cribl-control-plane 0.0.39__py3-none-any.whl → 0.5.0b3__py3-none-any.whl

cribl_control_plane/models/outputsentinel.py

@@ -1,9 +1,13 @@
 """Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT."""
 
 from __future__ import annotations
+from cribl_control_plane import models, utils
 from cribl_control_plane.types import BaseModel
+from cribl_control_plane.utils import validate_open_enum
 from enum import Enum
 import pydantic
+from pydantic import field_serializer
+from pydantic.functional_validators import PlainValidator
 from typing import List, Optional
 from typing_extensions import Annotated, NotRequired, TypedDict
 
@@ -23,11 +27,14 @@ class OutputSentinelExtraHTTPHeader(BaseModel):
     name: Optional[str] = None
 
 
-class OutputSentinelFailedRequestLoggingMode(str, Enum):
+class OutputSentinelFailedRequestLoggingMode(str, Enum, metaclass=utils.OpenEnumMeta):
     r"""Data to log when a request fails. All headers are redacted by default, unless listed as safe headers below."""
 
+    # Payload
     PAYLOAD = "payload"
+    # Payload + Headers
     PAYLOAD_AND_HEADERS = "payloadAndHeaders"
+    # None
     NONE = "none"
 
 
@@ -85,54 +92,66 @@ class OutputSentinelTimeoutRetrySettings(BaseModel):
     r"""The maximum backoff interval, in milliseconds, Cribl Stream should apply. Default (and minimum) is 10,000 ms (10 seconds); maximum is 180,000 ms (180 seconds)."""
 
 
-class OutputSentinelBackpressureBehavior(str, Enum):
+class OutputSentinelBackpressureBehavior(str, Enum, metaclass=utils.OpenEnumMeta):
     r"""How to handle events when all receivers are exerting backpressure"""
 
+    # Block
     BLOCK = "block"
+    # Drop
     DROP = "drop"
+    # Persistent Queue
     QUEUE = "queue"
 
 
-class AuthType(str, Enum):
+class AuthType(str, Enum, metaclass=utils.OpenEnumMeta):
     OAUTH = "oauth"
 
 
-class EndpointConfiguration(str, Enum):
+class EndpointConfiguration(str, Enum, metaclass=utils.OpenEnumMeta):
     r"""Enter the data collection endpoint URL or the individual ID"""
 
+    # URL
     URL = "url"
+    # ID
     ID = "ID"
 
 
-class OutputSentinelFormat(str, Enum):
+class OutputSentinelFormat(str, Enum, metaclass=utils.OpenEnumMeta):
     NDJSON = "ndjson"
     JSON_ARRAY = "json_array"
     CUSTOM = "custom"
     ADVANCED = "advanced"
 
 
-class OutputSentinelCompression(str, Enum):
+class OutputSentinelMode(str, Enum, metaclass=utils.OpenEnumMeta):
+    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
+
+    # Error
+    ERROR = "error"
+    # Backpressure
+    ALWAYS = "always"
+    # Always On
+    BACKPRESSURE = "backpressure"
+
+
+class OutputSentinelCompression(str, Enum, metaclass=utils.OpenEnumMeta):
     r"""Codec to use to compress the persisted data"""
 
+    # None
     NONE = "none"
+    # Gzip
     GZIP = "gzip"
 
 
-class OutputSentinelQueueFullBehavior(str, Enum):
+class OutputSentinelQueueFullBehavior(str, Enum, metaclass=utils.OpenEnumMeta):
     r"""How to handle events when the queue is exerting backpressure (full capacity or low disk). 'Block' is the same behavior as non-PQ blocking. 'Drop new data' throws away incoming data, while leaving the contents of the PQ unchanged."""
 
+    # Block
     BLOCK = "block"
+    # Drop new data
     DROP = "drop"
 
 
-class OutputSentinelMode(str, Enum):
-    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
-
-    ERROR = "error"
-    BACKPRESSURE = "backpressure"
-    ALWAYS = "always"
-
-
 class OutputSentinelPqControlsTypedDict(TypedDict):
     pass
 
@@ -220,6 +239,16 @@ class OutputSentinelTypedDict(TypedDict):
     r"""Custom JavaScript code to format incoming event data accessible through the __e variable. The formatted content is added to (__e['__eventOut']) if available. Otherwise, the original event is serialized as JSON. Caution: This function is evaluated in an unprotected context, allowing you to execute almost any JavaScript code."""
     format_payload_code: NotRequired[str]
     r"""Optional JavaScript code to format the payload sent to the Destination. The payload, containing a batch of formatted events, is accessible through the __e['payload'] variable. The formatted payload is returned in the __e['__payloadOut'] variable. Caution: This function is evaluated in an unprotected context, allowing you to execute almost any JavaScript code."""
+    pq_strict_ordering: NotRequired[bool]
+    r"""Use FIFO (first in, first out) processing. Disable to forward new events to receivers before queue is flushed."""
+    pq_rate_per_sec: NotRequired[float]
+    r"""Throttling rate (in events per second) to impose while writing to Destinations from PQ. Defaults to 0, which disables throttling."""
+    pq_mode: NotRequired[OutputSentinelMode]
+    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
+    pq_max_buffer_size: NotRequired[float]
+    r"""The maximum number of events to hold in memory before writing the events to disk"""
+    pq_max_backpressure_sec: NotRequired[float]
+    r"""How long (in seconds) to wait for backpressure to resolve before engaging the queue"""
     pq_max_file_size: NotRequired[str]
     r"""The maximum size to store in each queue file before closing and optionally compressing (KB, MB, etc.)"""
     pq_max_size: NotRequired[str]
@@ -230,8 +259,6 @@ class OutputSentinelTypedDict(TypedDict):
     r"""Codec to use to compress the persisted data"""
     pq_on_backpressure: NotRequired[OutputSentinelQueueFullBehavior]
     r"""How to handle events when the queue is exerting backpressure (full capacity or low disk). 'Block' is the same behavior as non-PQ blocking. 'Drop new data' throws away incoming data, while leaving the contents of the PQ unchanged."""
-    pq_mode: NotRequired[OutputSentinelMode]
-    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
     pq_controls: NotRequired[OutputSentinelPqControlsTypedDict]
     url: NotRequired[str]
     r"""URL to send events to. Can be overwritten by an event's __url field."""
@@ -319,7 +346,10 @@ class OutputSentinel(BaseModel):
     r"""Enable round-robin DNS lookup. When a DNS server returns multiple addresses, @{product} will cycle through them in the order returned. For optimal performance, consider enabling this setting for non-load balanced destinations."""
 
     failed_request_logging_mode: Annotated[
-        Optional[OutputSentinelFailedRequestLoggingMode],
+        Annotated[
+            Optional[OutputSentinelFailedRequestLoggingMode],
+            PlainValidator(validate_open_enum(False)),
+        ],
         pydantic.Field(alias="failedRequestLoggingMode"),
     ] = OutputSentinelFailedRequestLoggingMode.NONE
     r"""Data to log when a request fails. All headers are redacted by default, unless listed as safe headers below."""
@@ -346,18 +376,26 @@ class OutputSentinel(BaseModel):
     r"""Honor any Retry-After header that specifies a delay (in seconds) no longer than 180 seconds after the retry request. @{product} limits the delay to 180 seconds, even if the Retry-After header specifies a longer delay. When enabled, takes precedence over user-configured retry options. When disabled, all Retry-After headers are ignored."""
 
     on_backpressure: Annotated[
-        Optional[OutputSentinelBackpressureBehavior],
+        Annotated[
+            Optional[OutputSentinelBackpressureBehavior],
+            PlainValidator(validate_open_enum(False)),
+        ],
         pydantic.Field(alias="onBackpressure"),
     ] = OutputSentinelBackpressureBehavior.BLOCK
     r"""How to handle events when all receivers are exerting backpressure"""
 
-    auth_type: Annotated[Optional[AuthType], pydantic.Field(alias="authType")] = None
+    auth_type: Annotated[
+        Annotated[Optional[AuthType], PlainValidator(validate_open_enum(False))],
+        pydantic.Field(alias="authType"),
+    ] = None
 
     scope: Optional[str] = "https://monitor.azure.com/.default"
     r"""Scope to pass in the OAuth request"""
 
     endpoint_url_configuration: Annotated[
-        Optional[EndpointConfiguration],
+        Annotated[
+            Optional[EndpointConfiguration], PlainValidator(validate_open_enum(False))
+        ],
         pydantic.Field(alias="endpointURLConfiguration"),
     ] = EndpointConfiguration.URL
     r"""Enter the data collection endpoint URL or the individual ID"""
@@ -370,7 +408,10 @@ class OutputSentinel(BaseModel):
     description: Optional[str] = None
 
     format_: Annotated[
-        Optional[OutputSentinelFormat], pydantic.Field(alias="format")
+        Annotated[
+            Optional[OutputSentinelFormat], PlainValidator(validate_open_enum(False))
+        ],
+        pydantic.Field(alias="format"),
     ] = None
 
     custom_source_expression: Annotated[
@@ -413,6 +454,34 @@ class OutputSentinel(BaseModel):
     ] = None
     r"""Optional JavaScript code to format the payload sent to the Destination. The payload, containing a batch of formatted events, is accessible through the __e['payload'] variable. The formatted payload is returned in the __e['__payloadOut'] variable. Caution: This function is evaluated in an unprotected context, allowing you to execute almost any JavaScript code."""
 
+    pq_strict_ordering: Annotated[
+        Optional[bool], pydantic.Field(alias="pqStrictOrdering")
+    ] = True
+    r"""Use FIFO (first in, first out) processing. Disable to forward new events to receivers before queue is flushed."""
+
+    pq_rate_per_sec: Annotated[
+        Optional[float], pydantic.Field(alias="pqRatePerSec")
+    ] = 0
+    r"""Throttling rate (in events per second) to impose while writing to Destinations from PQ. Defaults to 0, which disables throttling."""
+
+    pq_mode: Annotated[
+        Annotated[
+            Optional[OutputSentinelMode], PlainValidator(validate_open_enum(False))
+        ],
+        pydantic.Field(alias="pqMode"),
+    ] = OutputSentinelMode.ERROR
+    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
+
+    pq_max_buffer_size: Annotated[
+        Optional[float], pydantic.Field(alias="pqMaxBufferSize")
+    ] = 42
+    r"""The maximum number of events to hold in memory before writing the events to disk"""
+
+    pq_max_backpressure_sec: Annotated[
+        Optional[float], pydantic.Field(alias="pqMaxBackpressureSec")
+    ] = 30
+    r"""How long (in seconds) to wait for backpressure to resolve before engaging the queue"""
+
     pq_max_file_size: Annotated[
         Optional[str], pydantic.Field(alias="pqMaxFileSize")
     ] = "1 MB"
@@ -427,21 +496,23 @@ class OutputSentinel(BaseModel):
     r"""The location for the persistent queue files. To this field's value, the system will append: /<worker-id>/<output-id>."""
 
     pq_compress: Annotated[
-        Optional[OutputSentinelCompression], pydantic.Field(alias="pqCompress")
+        Annotated[
+            Optional[OutputSentinelCompression],
+            PlainValidator(validate_open_enum(False)),
+        ],
+        pydantic.Field(alias="pqCompress"),
     ] = OutputSentinelCompression.NONE
     r"""Codec to use to compress the persisted data"""
 
     pq_on_backpressure: Annotated[
-        Optional[OutputSentinelQueueFullBehavior],
+        Annotated[
+            Optional[OutputSentinelQueueFullBehavior],
+            PlainValidator(validate_open_enum(False)),
+        ],
         pydantic.Field(alias="pqOnBackpressure"),
     ] = OutputSentinelQueueFullBehavior.BLOCK
     r"""How to handle events when the queue is exerting backpressure (full capacity or low disk). 'Block' is the same behavior as non-PQ blocking. 'Drop new data' throws away incoming data, while leaving the contents of the PQ unchanged."""
 
-    pq_mode: Annotated[Optional[OutputSentinelMode], pydantic.Field(alias="pqMode")] = (
-        OutputSentinelMode.ERROR
-    )
-    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
-
     pq_controls: Annotated[
         Optional[OutputSentinelPqControls], pydantic.Field(alias="pqControls")
     ] = None
@@ -457,3 +528,75 @@ class OutputSentinel(BaseModel):
 
     stream_name: Annotated[Optional[str], pydantic.Field(alias="streamName")] = None
     r"""The name of the stream (Sentinel table) in which to store the events"""
+
+    @field_serializer("failed_request_logging_mode")
+    def serialize_failed_request_logging_mode(self, value):
+        if isinstance(value, str):
+            try:
+                return models.OutputSentinelFailedRequestLoggingMode(value)
+            except ValueError:
+                return value
+        return value
+
+    @field_serializer("on_backpressure")
+    def serialize_on_backpressure(self, value):
+        if isinstance(value, str):
+            try:
+                return models.OutputSentinelBackpressureBehavior(value)
+            except ValueError:
+                return value
+        return value
+
+    @field_serializer("auth_type")
+    def serialize_auth_type(self, value):
+        if isinstance(value, str):
+            try:
+                return models.AuthType(value)
+            except ValueError:
+                return value
+        return value
+
+    @field_serializer("endpoint_url_configuration")
+    def serialize_endpoint_url_configuration(self, value):
+        if isinstance(value, str):
+            try:
+                return models.EndpointConfiguration(value)
+            except ValueError:
+                return value
+        return value
+
+    @field_serializer("format_")
+    def serialize_format_(self, value):
+        if isinstance(value, str):
+            try:
+                return models.OutputSentinelFormat(value)
+            except ValueError:
+                return value
+        return value
+
+    @field_serializer("pq_mode")
+    def serialize_pq_mode(self, value):
+        if isinstance(value, str):
+            try:
+                return models.OutputSentinelMode(value)
+            except ValueError:
+                return value
+        return value
+
+    @field_serializer("pq_compress")
+    def serialize_pq_compress(self, value):
+        if isinstance(value, str):
+            try:
+                return models.OutputSentinelCompression(value)
+            except ValueError:
+                return value
+        return value
+
+    @field_serializer("pq_on_backpressure")
+    def serialize_pq_on_backpressure(self, value):
+        if isinstance(value, str):
+            try:
+                return models.OutputSentinelQueueFullBehavior(value)
+            except ValueError:
+                return value
+        return value

cribl_control_plane/models/outputsentineloneaisiem.py

@@ -1,9 +1,13 @@
 """Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT."""
 
 from __future__ import annotations
+from cribl_control_plane import models, utils
 from cribl_control_plane.types import BaseModel
+from cribl_control_plane.utils import validate_open_enum
 from enum import Enum
 import pydantic
+from pydantic import field_serializer
+from pydantic.functional_validators import PlainValidator
 from typing import List, Optional
 from typing_extensions import Annotated, NotRequired, TypedDict
 
@@ -12,7 +16,7 @@ class OutputSentinelOneAiSiemType(str, Enum):
     SENTINEL_ONE_AI_SIEM = "sentinel_one_ai_siem"
 
 
-class OutputSentinelOneAiSiemRegion(str, Enum):
+class OutputSentinelOneAiSiemRegion(str, Enum, metaclass=utils.OpenEnumMeta):
     r"""The SentinelOne region to send events to. In most cases you can find the region by either looking at your SentinelOne URL or knowing what geographic region your SentinelOne instance is contained in."""
 
     US = "US"
@@ -24,7 +28,7 @@ class OutputSentinelOneAiSiemRegion(str, Enum):
     CUSTOM = "Custom"
 
 
-class AISIEMEndpointPath(str, Enum):
+class AISIEMEndpointPath(str, Enum, metaclass=utils.OpenEnumMeta):
     r"""Endpoint to send events to. Use /services/collector/event for structured JSON payloads with standard HEC top-level fields. Use /services/collector/raw for unstructured log lines (plain text)."""
 
     ROOT_SERVICES_COLLECTOR_EVENT = "/services/collector/event"
@@ -42,15 +46,22 @@ class OutputSentinelOneAiSiemExtraHTTPHeader(BaseModel):
     name: Optional[str] = None
 
 
-class OutputSentinelOneAiSiemFailedRequestLoggingMode(str, Enum):
+class OutputSentinelOneAiSiemFailedRequestLoggingMode(
+    str, Enum, metaclass=utils.OpenEnumMeta
+):
     r"""Data to log when a request fails. All headers are redacted by default, unless listed as safe headers below."""
 
+    # Payload
     PAYLOAD = "payload"
+    # Payload + Headers
     PAYLOAD_AND_HEADERS = "payloadAndHeaders"
+    # None
     NONE = "none"
 
 
-class OutputSentinelOneAiSiemAuthenticationMethod(str, Enum):
+class OutputSentinelOneAiSiemAuthenticationMethod(
+    str, Enum, metaclass=utils.OpenEnumMeta
+):
     r"""Select Manual to enter an auth token directly, or select Secret to use a text secret to authenticate"""
 
     MANUAL = "manual"
@@ -111,36 +122,48 @@ class OutputSentinelOneAiSiemTimeoutRetrySettings(BaseModel):
     r"""The maximum backoff interval, in milliseconds, Cribl Stream should apply. Default (and minimum) is 10,000 ms (10 seconds); maximum is 180,000 ms (180 seconds)."""
 
 
-class OutputSentinelOneAiSiemBackpressureBehavior(str, Enum):
+class OutputSentinelOneAiSiemBackpressureBehavior(
+    str, Enum, metaclass=utils.OpenEnumMeta
+):
     r"""How to handle events when all receivers are exerting backpressure"""
 
+    # Block
     BLOCK = "block"
+    # Drop
     DROP = "drop"
+    # Persistent Queue
     QUEUE = "queue"
 
 
-class OutputSentinelOneAiSiemCompression(str, Enum):
+class OutputSentinelOneAiSiemMode(str, Enum, metaclass=utils.OpenEnumMeta):
+    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
+
+    # Error
+    ERROR = "error"
+    # Backpressure
+    ALWAYS = "always"
+    # Always On
+    BACKPRESSURE = "backpressure"
+
+
+class OutputSentinelOneAiSiemCompression(str, Enum, metaclass=utils.OpenEnumMeta):
     r"""Codec to use to compress the persisted data"""
 
+    # None
     NONE = "none"
+    # Gzip
     GZIP = "gzip"
 
 
-class OutputSentinelOneAiSiemQueueFullBehavior(str, Enum):
+class OutputSentinelOneAiSiemQueueFullBehavior(str, Enum, metaclass=utils.OpenEnumMeta):
     r"""How to handle events when the queue is exerting backpressure (full capacity or low disk). 'Block' is the same behavior as non-PQ blocking. 'Drop new data' throws away incoming data, while leaving the contents of the PQ unchanged."""
 
+    # Block
     BLOCK = "block"
+    # Drop new data
     DROP = "drop"
 
 
-class OutputSentinelOneAiSiemMode(str, Enum):
-    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
-
-    ERROR = "error"
-    BACKPRESSURE = "backpressure"
-    ALWAYS = "always"
-
-
 class OutputSentinelOneAiSiemPqControlsTypedDict(TypedDict):
     pass
 
@@ -240,6 +263,16 @@ class OutputSentinelOneAiSiemTypedDict(TypedDict):
     r"""Specify the dataSource.vendorvalue to pass as a parameter to AI SIEM. This value should reflect the vendor of the data being inserted. Don't quote this value. The default is cribl."""
     event_type: NotRequired[str]
     r"""Specify the event.type value to pass as an optional parameter to AI SIEM. This value acts as a label, grouping events into meaningful categories like Process Creation, File Modification, or Network Connection. Don't quote this value. By default, this field is empty."""
+    pq_strict_ordering: NotRequired[bool]
+    r"""Use FIFO (first in, first out) processing. Disable to forward new events to receivers before queue is flushed."""
+    pq_rate_per_sec: NotRequired[float]
+    r"""Throttling rate (in events per second) to impose while writing to Destinations from PQ. Defaults to 0, which disables throttling."""
+    pq_mode: NotRequired[OutputSentinelOneAiSiemMode]
+    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
+    pq_max_buffer_size: NotRequired[float]
+    r"""The maximum number of events to hold in memory before writing the events to disk"""
+    pq_max_backpressure_sec: NotRequired[float]
+    r"""How long (in seconds) to wait for backpressure to resolve before engaging the queue"""
     pq_max_file_size: NotRequired[str]
     r"""The maximum size to store in each queue file before closing and optionally compressing (KB, MB, etc.)"""
     pq_max_size: NotRequired[str]
@@ -250,8 +283,6 @@ class OutputSentinelOneAiSiemTypedDict(TypedDict):
     r"""Codec to use to compress the persisted data"""
     pq_on_backpressure: NotRequired[OutputSentinelOneAiSiemQueueFullBehavior]
     r"""How to handle events when the queue is exerting backpressure (full capacity or low disk). 'Block' is the same behavior as non-PQ blocking. 'Drop new data' throws away incoming data, while leaving the contents of the PQ unchanged."""
-    pq_mode: NotRequired[OutputSentinelOneAiSiemMode]
-    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
     pq_controls: NotRequired[OutputSentinelOneAiSiemPqControlsTypedDict]
 
 
@@ -275,12 +306,15 @@ class OutputSentinelOneAiSiem(BaseModel):
     streamtags: Optional[List[str]] = None
     r"""Tags for filtering and grouping in @{product}"""
 
-    region: Optional[OutputSentinelOneAiSiemRegion] = OutputSentinelOneAiSiemRegion.US
+    region: Annotated[
+        Optional[OutputSentinelOneAiSiemRegion],
+        PlainValidator(validate_open_enum(False)),
+    ] = OutputSentinelOneAiSiemRegion.US
     r"""The SentinelOne region to send events to. In most cases you can find the region by either looking at your SentinelOne URL or knowing what geographic region your SentinelOne instance is contained in."""
 
-    endpoint: Optional[AISIEMEndpointPath] = (
-        AISIEMEndpointPath.ROOT_SERVICES_COLLECTOR_EVENT
-    )
+    endpoint: Annotated[
+        Optional[AISIEMEndpointPath], PlainValidator(validate_open_enum(False))
+    ] = AISIEMEndpointPath.ROOT_SERVICES_COLLECTOR_EVENT
     r"""Endpoint to send events to. Use /services/collector/event for structured JSON payloads with standard HEC top-level fields. Use /services/collector/raw for unstructured log lines (plain text)."""
 
     concurrency: Optional[float] = 5
@@ -322,7 +356,10 @@ class OutputSentinelOneAiSiem(BaseModel):
     r"""Headers to add to all events"""
 
     failed_request_logging_mode: Annotated[
-        Optional[OutputSentinelOneAiSiemFailedRequestLoggingMode],
+        Annotated[
+            Optional[OutputSentinelOneAiSiemFailedRequestLoggingMode],
+            PlainValidator(validate_open_enum(False)),
+        ],
         pydantic.Field(alias="failedRequestLoggingMode"),
     ] = OutputSentinelOneAiSiemFailedRequestLoggingMode.NONE
     r"""Data to log when a request fails. All headers are redacted by default, unless listed as safe headers below."""
@@ -333,7 +370,10 @@ class OutputSentinelOneAiSiem(BaseModel):
     r"""List of headers that are safe to log in plain text"""
 
     auth_type: Annotated[
-        Optional[OutputSentinelOneAiSiemAuthenticationMethod],
+        Annotated[
+            Optional[OutputSentinelOneAiSiemAuthenticationMethod],
+            PlainValidator(validate_open_enum(False)),
+        ],
         pydantic.Field(alias="authType"),
     ] = OutputSentinelOneAiSiemAuthenticationMethod.MANUAL
     r"""Select Manual to enter an auth token directly, or select Secret to use a text secret to authenticate"""
@@ -351,11 +391,14 @@ class OutputSentinelOneAiSiem(BaseModel):
 
     response_honor_retry_after_header: Annotated[
         Optional[bool], pydantic.Field(alias="responseHonorRetryAfterHeader")
-    ] = False
+    ] = True
     r"""Honor any Retry-After header that specifies a delay (in seconds) no longer than 180 seconds after the retry request. @{product} limits the delay to 180 seconds, even if the Retry-After header specifies a longer delay. When enabled, takes precedence over user-configured retry options. When disabled, all Retry-After headers are ignored."""
 
     on_backpressure: Annotated[
-        Optional[OutputSentinelOneAiSiemBackpressureBehavior],
+        Annotated[
+            Optional[OutputSentinelOneAiSiemBackpressureBehavior],
+            PlainValidator(validate_open_enum(False)),
+        ],
         pydantic.Field(alias="onBackpressure"),
     ] = OutputSentinelOneAiSiemBackpressureBehavior.BLOCK
     r"""How to handle events when all receivers are exerting backpressure"""
@@ -437,6 +480,35 @@ class OutputSentinelOneAiSiem(BaseModel):
     event_type: Annotated[Optional[str], pydantic.Field(alias="eventType")] = ""
     r"""Specify the event.type value to pass as an optional parameter to AI SIEM. This value acts as a label, grouping events into meaningful categories like Process Creation, File Modification, or Network Connection. Don't quote this value. By default, this field is empty."""
 
+    pq_strict_ordering: Annotated[
+        Optional[bool], pydantic.Field(alias="pqStrictOrdering")
+    ] = True
+    r"""Use FIFO (first in, first out) processing. Disable to forward new events to receivers before queue is flushed."""
+
+    pq_rate_per_sec: Annotated[
+        Optional[float], pydantic.Field(alias="pqRatePerSec")
+    ] = 0
+    r"""Throttling rate (in events per second) to impose while writing to Destinations from PQ. Defaults to 0, which disables throttling."""
+
+    pq_mode: Annotated[
+        Annotated[
+            Optional[OutputSentinelOneAiSiemMode],
+            PlainValidator(validate_open_enum(False)),
+        ],
+        pydantic.Field(alias="pqMode"),
+    ] = OutputSentinelOneAiSiemMode.ERROR
+    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
+
+    pq_max_buffer_size: Annotated[
+        Optional[float], pydantic.Field(alias="pqMaxBufferSize")
+    ] = 42
+    r"""The maximum number of events to hold in memory before writing the events to disk"""
+
+    pq_max_backpressure_sec: Annotated[
+        Optional[float], pydantic.Field(alias="pqMaxBackpressureSec")
+    ] = 30
+    r"""How long (in seconds) to wait for backpressure to resolve before engaging the queue"""
+
     pq_max_file_size: Annotated[
         Optional[str], pydantic.Field(alias="pqMaxFileSize")
     ] = "1 MB"
@@ -451,21 +523,95 @@ class OutputSentinelOneAiSiem(BaseModel):
     r"""The location for the persistent queue files. To this field's value, the system will append: /<worker-id>/<output-id>."""
 
     pq_compress: Annotated[
-        Optional[OutputSentinelOneAiSiemCompression], pydantic.Field(alias="pqCompress")
+        Annotated[
+            Optional[OutputSentinelOneAiSiemCompression],
+            PlainValidator(validate_open_enum(False)),
+        ],
+        pydantic.Field(alias="pqCompress"),
     ] = OutputSentinelOneAiSiemCompression.NONE
     r"""Codec to use to compress the persisted data"""
 
     pq_on_backpressure: Annotated[
-        Optional[OutputSentinelOneAiSiemQueueFullBehavior],
+        Annotated[
+            Optional[OutputSentinelOneAiSiemQueueFullBehavior],
+            PlainValidator(validate_open_enum(False)),
+        ],
         pydantic.Field(alias="pqOnBackpressure"),
     ] = OutputSentinelOneAiSiemQueueFullBehavior.BLOCK
     r"""How to handle events when the queue is exerting backpressure (full capacity or low disk). 'Block' is the same behavior as non-PQ blocking. 'Drop new data' throws away incoming data, while leaving the contents of the PQ unchanged."""
 
-    pq_mode: Annotated[
-        Optional[OutputSentinelOneAiSiemMode], pydantic.Field(alias="pqMode")
-    ] = OutputSentinelOneAiSiemMode.ERROR
-    r"""In Error mode, PQ writes events to the filesystem if the Destination is unavailable. In Backpressure mode, PQ writes events to the filesystem when it detects backpressure from the Destination. In Always On mode, PQ always writes events to the filesystem."""
-
     pq_controls: Annotated[
         Optional[OutputSentinelOneAiSiemPqControls], pydantic.Field(alias="pqControls")
     ] = None
+
+    @field_serializer("region")
+    def serialize_region(self, value):
+        if isinstance(value, str):
+            try:
+                return models.OutputSentinelOneAiSiemRegion(value)
+            except ValueError:
+                return value
+        return value
+
+    @field_serializer("endpoint")
+    def serialize_endpoint(self, value):
+        if isinstance(value, str):
+            try:
+                return models.AISIEMEndpointPath(value)
+            except ValueError:
+                return value
+        return value
+
+    @field_serializer("failed_request_logging_mode")
+    def serialize_failed_request_logging_mode(self, value):
+        if isinstance(value, str):
+            try:
+                return models.OutputSentinelOneAiSiemFailedRequestLoggingMode(value)
+            except ValueError:
+                return value
+        return value
+
+    @field_serializer("auth_type")
+    def serialize_auth_type(self, value):
+        if isinstance(value, str):
+            try:
+                return models.OutputSentinelOneAiSiemAuthenticationMethod(value)
+            except ValueError:
+                return value
+        return value
+
+    @field_serializer("on_backpressure")
+    def serialize_on_backpressure(self, value):
+        if isinstance(value, str):
+            try:
+                return models.OutputSentinelOneAiSiemBackpressureBehavior(value)
+            except ValueError:
+                return value
+        return value
+
+    @field_serializer("pq_mode")
+    def serialize_pq_mode(self, value):
+        if isinstance(value, str):
+            try:
+                return models.OutputSentinelOneAiSiemMode(value)
+            except ValueError:
+                return value
+        return value
+
+    @field_serializer("pq_compress")
+    def serialize_pq_compress(self, value):
+        if isinstance(value, str):
+            try:
+                return models.OutputSentinelOneAiSiemCompression(value)
+            except ValueError:
+                return value
+        return value
+
+    @field_serializer("pq_on_backpressure")
+    def serialize_pq_on_backpressure(self, value):
+        if isinstance(value, str):
+            try:
+                return models.OutputSentinelOneAiSiemQueueFullBehavior(value)
+            except ValueError:
+                return value
+        return value