `rsyslog`.
@@ -37978,18 +38794,31 @@ components:
       x-enum-varnames:
       - RSYSLOG
     ObservabilityPipelineSampleProcessor:
-      description: The `sample` processor allows probabilistic sampling of logs at
+      description: 'The `sample` processor allows probabilistic sampling of logs at
         a fixed rate.
+
+
+        **Supported pipeline types:** logs'
       properties:
         display_name:
           $ref: '#/components/schemas/ObservabilityPipelineComponentDisplayName'
         enabled:
-          description: Whether this processor is enabled.
+          description: Indicates whether the processor is enabled.
           example: true
           type: boolean
+        group_by:
+          description: Optional list of fields to group events by. Each group is sampled
+            independently.
+          example:
+          - service
+          - host
+          items:
+            type: string
+          minItems: 1
+          type: array
         id:
-          description: The unique identifier for this component. Used to reference
-            this component in other parts of the pipeline (for example, as the `input`
+          description: The unique identifier for this component. Used in other parts
+            of the pipeline to reference this component (for example, as the `input`
             to downstream components).
           example: sample-processor
           type: string
@@ -38003,20 +38832,17 @@ components:
           example: 10.0
           format: double
           type: number
-        rate:
-          description: Number of events to sample (1 in N).
-          example: 10
-          format: int64
-          minimum: 1
-          type: integer
         type:
           $ref: '#/components/schemas/ObservabilityPipelineSampleProcessorType'
       required:
       - id
       - type
       - include
+      - percentage
       - enabled
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineSampleProcessorType:
       default: sample
       description: The processor type. The value should always be `sample`.
@@ -38027,19 +38853,22 @@ components:
       x-enum-varnames:
       - SAMPLE
     ObservabilityPipelineSensitiveDataScannerProcessor:
-      description: The `sensitive_data_scanner` processor detects and optionally redacts
-        sensitive data in log events.
+      description: 'The `sensitive_data_scanner` processor detects and optionally
+        redacts sensitive data in log events.
+
+
+        **Supported pipeline types:** logs'
       properties:
         display_name:
           $ref: '#/components/schemas/ObservabilityPipelineComponentDisplayName'
         enabled:
-          description: Whether this processor is enabled.
+          description: Indicates whether the processor is enabled.
           example: true
           type: boolean
         id:
-          description: The unique identifier for this component. Used to reference
-            this component in other parts of the pipeline (e.g., as input to downstream
-            components).
+          description: The unique identifier for this component. Used in other parts
+            of the pipeline to reference this component (for example, as the `input`
+            to downstream components).
           example: sensitive-scanner
           type: string
         include:
@@ -38062,6 +38891,8 @@ components:
       - rules
       - enabled
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineSensitiveDataScannerProcessorAction:
       description: Defines what action to take when sensitive data is matched.
       oneOf:
@@ -38183,6 +39014,11 @@ components:
     ObservabilityPipelineSensitiveDataScannerProcessorCustomPatternOptions:
       description: Options for defining a custom regex pattern.
       properties:
+        description:
+          description: Human-readable description providing context about a sensitive
+            data scanner rule
+          example: "Custom regex for internal API\u202Fkeys"
+          type: string
         rule:
           description: A regular expression used to detect sensitive values. Must
             be a valid regex.
@@ -38238,6 +39074,11 @@ components:
       description: Options for selecting a predefined library pattern and enabling
         keyword support.
       properties:
+        description:
+          description: Human-readable description providing context about a sensitive
+            data scanner rule
+          example: Credit card pattern
+          type: string
         id:
           description: Identifier for a predefined pattern from the sensitive data
             scanner pattern library.
@@ -38379,7 +39220,10 @@ components:
       x-enum-varnames:
       - SENSITIVE_DATA_SCANNER
     ObservabilityPipelineSentinelOneDestination:
-      description: The `sentinel_one` destination sends logs to SentinelOne.
+      description: 'The `sentinel_one` destination sends logs to SentinelOne.
+
+
+        **Supported pipeline types:** logs'
       properties:
         id:
           description: The unique identifier for this component.
@@ -38403,6 +39247,8 @@ components:
       - inputs
       - region
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineSentinelOneDestinationRegion:
       description: The SentinelOne region to send logs to.
       enum:
@@ -38427,8 +39273,11 @@ components:
       x-enum-varnames:
       - SENTINEL_ONE
     ObservabilityPipelineSocketDestination:
-      description: The `socket` destination sends logs over TCP or UDP to a remote
+      description: 'The `socket` destination sends logs over TCP or UDP to a remote
         server.
+
+
+        **Supported pipeline types:** logs'
       properties:
         encoding:
           $ref: '#/components/schemas/ObservabilityPipelineSocketDestinationEncoding'
@@ -38461,6 +39310,8 @@ components:
       - framing
       - mode
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineSocketDestinationEncoding:
       description: Encoding format for log events.
       enum:
@@ -38555,14 +39406,17 @@ components:
       x-enum-varnames:
       - SOCKET
     ObservabilityPipelineSocketSource:
-      description: The `socket` source ingests logs over TCP or UDP.
+      description: 'The `socket` source ingests logs over TCP or UDP.
+
+
+        **Supported pipeline types:** logs'
       properties:
         framing:
           $ref: '#/components/schemas/ObservabilityPipelineSocketSourceFraming'
         id:
-          description: The unique identifier for this component. Used to reference
-            this component in other parts of the pipeline (e.g., as input to downstream
-            components).
+          description: The unique identifier for this component. Used in other parts
+            of the pipeline to reference this component (for example, as the `input`
+            to downstream components).
           example: socket-source
           type: string
         mode:
@@ -38578,6 +39432,8 @@ components:
       - mode
       - framing
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineSocketSourceFraming:
       description: Framing method configuration for the socket source.
       oneOf:
@@ -38718,9 +39574,79 @@ components:
       - type
       - attributes
       type: object
+    ObservabilityPipelineSplitArrayProcessor:
+      description: 'The `split_array` processor splits array fields into separate
+        events based on configured rules.
+
+
+        **Supported pipeline types:** logs'
+      properties:
+        arrays:
+          description: A list of array split configurations.
+          items:
+            $ref: '#/components/schemas/ObservabilityPipelineSplitArrayProcessorArrayConfig'
+          maxItems: 15
+          minItems: 1
+          type: array
+        display_name:
+          $ref: '#/components/schemas/ObservabilityPipelineComponentDisplayName'
+        enabled:
+          description: Indicates whether the processor is enabled.
+          example: true
+          type: boolean
+        id:
+          description: The unique identifier for this component. Used in other parts
+            of the pipeline to reference this component (for example, as the `input`
+            to downstream components).
+          example: split-array-processor
+          type: string
+        include:
+          description: A Datadog search query used to determine which logs this processor
+            targets. For split_array, this should typically be `*`.
+          example: '*'
+          type: string
+        type:
+          $ref: '#/components/schemas/ObservabilityPipelineSplitArrayProcessorType'
+      required:
+      - id
+      - type
+      - include
+      - arrays
+      - enabled
+      type: object
+      x-pipeline-types:
+      - logs
+    ObservabilityPipelineSplitArrayProcessorArrayConfig:
+      description: Configuration for a single array split operation.
+      properties:
+        field:
+          description: The path to the array field to split.
+          example: tags
+          type: string
+        include:
+          description: A Datadog search query used to determine which logs this array
+            split operation targets.
+          example: '*'
+          type: string
+      required:
+      - include
+      - field
+      type: object
+    ObservabilityPipelineSplitArrayProcessorType:
+      default: split_array
+      description: The processor type. The value should always be `split_array`.
+      enum:
+      - split_array
+      example: split_array
+      type: string
+      x-enum-varnames:
+      - SPLIT_ARRAY
     ObservabilityPipelineSplunkHecDestination:
-      description: The `splunk_hec` destination forwards logs to Splunk using the
+      description: 'The `splunk_hec` destination forwards logs to Splunk using the
         HTTP Event Collector (HEC).
+
+
+        **Supported pipeline types:** logs'
       properties:
         auto_extract_timestamp:
           description: 'If `true`, Splunk tries to extract timestamps from incoming
@@ -38732,9 +39658,9 @@ components:
         encoding:
           $ref: '#/components/schemas/ObservabilityPipelineSplunkHecDestinationEncoding'
         id:
-          description: The unique identifier for this component. Used to reference
-            this component in other parts of the pipeline (e.g., as input to downstream
-            components).
+          description: The unique identifier for this component. Used in other parts
+            of the pipeline to reference this component (for example, as the `input`
+            to downstream components).
           example: splunk-hec-destination
           type: string
         index:
@@ -38760,6 +39686,8 @@ components:
       - type
       - inputs
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineSplunkHecDestinationEncoding:
       description: Encoding format for log events.
       enum:
@@ -38780,13 +39708,16 @@ components:
       x-enum-varnames:
       - SPLUNK_HEC
     ObservabilityPipelineSplunkHecSource:
-      description: The `splunk_hec` source implements the Splunk HTTP Event Collector
+      description: 'The `splunk_hec` source implements the Splunk HTTP Event Collector
         (HEC) API.
+
+
+        **Supported pipeline types:** logs'
       properties:
         id:
-          description: The unique identifier for this component. Used to reference
-            this component in other parts of the pipeline (e.g., as input to downstream
-            components).
+          description: The unique identifier for this component. Used in other parts
+            of the pipeline to reference this component (for example, as the `input`
+            to downstream components).
           example: splunk-hec-source
           type: string
         tls:
@@ -38797,6 +39728,8 @@ components:
       - id
       - type
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineSplunkHecSourceType:
       default: splunk_hec
       description: The source type. Always `splunk_hec`.
@@ -38810,12 +39743,15 @@ components:
       description: 'The `splunk_tcp` source receives logs from a Splunk Universal
         Forwarder over TCP.
 
-        TLS is supported for secure transmission.'
+        TLS is supported for secure transmission.
+
+
+        **Supported pipeline types:** logs'
       properties:
         id:
-          description: The unique identifier for this component. Used to reference
-            this component in other parts of the pipeline (e.g., as input to downstream
-            components).
+          description: The unique identifier for this component. Used in other parts
+            of the pipeline to reference this component (for example, as the `input`
+            to downstream components).
           example: splunk-tcp-source
           type: string
         tls:
@@ -38826,6 +39762,8 @@ components:
       - id
       - type
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineSplunkTcpSourceType:
       default: splunk_tcp
       description: The source type. Always `splunk_tcp`.
@@ -38836,7 +39774,10 @@ components:
       x-enum-varnames:
       - SPLUNK_TCP
     ObservabilityPipelineSumoLogicDestination:
-      description: The `sumo_logic` destination forwards logs to Sumo Logic.
+      description: 'The `sumo_logic` destination forwards logs to Sumo Logic.
+
+
+        **Supported pipeline types:** logs'
       properties:
         encoding:
           $ref: '#/components/schemas/ObservabilityPipelineSumoLogicDestinationEncoding'
@@ -38877,6 +39818,8 @@ components:
       - type
       - inputs
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineSumoLogicDestinationEncoding:
       description: The output encoding format.
       enum:
@@ -38914,12 +39857,15 @@ components:
       x-enum-varnames:
       - SUMO_LOGIC
     ObservabilityPipelineSumoLogicSource:
-      description: The `sumo_logic` source receives logs from Sumo Logic collectors.
+      description: 'The `sumo_logic` source receives logs from Sumo Logic collectors.
+
+
+        **Supported pipeline types:** logs'
       properties:
         id:
-          description: The unique identifier for this component. Used to reference
-            this component in other parts of the pipeline (e.g., as input to downstream
-            components).
+          description: The unique identifier for this component. Used in other parts
+            of the pipeline to reference this component (for example, as the `input`
+            to downstream components).
           example: sumo-logic-source
           type: string
         type:
@@ -38928,6 +39874,8 @@ components:
       - id
       - type
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineSumoLogicSourceType:
       default: sumo_logic
       description: The source type. The value should always be `sumo_logic`.
@@ -38938,8 +39886,11 @@ components:
       x-enum-varnames:
       - SUMO_LOGIC
     ObservabilityPipelineSyslogNgDestination:
-      description: The `syslog_ng` destination forwards logs to an external `syslog-ng`
+      description: 'The `syslog_ng` destination forwards logs to an external `syslog-ng`
         server over TCP or UDP using the syslog protocol.
+
+
+        **Supported pipeline types:** logs'
       properties:
         id:
           description: The unique identifier for this component.
@@ -38968,6 +39919,8 @@ components:
       - type
       - inputs
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineSyslogNgDestinationType:
       default: syslog_ng
       description: The destination type. The value should always be `syslog_ng`.
@@ -38978,13 +39931,16 @@ components:
       x-enum-varnames:
       - SYSLOG_NG
     ObservabilityPipelineSyslogNgSource:
-      description: The `syslog_ng` source listens for logs over TCP or UDP from a
+      description: 'The `syslog_ng` source listens for logs over TCP or UDP from a
         `syslog-ng` server using the syslog protocol.
+
+
+        **Supported pipeline types:** logs'
       properties:
         id:
-          description: The unique identifier for this component. Used to reference
-            this component in other parts of the pipeline (e.g., as input to downstream
-            components).
+          description: The unique identifier for this component. Used in other parts
+            of the pipeline to reference this component (for example, as the `input`
+            to downstream components).
           example: syslog-ng-source
           type: string
         mode:
@@ -38998,6 +39954,8 @@ components:
       - type
       - mode
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineSyslogNgSourceType:
       default: syslog_ng
       description: The source type. The value should always be `syslog_ng`.
@@ -39018,13 +39976,16 @@ components:
       - TCP
       - UDP
     ObservabilityPipelineThrottleProcessor:
-      description: The `throttle` processor limits the number of events that pass
+      description: 'The `throttle` processor limits the number of events that pass
         through over a given time window.
+
+
+        **Supported pipeline types:** logs'
       properties:
         display_name:
           $ref: '#/components/schemas/ObservabilityPipelineComponentDisplayName'
         enabled:
-          description: Whether this processor is enabled.
+          description: Indicates whether the processor is enabled.
           example: true
           type: boolean
         group_by:
@@ -39065,6 +40026,8 @@ components:
       - window
       - enabled
       type: object
+      x-pipeline-types:
+      - logs
     ObservabilityPipelineThrottleProcessorType:
       default: throttle
       description: The processor type. The value should always be `throttle`.
@@ -40664,7 +41627,6 @@ components:
                 type: STRING
               primary_keys:
               - id
-            sync_enabled: false
             tags:
             - test_tag
           type: reference_table
@@ -40696,10 +41658,6 @@ components:
           $ref: '#/components/schemas/PatchTableRequestDataAttributesFileMetadata'
         schema:
           $ref: '#/components/schemas/PatchTableRequestDataAttributesSchema'
-        sync_enabled:
-          description: Whether this table is synced automatically.
-          example: false
-          type: boolean
         tags:
           description: Tags for organizing and filtering reference tables.
           example:
@@ -42851,6 +43809,9 @@ components:
       description: Attributes of the SPA Recommendation resource. Contains recommendations
         for both driver and executor components.
       properties:
+        confidence_level:
+          format: double
+          type: number
         driver:
           $ref: '#/components/schemas/ComponentRecommendation'
         executor:
@@ -47816,6 +48777,379 @@ components:
         meta:
           $ref: '#/components/schemas/SecurityFilterMeta'
       type: object
+    SecurityFindingsAttributes:
+      description: The JSON object containing all attributes of the security finding.
+      properties:
+        attributes:
+          additionalProperties: {}
+          description: The custom attributes of the security finding.
+          example:
+            severity: high
+            status: open
+          type: object
+        tags:
+          description: List of tags associated with the security finding.
+          example:
+          - team:platform
+          - env:prod
+          items:
+            type: string
+          type: array
+        timestamp:
+          description: The Unix timestamp at which the detection changed for the resource.
+            Same value as @detection_changed_at.
+          example: 1765901760
+          format: int64
+          type: integer
+      type: object
+    SecurityFindingsData:
+      description: A single security finding.
+      properties:
+        attributes:
+          $ref: '#/components/schemas/SecurityFindingsAttributes'
+        id:
+          description: The unique ID of the security finding.
+          example: ZGVmLTAwcC1pZXJ-aS0wZjhjNjMyZDNmMzRlZTgzNw==
+          type: string
+        type:
+          $ref: '#/components/schemas/SecurityFindingsDataType'
+      type: object
+    SecurityFindingsDataType:
+      default: finding
+      description: The type of the security finding resource.
+      enum:
+      - finding
+      example: finding
+      type: string
+      x-enum-varnames:
+      - FINDING
+    SecurityFindingsLinks:
+      description: Links for pagination.
+      properties:
+        next:
+          description: Link for the next page of results. Note that paginated requests
+            can also be made using the POST endpoint.
+          example: https://app.datadoghq.com/api/v2/security/findings?page[cursor]=eyJhZnRlciI6IkF3QUFBWnPcm1pd0FBQUJbVlBQUKBa1pqRTVdZUzSTBNemN0YWiIsLTE3Mjk0MzYwMjFdfQ==&page[limit]=25
+          type: string
+      type: object
+    SecurityFindingsMeta:
+      description: Metadata about the response.
+      properties:
+        elapsed:
+          description: The time elapsed in milliseconds.
+          example: 548
+          format: int64
+          type: integer
+        page:
+          $ref: '#/components/schemas/SecurityFindingsPage'
+        request_id:
+          description: The identifier of the request.
+          example: pddv1ChZwVlMxMUdYRFRMQ1lyb3B4MGNYbFlnIi0KHQu35LDbucx
+          type: string
+        status:
+          $ref: '#/components/schemas/SecurityFindingsStatus'
+      type: object
+    SecurityFindingsPage:
+      description: Pagination information.
+      properties:
+        after:
+          description: The cursor used to get the next page of results.
+          example: eyJhZnRlciI6IkFRQUFBWWJiaEJXQS1OY1dqUUFBQUFCQldXSmlhRUpYUVVGQlJFSktkbTlDTUdaWFRVbDNRVUUiLCJ2YWx1ZXMiOlsiY3JpdGljYWwiXX0=
+          type: string
+      type: object
+    SecurityFindingsSearchRequest:
+      description: The request body for searching security findings.
+      properties:
+        data:
+          $ref: '#/components/schemas/SecurityFindingsSearchRequestData'
+      type: object
+    SecurityFindingsSearchRequestData:
+      description: Request data for searching security findings.
+      properties:
+        attributes:
+          $ref: '#/components/schemas/SecurityFindingsSearchRequestDataAttributes'
+      type: object
+    SecurityFindingsSearchRequestDataAttributes:
+      description: Request attributes for searching security findings.
+      properties:
+        filter:
+          default: '*'
+          description: The search query following log search syntax.
+          example: '@severity:(critical OR high) @status:open team:platform'
+          type: string
+        page:
+          $ref: '#/components/schemas/SecurityFindingsSearchRequestPage'
+        sort:
+          $ref: '#/components/schemas/SecurityFindingsSort'
+      type: object
+    SecurityFindingsSearchRequestPage:
+      description: Pagination attributes for the search request.
+      properties:
+        cursor:
+          description: Get the next page of results with a cursor provided in the
+            previous query.
+          example: eyJhZnRlciI6IkF3QUFBWnPcm1pd0FBQUJbVlBQUKBa1pqRTVdZUzSTBNemN0YWiIsLTE3Mjk0MzYwMjFdfQ==
+          type: string
+        limit:
+          default: 10
+          description: The maximum number of security findings in the response.
+          example: 25
+          format: int64
+          maximum: 150
+          minimum: 1
+          type: integer
+      type: object
+    SecurityFindingsSort:
+      default: -@detection_changed_at
+      description: The sort parameters when querying security findings.
+      enum:
+      - '@detection_changed_at'
+      - -@detection_changed_at
+      type: string
+      x-enum-varnames:
+      - DETECTION_CHANGED_AT_ASC
+      - DETECTION_CHANGED_AT_DESC
+    SecurityFindingsStatus:
+      description: The status of the response.
+      enum:
+      - done
+      - timeout
+      example: done
+      type: string
+      x-enum-varnames:
+      - DONE
+      - TIMEOUT
+    SecurityMonitoringCriticalAsset:
+      description: The critical asset's properties.
+      properties:
+        attributes:
+          $ref: '#/components/schemas/SecurityMonitoringCriticalAssetAttributes'
+        id:
+          $ref: '#/components/schemas/SecurityMonitoringCriticalAssetID'
+        type:
+          $ref: '#/components/schemas/SecurityMonitoringCriticalAssetType'
+      type: object
+    SecurityMonitoringCriticalAssetAttributes:
+      description: The attributes of the critical asset.
+      properties:
+        creation_author_id:
+          description: ID of user who created the critical asset.
+          example: 367742
+          format: int64
+          type: integer
+        creation_date:
+          description: A Unix millisecond timestamp given the creation date of the
+            critical asset.
+          format: int64
+          type: integer
+        creator:
+          $ref: '#/components/schemas/SecurityMonitoringUser'
+        enabled:
+          description: Whether the critical asset is enabled.
+          example: true
+          type: boolean
+        query:
+          description: The query for the critical asset. It uses the same syntax as
+            the queries to search signals in the Signals Explorer.
+          example: security:monitoring
+          type: string
+        rule_query:
+          description: The rule query of the critical asset, with the same syntax
+            as the search bar for detection rules. This determines which rules this
+            critical asset will apply to.
+          example: type:log_detection source:cloudtrail
+          type: string
+        severity:
+          $ref: '#/components/schemas/SecurityMonitoringCriticalAssetSeverity'
+        tags:
+          description: List of tags associated with the critical asset.
+          example:
+          - team:database
+          - source:cloudtrail
+          items:
+            type: string
+          type: array
+        update_author_id:
+          description: ID of user who updated the critical asset.
+          example: 367743
+          format: int64
+          type: integer
+        update_date:
+          description: A Unix millisecond timestamp given the update date of the critical
+            asset.
+          format: int64
+          type: integer
+        updater:
+          $ref: '#/components/schemas/SecurityMonitoringUser'
+        version:
+          description: The version of the critical asset; it starts at 1, and is incremented
+            at each update.
+          example: 2
+          format: int32
+          maximum: 2147483647
+          type: integer
+      type: object
+    SecurityMonitoringCriticalAssetCreateAttributes:
+      description: Object containing the attributes of the critical asset to be created.
+      properties:
+        enabled:
+          default: true
+          description: Whether the critical asset is enabled. Defaults to `true` if
+            not specified.
+          example: true
+          type: boolean
+        query:
+          description: The query for the critical asset. It uses the same syntax as
+            the queries to search signals in the Signals Explorer.
+          example: security:monitoring
+          type: string
+        rule_query:
+          description: The rule query of the critical asset, with the same syntax
+            as the search bar for detection rules. This determines which rules this
+            critical asset will apply to.
+          example: type:(log_detection OR signal_correlation OR workload_security
+            OR application_security) source:cloudtrail
+          type: string
+        severity:
+          $ref: '#/components/schemas/SecurityMonitoringCriticalAssetSeverity'
+        tags:
+          description: List of tags associated with the critical asset.
+          example:
+          - team:database
+          - source:cloudtrail
+          items:
+            type: string
+          type: array
+      required:
+      - query
+      - severity
+      - rule_query
+      type: object
+    SecurityMonitoringCriticalAssetCreateData:
+      description: Object for a single critical asset.
+      properties:
+        attributes:
+          $ref: '#/components/schemas/SecurityMonitoringCriticalAssetCreateAttributes'
+        type:
+          $ref: '#/components/schemas/SecurityMonitoringCriticalAssetType'
+      required:
+      - type
+      - attributes
+      type: object
+    SecurityMonitoringCriticalAssetCreateRequest:
+      description: Request object that includes the critical asset that you would
+        like to create.
+      properties:
+        data:
+          $ref: '#/components/schemas/SecurityMonitoringCriticalAssetCreateData'
+      required:
+      - data
+      type: object
+    SecurityMonitoringCriticalAssetID:
+      description: The ID of the critical asset.
+      example: 4e2435a5-6670-4b8f-baff-46083cd1c250
+      type: string
+    SecurityMonitoringCriticalAssetResponse:
+      description: Response object containing a single critical asset.
+      properties:
+        data:
+          $ref: '#/components/schemas/SecurityMonitoringCriticalAsset'
+      type: object
+    SecurityMonitoringCriticalAssetSeverity:
+      description: Severity associated with this critical asset. Either an explicit
+        severity can be set, or the severity can be increased or decreased.
+      enum:
+      - info
+      - low
+      - medium
+      - high
+      - critical
+      - increase
+      - decrease
+      example: increase
+      type: string
+      x-enum-varnames:
+      - INFO
+      - LOW
+      - MEDIUM
+      - HIGH
+      - CRITICAL
+      - INCREASE
+      - DECREASE
+    SecurityMonitoringCriticalAssetType:
+      default: critical_assets
+      description: The type of the resource. The value should always be `critical_assets`.
+      enum:
+      - critical_assets
+      example: critical_assets
+      type: string
+      x-enum-varnames:
+      - CRITICAL_ASSETS
+    SecurityMonitoringCriticalAssetUpdateAttributes:
+      description: The critical asset properties to be updated.
+      properties:
+        enabled:
+          description: Whether the critical asset is enabled.
+          example: true
+          type: boolean
+        query:
+          description: The query for the critical asset. It uses the same syntax as
+            the queries to search signals in the Signals Explorer.
+          example: security:monitoring
+          type: string
+        rule_query:
+          description: The rule query of the critical asset, with the same syntax
+            as the search bar for detection rules. This determines which rules this
+            critical asset will apply to.
+          example: type:log_detection source:cloudtrail
+          type: string
+        severity:
+          $ref: '#/components/schemas/SecurityMonitoringCriticalAssetSeverity'
+        tags:
+          description: List of tags associated with the critical asset.
+          example:
+          - technique:T1110-brute-force
+          - source:cloudtrail
+          items:
+            type: string
+          type: array
+        version:
+          description: The version of the critical asset being updated. Used for optimistic
+            locking to prevent concurrent modifications.
+          example: 1
+          format: int32
+          maximum: 2147483647
+          type: integer
+      type: object
+    SecurityMonitoringCriticalAssetUpdateData:
+      description: The new critical asset properties; partial updates are supported.
+      properties:
+        attributes:
+          $ref: '#/components/schemas/SecurityMonitoringCriticalAssetUpdateAttributes'
+        type:
+          $ref: '#/components/schemas/SecurityMonitoringCriticalAssetType'
+      required:
+      - type
+      - attributes
+      type: object
+    SecurityMonitoringCriticalAssetUpdateRequest:
+      description: Request object containing the fields to update on the critical
+        asset.
+      properties:
+        data:
+          $ref: '#/components/schemas/SecurityMonitoringCriticalAssetUpdateData'
+      required:
+      - data
+      type: object
+    SecurityMonitoringCriticalAssetsResponse:
+      description: Response object containing the available critical assets.
+      properties:
+        data:
+          description: A list of critical assets objects.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringCriticalAsset'
+          type: array
+      type: object
     SecurityMonitoringFilter:
       description: The rule's suppression filter.
       properties:
@@ -59416,6 +60750,8 @@ components:
             apm_service_catalog_read: View service catalog and service definitions.
             apm_service_catalog_write: Add, modify, and delete service catalog definitions
               when those definitions are maintained by Datadog.
+            appsec_vm_read: View infrastructure, application code, and library vulnerability
+              findings.
             billing_read: View your organization's billing information.
             cases_read: View Cases.
             cases_write: Create and update cases.
@@ -59470,6 +60806,8 @@ components:
               & unsubscribing from apps in the marketplace, and enabling & disabling
               Remote Configuration for the entire organization.
             security_comments_read: Read comments of vulnerabilities.
+            security_monitoring_critical_assets_read: Read Critical Assets.
+            security_monitoring_critical_assets_write: Write Critical Assets.
             security_monitoring_filters_read: Read Security Filters.
             security_monitoring_filters_write: Create, edit, and delete Security Filters.
             security_monitoring_findings_read: View a list of findings that include
@@ -59593,13 +60931,14 @@ paths:
         results.'
       operationId: ListFleetAgents
       parameters:
-      - description: Page number for pagination (must be greater than 0).
+      - description: Page number for pagination (starts at 0).
         in: query
         name: page_number
         required: false
         schema:
+          default: 0
           format: int64
-          minimum: 1
+          minimum: 0
           type: integer
       - description: Number of results per page (must be greater than 0 and less than
           or equal to 100).
@@ -69191,15 +70530,49 @@ paths:
         events with the `change` or `alert` category** are in General Availability.
         For change events, see [Change Tracking](https://docs.datadoghq.com/change_tracking)
         for more details.\n\n\u274C For use cases involving other event categories,
-        use the V1 endpoint or reach out to [support](https://www.datadoghq.com/support/).\n\n\u274C
-        Notifications are not yet supported for events sent to this endpoint. Use
-        the V1 endpoint for notification functionality."
+        use the V1 endpoint or reach out to [support](https://www.datadoghq.com/support/)."
       operationId: CreateEvent
       requestBody:
         content:
           application/json:
             examples:
-              json-request-body:
+              alert-event:
+                description: Example of an alert event for tracking alerts and monitoring
+                  events.
+                summary: Alert Event
+                value:
+                  data:
+                    attributes:
+                      aggregation_key: deduplication_key_here
+                      attributes:
+                        custom:
+                          my-object-attribute:
+                            my-array-attribute:
+                            - 1
+                            - 2
+                            - 3
+                            my-array-object-attribute:
+                            - name: test-object-1
+                            - name: test-object-2
+                            my-integer-attribute: 1
+                          my-string-attribute: my-custom-value
+                        links:
+                        - category: runbook
+                          title: Datadog website
+                          url: https://datadoghq.com
+                        priority: '1'
+                        status: error
+                      category: alert
+                      message: Something is broken!
+                      tags:
+                      - service:my-test-service
+                      - datacenter:primary
+                      title: My Alerting Event
+                    type: event
+              change-event:
+                description: Example of a change event for tracking configuration
+                  or feature flag changes.
+                summary: Change Event
                 value:
                   data:
                     attributes:
@@ -76339,6 +77712,222 @@ paths:
       summary: Get all aggregated DNS traffic
       tags:
       - Cloud Network Monitoring
+  /api/v2/obs-pipelines/pipelines:
+    get:
+      description: Retrieve a list of pipelines.
+      operationId: ListPipelines
+      parameters:
+      - $ref: '#/components/parameters/PageSize'
+      - $ref: '#/components/parameters/PageNumber'
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ListPipelinesResponse'
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: List pipelines
+      tags:
+      - Observability Pipelines
+      x-permission:
+        operator: OR
+        permissions:
+        - observability_pipelines_read
+      x-unstable: '**Note**: This endpoint is in Preview. Fill out this [form](https://www.datadoghq.com/product-preview/observability-pipelines-api-and-terraform-support/)
+        to request access.'
+    post:
+      description: Create a new pipeline.
+      operationId: CreatePipeline
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ObservabilityPipelineSpec'
+        required: true
+      responses:
+        '201':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ObservabilityPipeline'
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '409':
+          $ref: '#/components/responses/ConflictResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Create a new pipeline
+      tags:
+      - Observability Pipelines
+      x-permission:
+        operator: OR
+        permissions:
+        - observability_pipelines_deploy
+      x-unstable: '**Note**: This endpoint is in Preview. Fill out this [form](https://www.datadoghq.com/product-preview/observability-pipelines-api-and-terraform-support/)
+        to request access.'
+  /api/v2/obs-pipelines/pipelines/validate:
+    post:
+      description: 'Validates a pipeline configuration without creating or updating
+        any resources.
+
+        Returns a list of validation errors, if any.'
+      operationId: ValidatePipeline
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ObservabilityPipelineSpec'
+        required: true
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ValidationResponse'
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Validate an observability pipeline
+      tags:
+      - Observability Pipelines
+      x-permission:
+        operator: OR
+        permissions:
+        - observability_pipelines_read
+      x-unstable: '**Note**: This endpoint is in Preview. Fill out this [form](https://www.datadoghq.com/product-preview/observability-pipelines-api-and-terraform-support/)
+        to request access.'
+  /api/v2/obs-pipelines/pipelines/{pipeline_id}:
+    delete:
+      description: Delete a pipeline.
+      operationId: DeletePipeline
+      parameters:
+      - description: The ID of the pipeline to delete.
+        in: path
+        name: pipeline_id
+        required: true
+        schema:
+          type: string
+      responses:
+        '204':
+          description: OK
+        '403':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Forbidden
+        '404':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Not Found
+        '409':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Conflict
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Delete a pipeline
+      tags:
+      - Observability Pipelines
+      x-permission:
+        operator: OR
+        permissions:
+        - observability_pipelines_delete
+      x-unstable: '**Note**: This endpoint is in Preview. Fill out this [form](https://www.datadoghq.com/product-preview/observability-pipelines-api-and-terraform-support/)
+        to request access.'
+    get:
+      description: Get a specific pipeline by its ID.
+      operationId: GetPipeline
+      parameters:
+      - description: The ID of the pipeline to retrieve.
+        in: path
+        name: pipeline_id
+        required: true
+        schema:
+          type: string
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ObservabilityPipeline'
+          description: OK
+        '403':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/APIErrorResponse'
+          description: Forbidden
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Get a specific pipeline
+      tags:
+      - Observability Pipelines
+      x-permission:
+        operator: OR
+        permissions:
+        - observability_pipelines_read
+      x-unstable: '**Note**: This endpoint is in Preview. Fill out this [form](https://www.datadoghq.com/product-preview/observability-pipelines-api-and-terraform-support/)
+        to request access.'
+    put:
+      description: Update a pipeline.
+      operationId: UpdatePipeline
+      parameters:
+      - description: The ID of the pipeline to update.
+        in: path
+        name: pipeline_id
+        required: true
+        schema:
+          type: string
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ObservabilityPipeline'
+        required: true
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ObservabilityPipeline'
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '404':
+          $ref: '#/components/responses/NotFoundResponse'
+        '409':
+          $ref: '#/components/responses/ConflictResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      summary: Update a pipeline
+      tags:
+      - Observability Pipelines
+      x-permission:
+        operator: OR
+        permissions:
+        - observability_pipelines_deploy
+      x-unstable: '**Note**: This endpoint is in Preview. Fill out this [form](https://www.datadoghq.com/product-preview/observability-pipelines-api-and-terraform-support/)
+        to request access.'
   /api/v2/on-call/escalation-policies:
     post:
       description: Create a new On-Call escalation policy
@@ -77986,7 +79575,13 @@ paths:
         cursorPath: meta.page.cursor
         limitParam: page[limit]
         resultsPath: data
-      x-unstable: '**Note**: This endpoint is in public beta.
+      x-unstable: '**Note**: This endpoint uses the legacy security findings data
+        model and is planned for deprecation.
+
+        Use the [search security findings endpoint](https://docs.datadoghq.com/api/latest/security-monitoring/#search-security-findings),
+
+        which is based on the [new security findings schema](https://docs.datadoghq.com/security/guide/findings-schema/),
+        to search security findings.
 
         If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
     patch:
@@ -78086,7 +79681,13 @@ paths:
       summary: Get a finding
       tags:
       - Security Monitoring
-      x-unstable: '**Note**: This endpoint is in public beta.
+      x-unstable: '**Note**: This endpoint uses the legacy security findings data
+        model and is planned for deprecation.
+
+        Use the [search security findings endpoint](https://docs.datadoghq.com/api/latest/security-monitoring/#search-security-findings),
+
+        which is based on the [new security findings schema](https://docs.datadoghq.com/security/guide/findings-schema/),
+        to search security findings.
 
         If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
   /api/v2/powerpacks:
@@ -79331,6 +80932,18 @@ paths:
       requestBody:
         content:
           application/json:
+            examples:
+              happy_path:
+                summary: Upsert a row with mixed string and int values
+                value:
+                  data:
+                  - attributes:
+                      values:
+                        age: 25
+                        example_key_value: primary_key_value
+                        name: row_name
+                    id: primary_key_value
+                    type: row
             schema:
               $ref: '#/components/schemas/BatchUpsertRowsRequestArray'
         required: true
@@ -79985,222 +81598,6 @@ paths:
       tags:
       - CSM Threats
       x-codegen-request-body-name: body
-  /api/v2/remote_config/products/obs_pipelines/pipelines:
-    get:
-      description: Retrieve a list of pipelines.
-      operationId: ListPipelines
-      parameters:
-      - $ref: '#/components/parameters/PageSize'
-      - $ref: '#/components/parameters/PageNumber'
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ListPipelinesResponse'
-          description: OK
-        '400':
-          $ref: '#/components/responses/BadRequestResponse'
-        '403':
-          $ref: '#/components/responses/NotAuthorizedResponse'
-        '429':
-          $ref: '#/components/responses/TooManyRequestsResponse'
-      summary: List pipelines
-      tags:
-      - Observability Pipelines
-      x-permission:
-        operator: OR
-        permissions:
-        - observability_pipelines_read
-      x-unstable: '**Note**: This endpoint is in Preview. Fill out this [form](https://www.datadoghq.com/product-preview/observability-pipelines-api-and-terraform-support/)
-        to request access.'
-    post:
-      description: Create a new pipeline.
-      operationId: CreatePipeline
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/ObservabilityPipelineSpec'
-        required: true
-      responses:
-        '201':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ObservabilityPipeline'
-          description: OK
-        '400':
-          $ref: '#/components/responses/BadRequestResponse'
-        '403':
-          $ref: '#/components/responses/NotAuthorizedResponse'
-        '409':
-          $ref: '#/components/responses/ConflictResponse'
-        '429':
-          $ref: '#/components/responses/TooManyRequestsResponse'
-      summary: Create a new pipeline
-      tags:
-      - Observability Pipelines
-      x-permission:
-        operator: OR
-        permissions:
-        - observability_pipelines_deploy
-      x-unstable: '**Note**: This endpoint is in Preview. Fill out this [form](https://www.datadoghq.com/product-preview/observability-pipelines-api-and-terraform-support/)
-        to request access.'
-  /api/v2/remote_config/products/obs_pipelines/pipelines/validate:
-    post:
-      description: 'Validates a pipeline configuration without creating or updating
-        any resources.
-
-        Returns a list of validation errors, if any.'
-      operationId: ValidatePipeline
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/ObservabilityPipelineSpec'
-        required: true
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ValidationResponse'
-          description: OK
-        '400':
-          $ref: '#/components/responses/BadRequestResponse'
-        '403':
-          $ref: '#/components/responses/NotAuthorizedResponse'
-        '429':
-          $ref: '#/components/responses/TooManyRequestsResponse'
-      summary: Validate an observability pipeline
-      tags:
-      - Observability Pipelines
-      x-permission:
-        operator: OR
-        permissions:
-        - observability_pipelines_read
-      x-unstable: '**Note**: This endpoint is in Preview. Fill out this [form](https://www.datadoghq.com/product-preview/observability-pipelines-api-and-terraform-support/)
-        to request access.'
-  /api/v2/remote_config/products/obs_pipelines/pipelines/{pipeline_id}:
-    delete:
-      description: Delete a pipeline.
-      operationId: DeletePipeline
-      parameters:
-      - description: The ID of the pipeline to delete.
-        in: path
-        name: pipeline_id
-        required: true
-        schema:
-          type: string
-      responses:
-        '204':
-          description: OK
-        '403':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/APIErrorResponse'
-          description: Forbidden
-        '404':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/APIErrorResponse'
-          description: Not Found
-        '409':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/APIErrorResponse'
-          description: Conflict
-        '429':
-          $ref: '#/components/responses/TooManyRequestsResponse'
-      summary: Delete a pipeline
-      tags:
-      - Observability Pipelines
-      x-permission:
-        operator: OR
-        permissions:
-        - observability_pipelines_delete
-      x-unstable: '**Note**: This endpoint is in Preview. Fill out this [form](https://www.datadoghq.com/product-preview/observability-pipelines-api-and-terraform-support/)
-        to request access.'
-    get:
-      description: Get a specific pipeline by its ID.
-      operationId: GetPipeline
-      parameters:
-      - description: The ID of the pipeline to retrieve.
-        in: path
-        name: pipeline_id
-        required: true
-        schema:
-          type: string
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ObservabilityPipeline'
-          description: OK
-        '403':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/APIErrorResponse'
-          description: Forbidden
-        '429':
-          $ref: '#/components/responses/TooManyRequestsResponse'
-      summary: Get a specific pipeline
-      tags:
-      - Observability Pipelines
-      x-permission:
-        operator: OR
-        permissions:
-        - observability_pipelines_read
-      x-unstable: '**Note**: This endpoint is in Preview. Fill out this [form](https://www.datadoghq.com/product-preview/observability-pipelines-api-and-terraform-support/)
-        to request access.'
-    put:
-      description: Update a pipeline.
-      operationId: UpdatePipeline
-      parameters:
-      - description: The ID of the pipeline to update.
-        in: path
-        name: pipeline_id
-        required: true
-        schema:
-          type: string
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/ObservabilityPipeline'
-        required: true
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ObservabilityPipeline'
-          description: OK
-        '400':
-          $ref: '#/components/responses/BadRequestResponse'
-        '403':
-          $ref: '#/components/responses/NotAuthorizedResponse'
-        '404':
-          $ref: '#/components/responses/NotFoundResponse'
-        '409':
-          $ref: '#/components/responses/ConflictResponse'
-        '429':
-          $ref: '#/components/responses/TooManyRequestsResponse'
-      summary: Update a pipeline
-      tags:
-      - Observability Pipelines
-      x-permission:
-        operator: OR
-        permissions:
-        - observability_pipelines_deploy
-      x-unstable: '**Note**: This endpoint is in Preview. Fill out this [form](https://www.datadoghq.com/product-preview/observability-pipelines-api-and-terraform-support/)
-        to request access.'
   /api/v2/restriction_policy/{resource_id}:
     delete:
       description: Deletes the restriction policy associated with a specified resource.
@@ -82018,6 +83415,87 @@ paths:
         operator: OR
         permissions:
         - security_monitoring_cws_agent_rules_read
+  /api/v2/security/findings:
+    get:
+      description: 'Get a list of security findings that match a search query. [See
+        the schema for security findings](https://docs.datadoghq.com/security/guide/findings-schema/).
+
+
+        ### Query Syntax
+
+
+        This endpoint uses the logs query syntax. Findings attributes (living in the
+        attributes.attributes. namespace) are prefixed by @ when queried. Tags are
+        queried without a prefix.
+
+
+        Example: `@severity:(critical OR high) @status:open team:platform`'
+      operationId: ListSecurityFindings
+      parameters:
+      - description: The search query following log search syntax.
+        example: '@severity:(critical OR high) @status:open team:platform'
+        in: query
+        name: filter[query]
+        required: false
+        schema:
+          default: '*'
+          type: string
+      - description: Get the next page of results with a cursor provided in the previous
+          query.
+        example: eyJhZnRlciI6IkF3QUFBWnPcm1pd0FBQUJbVlBQUKBa1pqRTVdZUzSTBNemN0YWiIsLTE3Mjk0MzYwMjFdfQ==
+        in: query
+        name: page[cursor]
+        required: false
+        schema:
+          type: string
+      - description: The maximum number of findings in the response.
+        example: 25
+        in: query
+        name: page[limit]
+        required: false
+        schema:
+          default: 10
+          format: int64
+          maximum: 150
+          minimum: 1
+          type: integer
+      - description: Sorts by @detection_changed_at.
+        in: query
+        name: sort
+        required: false
+        schema:
+          $ref: '#/components/schemas/SecurityFindingsSort'
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ListSecurityFindingsResponse'
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/ForbiddenResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_findings_read
+      summary: List security findings
+      tags:
+      - Security Monitoring
+      x-pagination:
+        cursorParam: page[cursor]
+        cursorPath: meta.page.after
+        limitParam: page[limit]
+        resultsPath: data
+      x-permission:
+        operator: OR
+        permissions:
+        - security_monitoring_findings_read
+        - appsec_vm_read
   /api/v2/security/findings/cases:
     delete:
       description: 'Detach security findings from their case.
@@ -82237,6 +83715,59 @@ paths:
       x-unstable: '**Note**: This endpoint is in beta and is subject to change.
 
         Please check the documentation regularly for updates.'
+  /api/v2/security/findings/search:
+    post:
+      description: 'Get a list of security findings that match a search query. [See
+        the schema for security findings](https://docs.datadoghq.com/security/guide/findings-schema/).
+
+
+        ### Query Syntax
+
+
+        The API uses the logs query syntax. Findings attributes (living in the attributes.attributes.
+        namespace) are prefixed by @ when queried. Tags are queried without a prefix.
+
+
+        Example: `@severity:(critical OR high) @status:open team:platform`'
+      operationId: SearchSecurityFindings
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SecurityFindingsSearchRequest'
+        required: true
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ListSecurityFindingsResponse'
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/ForbiddenResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_findings_read
+      summary: Search security findings
+      tags:
+      - Security Monitoring
+      x-codegen-request-body-name: body
+      x-pagination:
+        cursorParam: body.data.attributes.page.cursor
+        cursorPath: meta.page.after
+        limitParam: body.data.attributes.page.limit
+        resultsPath: data
+      x-permission:
+        operator: OR
+        permissions:
+        - security_monitoring_findings_read
+        - appsec_vm_read
   /api/v2/security/sboms:
     get:
       description: 'Get a list of assets SBOMs for an organization.
@@ -83660,6 +85191,184 @@ paths:
         operator: OR
         permissions:
         - security_monitoring_cws_agent_rules_write
+  /api/v2/security_monitoring/configuration/critical_assets:
+    get:
+      description: Get the list of all critical assets.
+      operationId: ListSecurityMonitoringCriticalAssets
+      parameters:
+      - description: Query string.
+        in: query
+        name: query
+        required: false
+        schema:
+          type: string
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SecurityMonitoringCriticalAssetsResponse'
+          description: OK
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_critical_assets_read
+      summary: Get all critical assets
+      tags:
+      - Security Monitoring
+    post:
+      description: Create a new critical asset.
+      operationId: CreateSecurityMonitoringCriticalAsset
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SecurityMonitoringCriticalAssetCreateRequest'
+        description: The definition of the new critical asset.
+        required: true
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SecurityMonitoringCriticalAssetResponse'
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '409':
+          $ref: '#/components/responses/ConflictResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_critical_assets_write
+      summary: Create a critical asset
+      tags:
+      - Security Monitoring
+      x-codegen-request-body-name: body
+  /api/v2/security_monitoring/configuration/critical_assets/rules/{rule_id}:
+    get:
+      description: Get the list of critical assets that affect a specific existing
+        rule by the rule's ID.
+      operationId: GetCriticalAssetsAffectingRule
+      parameters:
+      - $ref: '#/components/parameters/SecurityMonitoringRuleID'
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SecurityMonitoringCriticalAssetsResponse'
+          description: OK
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '404':
+          $ref: '#/components/responses/NotFoundResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_critical_assets_read
+      summary: Get critical assets affecting a specific rule
+      tags:
+      - Security Monitoring
+  /api/v2/security_monitoring/configuration/critical_assets/{critical_asset_id}:
+    delete:
+      description: Delete a specific critical asset.
+      operationId: DeleteSecurityMonitoringCriticalAsset
+      parameters:
+      - $ref: '#/components/parameters/SecurityMonitoringCriticalAssetID'
+      responses:
+        '204':
+          description: OK
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '404':
+          $ref: '#/components/responses/NotFoundResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_critical_assets_write
+      summary: Delete a critical asset
+      tags:
+      - Security Monitoring
+    get:
+      description: Get the details of a specific critical asset.
+      operationId: GetSecurityMonitoringCriticalAsset
+      parameters:
+      - $ref: '#/components/parameters/SecurityMonitoringCriticalAssetID'
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SecurityMonitoringCriticalAssetResponse'
+          description: OK
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '404':
+          $ref: '#/components/responses/NotFoundResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_critical_assets_read
+      summary: Get a critical asset
+      tags:
+      - Security Monitoring
+    patch:
+      description: Update a specific critical asset.
+      operationId: UpdateSecurityMonitoringCriticalAsset
+      parameters:
+      - $ref: '#/components/parameters/SecurityMonitoringCriticalAssetID'
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SecurityMonitoringCriticalAssetUpdateRequest'
+        description: New definition of the critical asset. Supports partial updates.
+        required: true
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/SecurityMonitoringCriticalAssetResponse'
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '404':
+          $ref: '#/components/responses/NotFoundResponse'
+        '409':
+          $ref: '#/components/responses/ConcurrentModificationResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_critical_assets_write
+      summary: Update a critical asset
+      tags:
+      - Security Monitoring
   /api/v2/security_monitoring/configuration/security_filters:
     get:
       description: Get the list of configured security filters with their definitions.
@@ -84113,6 +85822,14 @@ paths:
       parameters:
       - $ref: '#/components/parameters/PageSize'
       - $ref: '#/components/parameters/PageNumber'
+      - description: A search query to filter security rules. You can filter by attributes
+          such as `type`, `source`, `tags`.
+        example: type:signal_correlation source:cloudtrail
+        in: query
+        name: query
+        required: false
+        schema:
+          type: string
       responses:
         '200':
           content:
@@ -86346,13 +88063,79 @@ paths:
       x-unstable: '**Note**: This feature is in private beta. To request access, use
         the request access form in the [Service Level Objectives](https://docs.datadoghq.com/service_management/service_level_objectives/#slo-csv-export)
         docs.'
-  /api/v2/spa/recommendations/{service}/{shard}:
+  /api/v2/spa/recommendations/{service}:
     get:
-      description: Retrieve resource recommendations for a Spark job. The caller (Spark
-        Gateway or DJM UI) provides a service name and shard identifier, and SPA returns
-        structured recommendations for driver and executor resources.
+      description: This endpoint is currently experimental and restricted to Datadog
+        internal use only. Retrieve resource recommendations for a Spark job. The
+        caller (Spark Gateway or DJM UI) provides a service name and SPA returns structured
+        recommendations for driver and executor resources. The version with a shard
+        should be preferred, where possible, as it gives more accurate results.
       operationId: GetSPARecommendations
       parameters:
+      - description: The recommendation service should not use its metrics cache.
+        in: query
+        name: bypass_cache
+        schema:
+          type: string
+      - description: The service name for a spark job.
+        in: path
+        name: service
+        required: true
+        schema:
+          type: string
+      responses:
+        '200':
+          content:
+            application/json:
+              example:
+                data:
+                  attributes:
+                    driver:
+                      estimation:
+                        cpu:
+                          max: 1500
+                          p75: 1000
+                          p95: 1200
+                        ephemeral_storage: 896
+                        heap: 6144
+                        memory: 7168
+                        overhead: 1024
+                    executor:
+                      estimation:
+                        cpu:
+                          max: 2000
+                          p75: 1200
+                          p95: 1500
+                        ephemeral_storage: 512
+                        heap: 3072
+                        memory: 4096
+                        overhead: 1024
+                  id: dedupeactivecontexts:adp_dedupeactivecontexts_org2
+                  type: recommendation
+              schema:
+                $ref: '#/components/schemas/RecommendationDocument'
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - AuthZ: []
+      summary: Get SPA Recommendations
+      tags:
+      - Spa
+      x-unstable: '**Note**: This endpoint is in preview and may change in the future.
+        It is not yet recommended for production use.'
+  /api/v2/spa/recommendations/{service}/{shard}:
+    get:
+      description: This endpoint is currently experimental and restricted to Datadog
+        internal use only. Retrieve resource recommendations for a Spark job. The
+        caller (Spark Gateway or DJM UI) provides a service name and shard identifier,
+        and SPA returns structured recommendations for driver and executor resources.
+      operationId: GetSPARecommendationsWithShard
+      parameters:
       - description: The shard tag for a spark job, which differentiates jobs within
           the same service that have different resource needs
         in: path
@@ -86366,6 +88149,11 @@ paths:
         required: true
         schema:
           type: string
+      - description: The recommendation service should not use its metrics cache.
+        in: query
+        name: bypass_cache
+        schema:
+          type: string
       responses:
         '200':
           content:
@@ -86404,11 +88192,13 @@ paths:
           $ref: '#/components/responses/NotAuthorizedResponse'
         '429':
           $ref: '#/components/responses/TooManyRequestsResponse'
-      summary: Get SPA Recommendations
+      security:
+      - AuthZ: []
+      summary: Get SPA Recommendations with a shard parameter
       tags:
       - Spa
-      x-unstable: '**Note**: This endpoint is in public beta and may change in the
-        future. It is not yet recommended for production use.'
+      x-unstable: '**Note**: This endpoint is in preview and may change in the future.
+        It is not yet recommended for production use.'
   /api/v2/spans/analytics/aggregate:
     post:
       description: 'The API endpoint to aggregate spans into buckets and compute metrics