newrelic_rpm 9.14.0 → 9.18.0

data/lib/new_relic/agent/configuration/default_source.rb

@@ -139,7 +139,7 @@ module NewRelic
               case Rails::VERSION::MAJOR
               when 3
                 :rails3
-              when 4..7
+              when 4..8
                 :rails_notifications
               else
                 ::NewRelic::Agent.logger.warn("Detected untested Rails version #{Rails::VERSION::STRING}")
@@ -387,9 +387,9 @@ module NewRelic
           :allowed_from_server => false,
           :description => <<~DESCRIPTION
             An array of ActiveSupport custom event names to subscribe to and instrument. For example,
-              - one.custom.event
-              - another.event
-              - a.third.event
+            - one.custom.event
+            - another.event
+            - a.third.event
           DESCRIPTION
         },
         :'ai_monitoring.enabled' => {
@@ -407,11 +407,11 @@ module NewRelic
           :description => <<~DESCRIPTION
             If `false`, LLM instrumentation (OpenAI only for now) will not capture input and output content on specific LLM events.
 
-              The excluded attributes include:
-                * `content` from LlmChatCompletionMessage events
-                * `input` from LlmEmbedding events
+            The excluded attributes include:
+            - `content` from LlmChatCompletionMessage events
+            - `input` from LlmEmbedding events
 
-              This is an optional security setting to prevent recording sensitive data sent to and received from your LLMs.
+            This is an optional security setting to prevent recording sensitive data sent to and received from your LLMs.
           DESCRIPTION
         },
         # this is only set via server side config
@@ -427,6 +427,7 @@ module NewRelic
           :public => true,
           :type => String,
           :allowed_from_server => false,
+          :exclude_from_reported_settings => true,
           :description => 'Your New Relic <InlinePopover type="userKey" />. Required when using the New Relic REST API v2 to record deployments using the `newrelic deployments` command.'
         },
         :backport_fast_active_record_connection_lookup => {
@@ -442,7 +443,7 @@ module NewRelic
           :public => true,
           :type => String,
           :allowed_from_server => false,
-          :description => "Manual override for the path to your local CA bundle. This CA bundle will be used to validate the SSL certificate presented by New Relic's data collection service."
+          :description => "Manual override for the path to your local CA bundle. This CA bundle validates the SSL certificate presented by New Relic's data collection service."
         },
         :capture_memcache_keys => {
           :default => false,
@@ -459,9 +460,9 @@ module NewRelic
           :description => <<~DESCRIPTION
             When `true`, the agent captures HTTP request parameters and attaches them to transaction traces, traced errors, and [`TransactionError` events](/attribute-dictionary?attribute_name=&events_tids%5B%5D=8241).
 
-                <Callout variant="caution">
-                  When using the `capture_params` setting, the Ruby agent will not attempt to filter secret information. `Recommendation:` To filter secret information from request parameters, use the [`attributes.include` setting](/docs/agents/ruby-agent/attributes/enable-disable-attributes-ruby) instead. For more information, see the <a href="/docs/agents/ruby-agent/attributes/ruby-attribute-examples#ex_req_params">Ruby attribute examples</a>.
-                </Callout>
+            <Callout variant="caution">
+            When using the `capture_params` setting, the Ruby agent will not attempt to filter secret information. `Recommendation:` To filter secret information from request parameters, use the [`attributes.include` setting](/docs/agents/ruby-agent/attributes/enable-disable-attributes-ruby) instead. For more information, see the <a href="/docs/agents/ruby-agent/attributes/ruby-attribute-examples#ex_req_params">Ruby attribute examples</a>.
+            </Callout>
           DESCRIPTION
         },
         :'clear_transaction_state_after_fork' => {
@@ -471,6 +472,14 @@ module NewRelic
           :allowed_from_server => false,
           :description => 'If `true`, the agent will clear `Tracer::State` in `Agent.drop_buffered_data`.'
         },
+        :'cloud.aws.account_id' => {
+          :default => nil,
+          :public => true,
+          :type => String,
+          :allow_nil => true,
+          :allowed_from_server => false,
+          :description => 'The AWS account ID for the AWS account associated with this app'
+        },
         :config_path => {
           :default => DefaultSource.config_path,
           :public => true,
@@ -478,10 +487,10 @@ module NewRelic
           :allowed_from_server => false,
           :description => <<~DESC
             Path to `newrelic.yml`. If undefined, the agent checks the following directories (in order):
-                * `config/newrelic.yml`
-                * `newrelic.yml`
-                * `$HOME/.newrelic/newrelic.yml`
-                * `$HOME/newrelic.yml`
+            - `config/newrelic.yml`
+            - `newrelic.yml`
+            - `$HOME/.newrelic/newrelic.yml`
+            - `$HOME/newrelic.yml`
           DESC
         },
         :'exclude_newrelic_header' => {
@@ -637,7 +646,7 @@ module NewRelic
           :public => true,
           :type => Boolean,
           :allowed_from_server => true,
-          :description => 'If `true`, enables the collection of explain plans in transaction traces. This setting will also apply to explain plans in slow SQL traces if [`slow_sql.explain_enabled`](#slow_sql-explain_enabled) is not set separately.'
+          :description => "If `true`, enables the collection of explain plans in transaction traces. This setting will also apply to explain plans in slow SQL traces if [`slow_sql.explain_enabled`](#slow_sql-explain_enabled) isn't set separately."
         },
         :'transaction_tracer.explain_threshold' => {
           :default => 0.5,
@@ -665,13 +674,13 @@ module NewRelic
           :public => true,
           :type => String,
           :allowed_from_server => true,
-          :description => 'Obfuscation level for SQL queries reported in transaction trace nodes.
-
-  By default, this is set to `obfuscated`, which strips out the numeric and string literals.
-
-  - If you do not want the agent to capture query information, set this to `none`.
-  - If you want the agent to capture all query information in its original form, set this to `raw`.
-  - When you enable [high security mode](/docs/agents/manage-apm-agents/configuration/high-security-mode), this is automatically set to `obfuscated`.'
+          :description => <<~DESC
+            Obfuscation level for SQL queries reported in transaction trace nodes.
+            By default, this is set to `obfuscated`, which strips out the numeric and string literals.
+            - If you do not want the agent to capture query information, set this to `none`.
+            - If you want the agent to capture all query information in its original form, set this to `raw`.
+            - When you enable [high security mode](/docs/agents/manage-apm-agents/configuration/high-security-mode), this is automatically set to `obfuscated`.
+          DESC
         },
 
         :'transaction_tracer.stack_trace_threshold' => {
@@ -689,20 +698,6 @@ module NewRelic
           :description => 'Specify a threshold in seconds. Transactions with a duration longer than this threshold are eligible for transaction traces. Specify a float value or the string `apdex_f`.'
         },
         # Error collector
-        :'error_collector.ignore_classes' => {
-          :default => ['ActionController::RoutingError', 'Sinatra::NotFound'],
-          :public => true,
-          :type => Array,
-          :allowed_from_server => true,
-          :dynamic_name => true,
-          :description => <<~DESCRIPTION
-            A list of error classes that the agent should ignore.
-
-              <Callout variant="caution">
-                This option can't be set via environment variable.
-              </Callout>
-          DESCRIPTION
-        },
         :'error_collector.capture_events' => {
           :default => value_of(:'error_collector.enabled'),
           :documentation_default => true,
@@ -727,10 +722,9 @@ module NewRelic
           :dynamic_name => true,
           :description => <<~DESCRIPTION
             A list of error classes that the agent should treat as expected.
-
-              <Callout variant="caution">
-                This option can't be set via environment variable.
-              </Callout>
+            <Callout variant="caution">
+            This option can't be set via environment variable.
+            </Callout>
           DESCRIPTION
         },
         :'error_collector.expected_messages' => {
@@ -741,10 +735,9 @@ module NewRelic
           :dynamic_name => true,
           :description => <<~DESCRIPTION
             A map of error classes to a list of messages. When an error of one of the classes specified here occurs, if its error message contains one of the strings corresponding to it here, that error will be treated as expected.
-
-              <Callout variant="caution">
-                This option can't be set via environment variable.
-              </Callout>
+            <Callout variant="caution">
+            This option can't be set via environment variable.
+            </Callout>
           DESCRIPTION
         },
         :'error_collector.expected_status_codes' => {
@@ -755,19 +748,30 @@ module NewRelic
           :dynamic_name => true,
           :description => 'A comma separated list of status codes, possibly including ranges. Errors associated with these status codes, where applicable, will be treated as expected.'
         },
-
+        :'error_collector.ignore_classes' => {
+          :default => ['ActionController::RoutingError', 'Sinatra::NotFound'],
+          :public => true,
+          :type => Array,
+          :allowed_from_server => true,
+          :dynamic_name => true,
+          :description => <<~DESCRIPTION
+            A list of error classes that the agent should ignore.
+            <Callout variant="caution">
+            This option can't be set via environment variable.
+            </Callout>
+          DESCRIPTION
+        },
         :'error_collector.ignore_messages' => {
-          :default => {},
+          :default => {'ThreadError' => ['queue empty']},
           :public => true,
           :type => Hash,
           :allowed_from_server => true,
           :dynamic_name => true,
           :description => <<~DESCRIPTION
             A map of error classes to a list of messages. When an error of one of the classes specified here occurs, if its error message contains one of the strings corresponding to it here, that error will be ignored.
-
-              <Callout variant="caution">
-                This option can't be set via environment variable.
-              </Callout>
+            <Callout variant="caution">
+            This option can't be set via environment variable.
+            </Callout>
           DESCRIPTION
         },
         :'error_collector.ignore_status_codes' => {
@@ -849,19 +853,19 @@ module NewRelic
           :description => <<~DESCRIPTION
             Sets the minimum level a log event must have to be forwarded to New Relic.
 
-            This is based on the integer values of Ruby's `Logger::Severity` constants: https://github.com/ruby/ruby/blob/master/lib/logger/severity.rb
+            This is based on the integer values of [Ruby's `Logger::Severity` constants](https://github.com/ruby/logger/blob/113b82a06b3076b93a71cd467e1605b23afb3088/lib/logger/severity.rb).
 
             The intention is to forward logs with the level given to the configuration, as well as any logs with a higher level of severity.
 
             For example, setting this value to "debug" will forward all log events to New Relic. Setting this value to "error" will only forward log events with the levels "error", "fatal", and "unknown".
 
             Valid values (ordered lowest to highest):
-              * "debug"
-              * "info"
-              * "warn"
-              * "error"
-              * "fatal"
-              * "unknown"
+            - "debug"
+            - "info"
+            - "warn"
+            - "error"
+            - "fatal"
+            - "unknown"
           DESCRIPTION
         },
         :'application_logging.forwarding.custom_attributes' => {
@@ -872,6 +876,21 @@ module NewRelic
           :allowed_from_server => false,
           :description => 'A hash with key/value pairs to add as custom attributes to all log events forwarded to New Relic. If sending using an environment variable, the value must be formatted like: "key1=value1,key2=value2"'
         },
+        :'application_logging.forwarding.labels.enabled' => {
+          :default => false,
+          :public => true,
+          :type => Boolean,
+          :allowed_from_server => false,
+          :description => 'If `true`, the agent attaches [labels](https://docs.newrelic.com/docs/apm/agents/ruby-agent/configuration/ruby-agent-configuration/#labels) to log records.'
+        },
+        :'application_logging.forwarding.labels.exclude' => {
+          :default => [],
+          :public => true,
+          :type => Array,
+          :transform => DefaultSource.method(:convert_to_list),
+          :allowed_from_server => false,
+          :description => 'A case-insensitive array or comma-delimited string containing the labels to exclude from log records.'
+        },
         :'application_logging.forwarding.max_samples_stored' => {
           :default => 10000,
           :public => true,
@@ -1159,13 +1178,13 @@ module NewRelic
           :allowed_from_server => false,
           :transform => proc { |arr| NewRelic::Agent.add_automatic_method_tracers(arr) },
           :description => <<~DESCRIPTION
-            An array of `CLASS#METHOD` (for instance methods) and/or `CLASS.METHOD` (for class methods) strings representing Ruby methods for the agent to automatically add custom instrumentation to without the need for altering any of the source code that defines the methods.
+            An array of `CLASS#METHOD` (for instance methods) and/or `CLASS.METHOD` (for class methods) strings representing Ruby methods that the agent can automatically add custom instrumentation to. This doesn't require any modifications of the source code that defines the methods.
 
             Use fully qualified class names (using the `::` delimiter) that include any module or class namespacing.
 
             Here is some Ruby source code that defines a `render_png` instance method for an `Image` class and a `notify` class method for a `User` class, both within a `MyCompany` module namespace:
 
-            ```
+            ```rb
             module MyCompany
               class Image
                 def render_png
@@ -1183,21 +1202,21 @@ module NewRelic
 
             Given that source code, the `newrelic.yml` config file might request instrumentation for both of these methods like so:
 
-            ```
+            ```yaml
             automatic_custom_instrumentation_method_list:
               - MyCompany::Image#render_png
               - MyCompany::User.notify
             ```
 
-            That configuration example uses YAML array syntax to specify both methods. Alternatively, a comma-delimited string can be used instead:
+            That configuration example uses YAML array syntax to specify both methods. Alternatively, you can use a comma-delimited string:
 
-            ```
+            ```yaml
             automatic_custom_instrumentation_method_list: 'MyCompany::Image#render_png, MyCompany::User.notify'
             ```
 
-            Whitespace around the comma(s) in the list is optional. When configuring the agent with a list of methods via the `NEW_RELIC_AUTOMATIC_CUSTOM_INSTRUMENTATION_METHOD_LIST` environment variable, this comma-delimited string format should be used:
+            Whitespace around the comma(s) in the list is optional. When configuring the agent with a list of methods via the `NEW_RELIC_AUTOMATIC_CUSTOM_INSTRUMENTATION_METHOD_LIST` environment variable, use this comma-delimited string format:
 
-            ```
+            ```sh
             export NEW_RELIC_AUTOMATIC_CUSTOM_INSTRUMENTATION_METHOD_LIST='MyCompany::Image#render_png, MyCompany::User.notify'
             ```
           DESCRIPTION
@@ -1218,8 +1237,8 @@ module NewRelic
           :dynamic_name => true,
           # Keep the extra two-space indent before the second bullet to appease translation tool
           :description => <<~DESC
-            * Specify a maximum number of custom events to buffer in memory at a time.
-              * When configuring the agent for [AI monitoring](/docs/ai-monitoring/intro-to-ai-monitoring), \
+            - Specify a maximum number of custom events to buffer in memory at a time.
+              - When configuring the agent for [AI monitoring](/docs/ai-monitoring/intro-to-ai-monitoring), \
             set to max value `100000`. This ensures the agent captures the maximum amount of LLM events.
           DESC
         },
@@ -1286,6 +1305,7 @@ module NewRelic
           :default => false,
           :public => true,
           :type => Boolean,
+          :aliases => %i[disable_active_job],
           :allowed_from_server => false,
           :description => 'If `true`, disables Active Job instrumentation.'
         },
@@ -1360,9 +1380,9 @@ module NewRelic
           :description => <<~DESCRIPTION
             If `true`, the agent won't wrap third-party middlewares in instrumentation (regardless of whether they are installed via `Rack::Builder` or Rails).
 
-              <Callout variant="important">
-                When middleware instrumentation is disabled, if an application is using middleware that could alter the response code, the HTTP status code reported on the transaction may not reflect the altered value.
-              </Callout>
+            <Callout variant="important">
+            When middleware instrumentation is disabled, if an application is using middleware that could alter the response code, the HTTP status code reported on the transaction may not reflect the altered value.
+            </Callout>
           DESCRIPTION
         },
         :disable_samplers => {
@@ -1401,20 +1421,18 @@ module NewRelic
           :description => <<~DESCRIPTION
             If `true`, disables agent middleware for Sinatra. This middleware is responsible for advanced feature support such as [cross application tracing](/docs/apm/transactions/cross-application-traces/cross-application-tracing), [page load timing](/docs/browser/new-relic-browser/getting-started/new-relic-browser), and [error collection](/docs/apm/applications-menu/events/view-apm-error-analytics).
 
-                <Callout variant="important">
-                  Cross application tracing is deprecated in favor of [distributed tracing](/docs/apm/distributed-tracing/getting-started/introduction-distributed-tracing). Distributed tracing is on by default for Ruby agent versions 8.0.0 and above. Middlewares are not required to support distributed tracing.
+            <Callout variant="important">
+            Cross application tracing is deprecated in favor of [distributed tracing](/docs/apm/distributed-tracing/getting-started/introduction-distributed-tracing). Distributed tracing is on by default for Ruby agent versions 8.0.0 and above. Middlewares are not required to support distributed tracing.
 
-                  To continue using cross application tracing, update the following options in your `newrelic.yml` configuration file:
+            To continue using cross application tracing, update the following options in your `newrelic.yml` configuration file:
 
-                  ```yaml
-                  # newrelic.yml
-
-                    cross_application_tracer:
-                      enabled: true
-                    distributed_tracing:
-                      enabled: false
-                  ```
-                </Callout>
+            ```yaml
+            cross_application_tracer:
+              enabled: true
+            distributed_tracing:
+              enabled: false
+            ```
+            </Callout>
           DESCRIPTION
         },
         :disable_view_instrumentation => {
@@ -1441,6 +1459,13 @@ module NewRelic
           :description => 'Distributed tracing lets you see the path that a request takes through your distributed system. Enabling distributed tracing changes the behavior of some New Relic features, so carefully consult the [transition guide](/docs/transition-guide-distributed-tracing) before you enable this feature.'
         },
         # Elasticsearch
+        :'elasticsearch.capture_cluster_name' => {
+          :default => true,
+          :public => true,
+          :type => Boolean,
+          :allowed_from_server => true,
+          :description => 'If `true`, the agent captures the Elasticsearch cluster name in transaction traces.'
+        },
         :'elasticsearch.capture_queries' => {
           :default => true,
           :public => true,
@@ -1528,6 +1553,33 @@ module NewRelic
           :allowed_from_server => false,
           :description => 'Controls auto-instrumentation of bunny at start-up. May be one of: `auto`, `prepend`, `chain`, `disabled`.'
         },
+        :'instrumentation.aws_sdk_firehose' => {
+          :default => 'auto',
+          :documentation_default => 'auto',
+          :public => true,
+          :type => String,
+          :dynamic_name => true,
+          :allowed_from_server => false,
+          :description => 'Controls auto-instrumentation of the aws-sdk-firehose library at start-up. May be one of `auto`, `prepend`, `chain`, `disabled`.'
+        },
+        :'instrumentation.aws_sdk_lambda' => {
+          :default => 'auto',
+          :documentation_default => 'auto',
+          :public => true,
+          :type => String,
+          :dynamic_name => true,
+          :allowed_from_server => false,
+          :description => 'Controls auto-instrumentation of the aws_sdk_lambda library at start-up. May be one of `auto`, `prepend`, `chain`, `disabled`.'
+        },
+        :'instrumentation.aws_sdk_kinesis' => {
+          :default => 'auto',
+          :documentation_default => 'auto',
+          :public => true,
+          :type => String,
+          :dynamic_name => true,
+          :allowed_from_server => false,
+          :description => 'Controls auto-instrumentation of the aws-sdk-kinesis library at start-up. May be one of `auto`, `prepend`, `chain`, `disabled`.'
+        },
         :'instrumentation.ruby_kafka' => {
           :default => 'auto',
           :public => true,
@@ -1878,7 +1930,7 @@ module NewRelic
           :description => <<~DESCRIPTION
             An array of strings to specify which keys inside a Stripe event's `user_data` hash should be reported
             to New Relic. Each string in this array will be turned into a regular expression via `Regexp.new` to
-            permit advanced matching. Setting the value to `["."]` will report all `user_data`.
+            enable advanced matching. Setting the value to `["."]` will report all `user_data`.
           DESCRIPTION
         },
         :'stripe.user_data.exclude' => {
@@ -1891,9 +1943,9 @@ module NewRelic
           :description => <<~DESCRIPTION
             An array of strings to specify which keys and/or values inside a Stripe event's `user_data` hash should
             not be reported to New Relic. Each string in this array will be turned into a regular expression via
-            `Regexp.new` to permit advanced matching. For each hash pair, if either the key or value is matched the
-            pair will not be reported. By default, no `user_data` is reported, so this option should only be used if
-            the `stripe.user_data.include` option is being used.
+            `Regexp.new` to permit advanced matching. For each hash pair, if either the key or value is matched the pair
+            isn't reported. By default, no `user_data` is reported. Use this option only if the
+            `stripe.user_data.include` option is also used.
           DESCRIPTION
         },
         :'instrumentation.thread' => {
@@ -1994,7 +2046,7 @@ module NewRelic
             If `true`, when the agent is in an application using Ruby on Rails, it will start after `config/initializers` run.
 
             <Callout variant="caution">
-              This option may only be set by environment variable.
+            This option may only be set by environment variable.
             </Callout>
           DESCRIPTION
         },
@@ -2036,7 +2088,7 @@ module NewRelic
           :transform => proc { |bool| NewRelic::Agent::ServerlessHandler.env_var_set? || bool },
           :description => 'If `true`, the agent will operate in a streamlined mode suitable for use with short-lived ' \
                           'serverless functions. NOTE: Only AWS Lambda functions are supported currently and this ' \
-                          "option is not intended for use without [New Relic's Ruby Lambda layer](https://docs.newrelic.com/docs/serverless-function-monitoring/aws-lambda-monitoring/get-started/monitoring-aws-lambda-serverless-monitoring/) offering."
+                          "option isn't intended for use without [New Relic's Ruby Lambda layer](https://docs.newrelic.com/docs/serverless-function-monitoring/aws-lambda-monitoring/get-started/monitoring-aws-lambda-serverless-monitoring/) offering."
         },
         # Sidekiq
         :'sidekiq.args.include' => {
@@ -2132,8 +2184,8 @@ module NewRelic
           :allowed_from_server => true,
           # Keep the extra two-space indent before the second bullet to appease translation tool
           :description => <<~DESC
-            * Defines the maximum number of span events reported from a single harvest. Any Integer between `1` and `10000` is valid.'
-              * When configuring the agent for [AI monitoring](/docs/ai-monitoring/intro-to-ai-monitoring), set to max value `10000`.\
+            - Defines the maximum number of span events reported from a single harvest. Any Integer between `1` and `10000` is valid.'
+              - When configuring the agent for [AI monitoring](/docs/ai-monitoring/intro-to-ai-monitoring), set to max value `10000`.\
             This ensures the agent captures the maximum amount of distributed traces.
           DESC
         },
@@ -2144,7 +2196,7 @@ module NewRelic
           :public => true,
           :type => Boolean,
           :allowed_from_server => false,
-          :description => 'If true, the agent strips messages from all exceptions except those in the [allowlist](#strip_exception_messages-allowlist). Enabled automatically in [high security mode](/docs/accounts-partnerships/accounts/security/high-security).'
+          :description => 'If true, the agent strips messages from all exceptions except those in the [allowed classes list](#strip_exception_messages-allowed_classes). Enabled automatically in [high security mode](/docs/accounts-partnerships/accounts/security/high-security).'
         },
         :'strip_exception_messages.allowed_classes' => {
           :default => '',
@@ -2154,6 +2206,28 @@ module NewRelic
           :transform => DefaultSource.method(:convert_to_constant_list),
           :description => 'Specify a list of exceptions you do not want the agent to strip when [strip_exception_messages](#strip_exception_messages-enabled) is `true`. Separate exceptions with a comma. For example, `"ImportantException,PreserveMessageException"`.'
         },
+        # Agent Control
+        :'agent_control.enabled' => {
+          :default => false,
+          :public => false,
+          :type => Boolean,
+          :allowed_from_server => false,
+          :description => 'Boolean value that denotes whether Agent Control functionality should be enabled. At the moment, this functionality is limited to whether agent health should be reported. This configuration will be set using an environment variable by Agent Control, or one of its components, prior to agent startup.'
+        },
+        :'agent_control.health.delivery_location' => {
+          :default => '/newrelic/apm/health',
+          :public => false,
+          :type => String,
+          :allowed_from_server => false,
+          :description => 'A `file:` URI that specifies the fully qualified directory path for health file(s) to be written to. This defaults to: `file:///newrelic/apm/health`. This configuration will be set using an environment variable by Agent Control, or one of its components, prior to agent startup.'
+        },
+        :'agent_control.health.frequency' => {
+          :default => 5,
+          :public => false,
+          :type => Integer,
+          :allowed_from_server => false,
+          :description => 'The interval, in seconds, of how often the health file(s) will be written to. This configuration will be set using an environment variable by Agent Control, or one of its components, prior to agent startup.'
+        },
         # Thread profiler
         :'thread_profiler.enabled' => {
           :default => DefaultSource.thread_profiler_enabled,
@@ -2454,11 +2528,9 @@ module NewRelic
           :allowlist => %i[none low medium high],
           :external => :infinite_tracing,
           :description => <<~DESC
-            Configure the compression level for data sent to the trace observer.
-
-              May be one of: `:none`, `:low`, `:medium`, `:high`.
-
-              Set the level to `:none` to disable compression.
+            Configure the compression level for data sent to the trace observer. \
+            May be one of: `:none`, `:low`, `:medium`, `:high`. \
+            Set the level to `:none` to disable compression.
           DESC
         },
         :js_agent_file => {
@@ -2685,47 +2757,196 @@ module NewRelic
           :description => 'Defines the endpoint URL for posting security-related data',
           :dynamic_name => true
         },
-        :'security.detection.rci.enabled' => {
-          :default => true,
+        :'security.application_info.port' => {
+          :default => nil,
+          :allow_nil => true,
+          :public => true,
+          :type => Integer,
+          :external => true,
+          :allowed_from_server => false,
+          :description => 'The port the application is listening on. This setting is mandatory for Passenger servers. The agent detects other servers by default.'
+        },
+        :'security.exclude_from_iast_scan.api' => {
+          :default => [],
+          :public => true,
+          :type => Array,
+          :external => true,
+          :allowed_from_server => true,
+          :transform => DefaultSource.method(:convert_to_list),
+          :description => 'Defines API paths the security agent should ignore in IAST scans. Accepts an array of regex patterns matching the URI to ignore. The regex pattern should find a complete match for the URL without the endpoint. For example, `[".*account.*"], [".*/\api\/v1\/.*?\/login"]`'
+        },
+        :'security.exclude_from_iast_scan.http_request_parameters.header' => {
+          :default => [],
+          :public => true,
+          :type => Array,
+          :external => true,
+          :allowed_from_server => true,
+          :transform => DefaultSource.method(:convert_to_list),
+          :description => 'An array of HTTP request headers the security agent should ignore in IAST scans. The array should specify a list of patterns matching the headers to ignore.'
+        },
+        :'security.exclude_from_iast_scan.http_request_parameters.query' => {
+          :default => [],
+          :public => true,
+          :type => Array,
+          :external => true,
+          :allowed_from_server => true,
+          :transform => DefaultSource.method(:convert_to_list),
+          :description => 'An array of HTTP request query parameters the security agent should ignore in IAST scans. The array should specify a list of patterns matching the HTTP request query parameters to ignore.'
+        },
+        :'security.exclude_from_iast_scan.http_request_parameters.body' => {
+          :default => [],
+          :public => true,
+          :type => Array,
+          :external => true,
+          :allowed_from_server => true,
+          :transform => DefaultSource.method(:convert_to_list),
+          :description => 'An array of HTTP request body keys the security agent should ignore in IAST scans.'
+        },
+        :'security.exclude_from_iast_scan.iast_detection_category.insecure_settings' => {
+          :default => false,
           :external => true,
           :public => true,
           :type => Boolean,
           :allowed_from_server => false,
-          :description => 'If `true`, enables RCI (remote code injection) detection'
+          :description => 'If `true`, disables the detection of low-severity insecure settings. For example, hash, crypto, cookie, random generators, trust boundary).'
         },
-        :'security.detection.rxss.enabled' => {
-          :default => true,
+        :'security.exclude_from_iast_scan.iast_detection_category.invalid_file_access' => {
+          :default => false,
           :external => true,
           :public => true,
           :type => Boolean,
           :allowed_from_server => false,
-          :description => 'If `true`, enables RXSS (reflected cross-site scripting) detection'
+          :description => 'If `true`, disables file operation-related IAST detections (File Access & Application integrity violation)'
         },
-        :'security.detection.deserialization.enabled' => {
-          :default => true,
+        :'security.exclude_from_iast_scan.iast_detection_category.sql_injection' => {
+          :default => false,
           :external => true,
           :public => true,
           :type => Boolean,
           :allowed_from_server => false,
-          :description => 'If `true`, enables deserialization detection'
+          :description => 'If `true`, disables SQL injection detection in IAST scans.'
         },
-        :'security.application_info.port' => {
-          :default => nil,
-          :allow_nil => true,
+        :'security.exclude_from_iast_scan.iast_detection_category.nosql_injection' => {
+          :default => false,
+          :external => true,
           :public => true,
-          :type => Integer,
+          :type => Boolean,
+          :allowed_from_server => false,
+          :description => 'If `true`, disables NOSQL injection detection in IAST scans.'
+        },
+        :'security.exclude_from_iast_scan.iast_detection_category.ldap_injection' => {
+          :default => false,
           :external => true,
+          :public => true,
+          :type => Boolean,
           :allowed_from_server => false,
-          :description => 'The port the application is listening on. This setting is mandatory for Passenger servers. Other servers should be detected by default.'
+          :description => 'If `true`, disables LDAP injection detection in IAST scans.'
         },
-        :'security.request.body_limit' => {
-          :default => 300,
-          :allow_nil => true,
+        :'security.exclude_from_iast_scan.iast_detection_category.javascript_injection' => {
+          :default => false,
+          :external => true,
+          :public => true,
+          :type => Boolean,
+          :allowed_from_server => false,
+          :description => 'If `true`, disables Javascript injection detection in IAST scans.'
+        },
+        :'security.exclude_from_iast_scan.iast_detection_category.command_injection' => {
+          :default => false,
+          :external => true,
+          :public => true,
+          :type => Boolean,
+          :allowed_from_server => false,
+          :description => 'If `true`, disables system command injection detection in IAST scans.'
+        },
+        :'security.exclude_from_iast_scan.iast_detection_category.xpath_injection' => {
+          :default => false,
+          :external => true,
+          :public => true,
+          :type => Boolean,
+          :allowed_from_server => false,
+          :description => 'If `true`, disables XPATH injection detection in IAST scans.'
+        },
+        :'security.exclude_from_iast_scan.iast_detection_category.ssrf' => {
+          :default => false,
+          :external => true,
+          :public => true,
+          :type => Boolean,
+          :allowed_from_server => false,
+          :description => 'If `true`, disables Sever-Side Request Forgery (SSRF) detection in IAST scans.'
+        },
+        :'security.exclude_from_iast_scan.iast_detection_category.rxss' => {
+          :default => false,
+          :external => true,
+          :public => true,
+          :type => Boolean,
+          :allowed_from_server => false,
+          :description => 'If `true`, disables Reflected Cross-Site Scripting (RXSS) detection in IAST scans.'
+        },
+        :'security.scan_schedule.delay' => {
+          :default => 0,
+          :public => true,
+          :type => Integer,
+          :external => true,
+          :allowed_from_server => true,
+          :description => 'Specifies the delay time (in minutes) before the IAST scan begins after the application starts.'
+        },
+        :'security.scan_schedule.duration' => {
+          :default => 0,
           :public => true,
           :type => Integer,
           :external => true,
+          :allowed_from_server => true,
+          :description => 'Indicates the duration (in minutes) for which the IAST scan will be performed.'
+        },
+        :'security.scan_schedule.schedule' => {
+          :default => '',
+          :public => true,
+          :type => String,
+          :external => true,
+          :allowed_from_server => true,
+          :description => 'Specifies a cron expression that sets when the IAST scan should run.',
+          :dynamic_name => true
+        },
+        :'security.scan_schedule.always_sample_traces' => {
+          :default => false,
+          :external => true,
+          :public => true,
+          :type => Boolean,
           :allowed_from_server => false,
-          :description => 'Defines the request body limit to process in security events (in KB). The default value is 300, for 300KB.'
+          :description => 'If `true`, allows IAST to continuously gather trace data in the background. The security agent uses collected data to perform an IAST scan at the scheduled time.'
+        },
+        :'security.scan_controllers.iast_scan_request_rate_limit' => {
+          :default => 3600,
+          :public => true,
+          :type => Integer,
+          :external => true,
+          :allowed_from_server => true,
+          :description => 'Sets the maximum number of HTTP requests allowed for the IAST scan per minute. Any Integer between 12 and 3600 is valid. The default value is 3600.'
+        },
+        :'security.scan_controllers.scan_instance_count' => {
+          :default => 0,
+          :public => true,
+          :type => Integer,
+          :external => true,
+          :allowed_from_server => true,
+          :description => 'The number of application instances for a specific entity to perform IAST analysis on.'
+        },
+        :'security.scan_controllers.report_http_response_body' => {
+          :default => true,
+          :public => true,
+          :type => Boolean,
+          :external => true,
+          :allowed_from_server => true,
+          :description => 'If `true`, enables the sending of HTTP responses bodies. Disabling this also disables Reflected Cross-Site Scripting (RXSS) vulnerability detection.'
+        },
+        :'security.iast_test_identifier' => {
+          :default => nil,
+          :allow_nil => true,
+          :public => true,
+          :type => String,
+          :external => true,
+          :allowed_from_server => true,
+          :description => 'A unique test identifier when runnning IAST in a CI/CD environment to differentiate between different test runs. For example, a build number.'
         }
       }.freeze
       # rubocop:enable Metrics/CollectionLiteralLength