[pull] master from DataDog:master

.generator/schemas/v2/openapi.yaml

@@ -47320,6 +47320,86 @@ components:
           description: The name of the reference table.
           type: string
       type: object
+    SecurityMonitoringRuleAnomalyDetectionOptions:
+      additionalProperties: {}
+      description: Options on anomaly detection method.
+      properties:
+        bucketDuration:
+          $ref: '#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration'
+        detectionTolerance:
+          $ref: '#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance'
+        learningDuration:
+          $ref: '#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration'
+        learningPeriodBaseline:
+          description: An optional override baseline to apply while the rule is in
+            the learning period. Must be greater than or equal to 0.
+          format: int64
+          minimum: 0
+          type: integer
+      type: object
+    SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration:
+      description: 'Duration in seconds of the time buckets used to aggregate events
+        matched by the rule.
+
+        Must be greater than or equal to 300.'
+      enum:
+      - 300
+      - 600
+      - 900
+      - 1800
+      - 3600
+      - 10800
+      example: 300
+      format: int32
+      type: integer
+      x-enum-varnames:
+      - FIVE_MINUTES
+      - TEN_MINUTES
+      - FIFTEEN_MINUTES
+      - THIRTY_MINUTES
+      - ONE_HOUR
+      - THREE_HOURS
+    SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance:
+      description: 'An optional parameter that sets how permissive anomaly detection
+        is.
+
+        Higher values require higher deviations before triggering a signal.'
+      enum:
+      - 1
+      - 2
+      - 3
+      - 4
+      - 5
+      example: 5
+      format: int32
+      type: integer
+      x-enum-varnames:
+      - ONE
+      - TWO
+      - THREE
+      - FOUR
+      - FIVE
+    SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration:
+      description: Learning duration in hours. Anomaly detection waits for at least
+        this amount of historical data before it starts evaluating.
+      enum:
+      - 1
+      - 6
+      - 12
+      - 24
+      - 48
+      - 168
+      - 336
+      format: int32
+      type: integer
+      x-enum-varnames:
+      - ONE_HOUR
+      - SIX_HOURS
+      - TWELVE_HOURS
+      - ONE_DAY
+      - TWO_DAYS
+      - ONE_WEEK
+      - TWO_WEEKS
     SecurityMonitoringRuleCase:
       description: Case when signal is generated.
       properties:
@@ -47685,6 +47765,8 @@ components:
     SecurityMonitoringRuleOptions:
       description: Options.
       properties:
+        anomalyDetectionOptions:
+          $ref: '#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptions'
         complianceRuleOptions:
           $ref: '#/components/schemas/CloudConfigurationComplianceRuleOptions'
         decreaseCriticalityBasedOnEnv:
@@ -55124,6 +55206,8 @@ components:
     ThreatHuntingJobOptions:
       description: Job options.
       properties:
+        anomalyDetectionOptions:
+          $ref: '#/components/schemas/SecurityMonitoringRuleAnomalyDetectionOptions'
         detectionMethod:
           $ref: '#/components/schemas/SecurityMonitoringRuleDetectionMethod'
         evaluationWindow:
@@ -63547,6 +63631,14 @@ paths:
       - $ref: '#/components/parameters/FilterByRelationType'
       - $ref: '#/components/parameters/FilterByExcludeSnapshot'
       - $ref: '#/components/parameters/Include'
+      - description: If true, includes discovered services from APM and USM that do
+          not have entity definitions.
+        in: query
+        name: includeDiscovered
+        required: false
+        schema:
+          default: false
+          type: boolean
       responses:
         '200':
           content:
@@ -63765,6 +63857,13 @@ paths:
       - $ref: '#/components/parameters/FilterRelationByFromRef'
       - $ref: '#/components/parameters/FilterRelationByToRef'
       - $ref: '#/components/parameters/RelationInclude'
+      - description: If true, includes relationships discovered by APM and USM.
+        in: query
+        name: includeDiscovered
+        required: false
+        schema:
+          default: false
+          type: boolean
       responses:
         '200':
           content:
@@ -85761,10 +85860,6 @@ paths:
         operator: OR
         permissions:
         - teams_read
-      x-unstable: '**Note**: This endpoint is in Preview. To request access, fill
-        out this [form](https://www.datadoghq.com/product-preview/github-integration-for-teams/).
-
-        If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
     get:
       description: Returns all team connections.
       operationId: ListTeamConnections
@@ -85844,10 +85939,6 @@ paths:
         operator: OR
         permissions:
         - teams_read
-      x-unstable: '**Note**: This endpoint is in Preview. To request access, fill
-        out this [form](https://www.datadoghq.com/product-preview/github-integration-for-teams/).
-
-        If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
     post:
       description: Create multiple team connections.
       operationId: CreateTeamConnections
@@ -85884,10 +85975,6 @@ paths:
         operator: OR
         permissions:
         - teams_read
-      x-unstable: '**Note**: This endpoint is in Preview. To request access, fill
-        out this [form](https://www.datadoghq.com/product-preview/github-integration-for-teams/).
-
-        If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
   /api/v2/team/sync:
     get:
       description: 'Get all team synchronization configurations.
@@ -85931,10 +86018,6 @@ paths:
         operator: OR
         permissions:
         - teams_read
-      x-unstable: '**Note**: This endpoint is in Preview. To request access, fill
-        out this [form](https://www.datadoghq.com/product-preview/github-integration-for-teams/).
-
-        If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
     post:
       description: 'This endpoint attempts to link your existing Datadog teams with
         GitHub teams by matching their names.
@@ -85996,10 +86079,6 @@ paths:
         operator: AND
         permissions:
         - teams_manage
-      x-unstable: '**Note**: This endpoint is in Preview. To request access, fill
-        out this [form](https://www.datadoghq.com/product-preview/github-integration-for-teams/).
-
-        If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).'
   /api/v2/team/{super_team_id}/member_teams:
     get:
       deprecated: true

CHANGELOG.md

@@ -1,5 +1,31 @@
 # CHANGELOG
 
+## 2.47.0/2025-12-17
+
+### Changed
+* Mark Incident Impact Endpoints stable [#2840](https://github.com/DataDog/datadog-api-client-ruby/pull/2840)
+* Vulnerability Management - Update ListVulnerabilities endpoint query params and response schema [#2832](https://github.com/DataDog/datadog-api-client-ruby/pull/2832)
+* Update specs for AWS account updates and creation for CCM configs [#2825](https://github.com/DataDog/datadog-api-client-ruby/pull/2825)
+* add suppression version history [#2801](https://github.com/DataDog/datadog-api-client-ruby/pull/2801)
+* Add processors groups to Observability Pipelines [#2760](https://github.com/DataDog/datadog-api-client-ruby/pull/2760)
+
+### Added
+* Update security finding triage specs [#2833](https://github.com/DataDog/datadog-api-client-ruby/pull/2833)
+* Add routes for managing On-Call user notification channels [#2828](https://github.com/DataDog/datadog-api-client-ruby/pull/2828)
+* Add host field to Post an event V2 API [#2826](https://github.com/DataDog/datadog-api-client-ruby/pull/2826)
+* Add `GET /api/v2/apm/services` endpoint to public documentation [#2823](https://github.com/DataDog/datadog-api-client-ruby/pull/2823)
+* Dashboards - Add semantic_mode support to FormulaAndFunctionMetricQueryDefinition [#2817](https://github.com/DataDog/datadog-api-client-ruby/pull/2817)
+* Cloud SIEM - Add instantaneousBaseline feature parameter. [#2814](https://github.com/DataDog/datadog-api-client-ruby/pull/2814)
+* Add new fields to usage metering api spec [#2812](https://github.com/DataDog/datadog-api-client-ruby/pull/2812)
+* update geomap widget definition about `conditional_format` and `text_formats` and view focus [#2806](https://github.com/DataDog/datadog-api-client-ruby/pull/2806)
+* Add new endpoint for listing rules for a gate [#2792](https://github.com/DataDog/datadog-api-client-ruby/pull/2792)
+
+### Removed
+* Tag security findings Jira endpoints as unstable [#2821](https://github.com/DataDog/datadog-api-client-ruby/pull/2821)
+
+### Fixed
+* Add field attribute to the Workload Protection hash action [#2798](https://github.com/DataDog/datadog-api-client-ruby/pull/2798)
+
 ## 2.46.0/2025-12-08
 
 ### Added

cassettes/features/v2/security_monitoring/Create-a-detection-rule-with-detection-method-anomaly-detection-returns-OK-response.frozen

@@ -0,0 +1 @@
+2025-12-16T15:19:00.493Z

examples/v2/security-monitoring/CreateSecurityMonitoringRule_2323193894.rb

@@ -0,0 +1,48 @@
+# Create a detection rule with detection method 'anomaly_detection' returns "OK" response
+
+require "datadog_api_client"
+api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
+
+body = DatadogAPIClient::V2::SecurityMonitoringStandardRuleCreatePayload.new({
+  name: "Example-Security-Monitoring",
+  type: DatadogAPIClient::V2::SecurityMonitoringRuleTypeCreate::LOG_DETECTION,
+  is_enabled: true,
+  queries: [
+    DatadogAPIClient::V2::SecurityMonitoringStandardRuleQuery.new({
+      aggregation: DatadogAPIClient::V2::SecurityMonitoringRuleQueryAggregation::COUNT,
+      data_source: DatadogAPIClient::V2::SecurityMonitoringStandardDataSource::LOGS,
+      distinct_fields: [],
+      group_by_fields: [
+        "@usr.email",
+        "@network.client.ip",
+      ],
+      has_optional_group_by_fields: false,
+      name: "",
+      query: "service:app status:error",
+    }),
+  ],
+  cases: [
+    DatadogAPIClient::V2::SecurityMonitoringRuleCaseCreate.new({
+      name: "",
+      status: DatadogAPIClient::V2::SecurityMonitoringRuleSeverity::INFO,
+      notifications: [],
+      condition: "a > 0.995",
+    }),
+  ],
+  message: "An anomaly detection rule",
+  options: DatadogAPIClient::V2::SecurityMonitoringRuleOptions.new({
+    detection_method: DatadogAPIClient::V2::SecurityMonitoringRuleDetectionMethod::ANOMALY_DETECTION,
+    evaluation_window: DatadogAPIClient::V2::SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES,
+    keep_alive: DatadogAPIClient::V2::SecurityMonitoringRuleKeepAlive::ONE_HOUR,
+    max_signal_duration: DatadogAPIClient::V2::SecurityMonitoringRuleMaxSignalDuration::ONE_DAY,
+    anomaly_detection_options: DatadogAPIClient::V2::SecurityMonitoringRuleAnomalyDetectionOptions.new({
+      bucket_duration: DatadogAPIClient::V2::SecurityMonitoringRuleAnomalyDetectionOptionsBucketDuration::FIVE_MINUTES,
+      learning_duration: DatadogAPIClient::V2::SecurityMonitoringRuleAnomalyDetectionOptionsLearningDuration::ONE_DAY,
+      detection_tolerance: DatadogAPIClient::V2::SecurityMonitoringRuleAnomalyDetectionOptionsDetectionTolerance::THREE,
+      learning_period_baseline: 10,
+    }),
+  }),
+  tags: [],
+  filters: [],
+})
+p api_instance.create_security_monitoring_rule(body)

examples/v2/teams/DeleteTeamConnections.rb

@@ -1,9 +1,6 @@
 # Delete team connections returns "No Content" response
 
 require "datadog_api_client"
-DatadogAPIClient.configure do |config|
-  config.unstable_operations["v2.delete_team_connections".to_sym] = true
-end
 api_instance = DatadogAPIClient::V2::TeamsAPI.new
 
 body = DatadogAPIClient::V2::TeamConnectionDeleteRequest.new({

examples/v2/teams/GetTeamSync.rb

@@ -1,8 +1,5 @@
 # Get team sync configurations returns "OK" response
 
 require "datadog_api_client"
-DatadogAPIClient.configure do |config|
-  config.unstable_operations["v2.get_team_sync".to_sym] = true
-end
 api_instance = DatadogAPIClient::V2::TeamsAPI.new
 p api_instance.get_team_sync(TeamSyncAttributesSource::GITHUB)

examples/v2/teams/ListTeamConnections.rb

@@ -1,8 +1,5 @@
 # List team connections returns "OK" response
 
 require "datadog_api_client"
-DatadogAPIClient.configure do |config|
-  config.unstable_operations["v2.list_team_connections".to_sym] = true
-end
 api_instance = DatadogAPIClient::V2::TeamsAPI.new
 p api_instance.list_team_connections()

examples/v2/teams/ListTeamConnections_2418873869.rb

@@ -1,8 +1,5 @@
 # List team connections returns "OK" response with pagination
 
 require "datadog_api_client"
-DatadogAPIClient.configure do |config|
-  config.unstable_operations["v2.list_team_connections".to_sym] = true
-end
 api_instance = DatadogAPIClient::V2::TeamsAPI.new
 api_instance.list_team_connections_with_pagination() { |item| puts item }

examples/v2/teams/SyncTeams.rb

@@ -1,9 +1,6 @@
 # Link Teams with GitHub Teams returns "OK" response
 
 require "datadog_api_client"
-DatadogAPIClient.configure do |config|
-  config.unstable_operations["v2.sync_teams".to_sym] = true
-end
 api_instance = DatadogAPIClient::V2::TeamsAPI.new
 
 body = DatadogAPIClient::V2::TeamSyncRequest.new({

examples/v2/teams/SyncTeams_3215592344.rb

@@ -1,9 +1,6 @@
 # Sync teams returns "OK" response
 
 require "datadog_api_client"
-DatadogAPIClient.configure do |config|
-  config.unstable_operations["v2.sync_teams".to_sym] = true
-end
 api_instance = DatadogAPIClient::V2::TeamsAPI.new
 
 body = DatadogAPIClient::V2::TeamSyncRequest.new({

features/scenarios_model_mapping.rb

@@ -1278,6 +1278,7 @@
             "filter_relation_type" => "RelationType",
             "filter_exclude_snapshot" => "String",
             "include" => "IncludeType",
+            "include_discovered" => "Boolean",
     },
     "v2.UpsertCatalogEntity" => {
             "body" => "UpsertCatalogEntityRequest",
@@ -1304,6 +1305,7 @@
             "filter_from_ref" => "String",
             "filter_to_ref" => "String",
             "include" => "RelationIncludeType",
+            "include_discovered" => "Boolean",
     },
     "v2.CreateCIAppPipelineEvent" => {
             "body" => "CIAppCreatePipelineEventRequest",