diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml
index d3d603bec26..ce2fc954187 100644
--- a/.generator/schemas/v2/openapi.yaml
+++ b/.generator/schemas/v2/openapi.yaml
@@ -20470,6 +20470,8 @@ components:
           $ref: '#/components/schemas/SecurityMonitoringRuleMaxSignalDuration'
         newValueOptions:
           $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptions'
+        sequenceDetectionOptions:
+          $ref: '#/components/schemas/SecurityMonitoringRuleSequenceDetectionOptions'
         thirdPartyRuleOptions:
           $ref: '#/components/schemas/SecurityMonitoringRuleThirdPartyOptions'
       type: object
@@ -40786,6 +40788,7 @@ components:
       - hardcoded
       - third_party
       - anomaly_threshold
+      - sequence_detection
       type: string
       x-enum-varnames:
       - THRESHOLD
@@ -40795,6 +40798,7 @@ components:
       - HARDCODED
       - THIRD_PARTY
       - ANOMALY_THRESHOLD
+      - SEQUENCE_DETECTION
     SecurityMonitoringRuleEvaluationWindow:
       description: 'A time window is specified to match when at least one of the cases
         matches true. This is a sliding window
@@ -41008,6 +41012,8 @@ components:
           $ref: '#/components/schemas/SecurityMonitoringRuleMaxSignalDuration'
         newValueOptions:
           $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptions'
+        sequenceDetectionOptions:
+          $ref: '#/components/schemas/SecurityMonitoringRuleSequenceDetectionOptions'
         thirdPartyRuleOptions:
           $ref: '#/components/schemas/SecurityMonitoringRuleThirdPartyOptions'
       type: object
@@ -41083,6 +41089,47 @@ components:
       oneOf:
       - $ref: '#/components/schemas/SecurityMonitoringStandardRuleResponse'
       - $ref: '#/components/schemas/SecurityMonitoringSignalRuleResponse'
+    SecurityMonitoringRuleSequenceDetectionOptions:
+      description: Options on sequence detection method.
+      properties:
+        stepTransitions:
+          description: Transitions defining the allowed order of steps and their evaluation
+            windows.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringRuleSequenceDetectionStepTransition'
+          type: array
+        steps:
+          description: Steps that define the conditions to be matched in sequence.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringRuleSequenceDetectionStep'
+          type: array
+      type: object
+    SecurityMonitoringRuleSequenceDetectionStep:
+      description: Step definition for sequence detection containing the step name,
+        condition, and evaluation window.
+      properties:
+        condition:
+          description: Condition referencing rule queries (e.g., `a > 0`).
+          type: string
+        evaluationWindow:
+          $ref: '#/components/schemas/SecurityMonitoringRuleEvaluationWindow'
+        name:
+          description: Unique name identifying the step.
+          type: string
+      type: object
+    SecurityMonitoringRuleSequenceDetectionStepTransition:
+      description: Transition from a parent step to a child step within a sequence
+        detection rule.
+      properties:
+        child:
+          description: Name of the child step.
+          type: string
+        evaluationWindow:
+          $ref: '#/components/schemas/SecurityMonitoringRuleEvaluationWindow'
+        parent:
+          description: Name of the parent step.
+          type: string
+      type: object
     SecurityMonitoringRuleSeverity:
       description: Severity of the Security Signal.
       enum:
@@ -56869,7 +56916,7 @@ paths:
           $ref: '#/components/responses/TooManyRequestsResponse'
       security:
       - apiKeyAuth: []
-      - appKeyAuth: []
+        appKeyAuth: []
       summary: Delete a deployment event
       tags:
       - DORA Metrics
@@ -56945,7 +56992,7 @@ paths:
           $ref: '#/components/responses/TooManyRequestsResponse'
       security:
       - apiKeyAuth: []
-      - appKeyAuth: []
+        appKeyAuth: []
       summary: Get a deployment event
       tags:
       - DORA Metrics
@@ -57026,7 +57073,7 @@ paths:
           $ref: '#/components/responses/TooManyRequestsResponse'
       security:
       - apiKeyAuth: []
-      - appKeyAuth: []
+        appKeyAuth: []
       summary: Delete a failure event
       tags:
       - DORA Metrics
@@ -57102,7 +57149,7 @@ paths:
           $ref: '#/components/responses/TooManyRequestsResponse'
       security:
       - apiKeyAuth: []
-      - appKeyAuth: []
+        appKeyAuth: []
       summary: Get a failure event
       tags:
       - DORA Metrics
diff --git a/cassettes/features/v2/security_monitoring/Create-a-detection-rule-with-detection-method-sequence-detection-returns-OK-response.frozen b/cassettes/features/v2/security_monitoring/Create-a-detection-rule-with-detection-method-sequence-detection-returns-OK-response.frozen
new file mode 100644
index 00000000000..6c0fc3d68f9
--- /dev/null
+++ b/cassettes/features/v2/security_monitoring/Create-a-detection-rule-with-detection-method-sequence-detection-returns-OK-response.frozen
@@ -0,0 +1 @@
+2025-09-12T15:45:55.719Z
\ No newline at end of file
diff --git a/cassettes/features/v2/security_monitoring/Create-a-detection-rule-with-detection-method-sequence-detection-returns-OK-response.yml b/cassettes/features/v2/security_monitoring/Create-a-detection-rule-with-detection-method-sequence-detection-returns-OK-response.yml
new file mode 100644
index 00000000000..d334fe03b1b
--- /dev/null
+++ b/cassettes/features/v2/security_monitoring/Create-a-detection-rule-with-detection-method-sequence-detection-returns-OK-response.yml
@@ -0,0 +1,48 @@
+http_interactions:
+- recorded_at: Fri, 12 Sep 2025 15:45:55 GMT
+  request:
+    body:
+      encoding: UTF-8
+      string: '{"cases":[{"condition":"step_b > 0","name":"","notifications":[],"status":"info"}],"isEnabled":true,"message":"Logs
+        and signals asdf","name":"Test-Create_a_detection_rule_with_detection_method_sequence_detection_returns_OK_response-1757691955","options":{"detectionMethod":"sequence_detection","evaluationWindow":0,"keepAlive":300,"maxSignalDuration":600,"sequenceDetectionOptions":{"stepTransitions":[{"child":"step_b","evaluationWindow":900,"parent":"step_a"}],"steps":[{"condition":"a
+        > 0","evaluationWindow":60,"name":"step_a"},{"condition":"b > 0","evaluationWindow":60,"name":"step_b"}]}},"queries":[{"aggregation":"count","dataSource":"logs","distinctFields":[],"groupByFields":[],"hasOptionalGroupByFields":false,"name":"","query":"service:logs-rule-reducer
+        source:paul test2"},{"aggregation":"count","dataSource":"logs","distinctFields":[],"groupByFields":[],"hasOptionalGroupByFields":false,"name":"","query":"service:logs-rule-reducer
+        source:paul test1"}],"tags":[],"type":"log_detection"}'
+    headers:
+      Accept:
+      - application/json
+      Content-Type:
+      - application/json
+    method: POST
+    uri: https://api.datadoghq.com/api/v2/security_monitoring/rules
+  response:
+    body:
+      encoding: UTF-8
+      string: '{"name":"Test-Create_a_detection_rule_with_detection_method_sequence_detection_returns_OK_response-1757691955","createdAt":1757691955862,"isDefault":false,"isPartner":false,"isEnabled":true,"isBeta":false,"isDeleted":false,"isDeprecated":false,"queries":[{"query":"service:logs-rule-reducer
+        source:paul test2","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"","dataSource":"logs"},{"query":"service:logs-rule-reducer
+        source:paul test1","groupByFields":[],"hasOptionalGroupByFields":false,"distinctFields":[],"aggregation":"count","name":"","dataSource":"logs"}],"options":{"evaluationWindow":0,"detectionMethod":"sequence_detection","maxSignalDuration":600,"keepAlive":300,"sequenceDetectionOptions":{"steps":[{"name":"step_a","condition":"a
+        \u003e 0","evaluationWindow":60},{"name":"step_b","condition":"b \u003e 0","evaluationWindow":60}],"stepTransitions":[{"parent":"step_a","child":"step_b","evaluationWindow":900}]}},"cases":[{"name":"","status":"info","notifications":[],"condition":"step_b
+        \u003e 0"}],"message":"Logs and signals asdf","tags":[],"hasExtendedTitle":false,"type":"log_detection","filters":[],"version":1,"id":"k0l-txb-xxx","blocking":false,"metadata":{"entities":null,"sources":null},"creationAuthorId":1445416,"creator":{"handle":"frog@datadoghq.com","name":"frog"},"updater":{"handle":"","name":""}}'
+    headers:
+      Content-Type:
+      - application/json
+    status:
+      code: 200
+      message: OK
+- recorded_at: Fri, 12 Sep 2025 15:45:55 GMT
+  request:
+    body: null
+    headers:
+      Accept:
+      - '*/*'
+    method: DELETE
+    uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/k0l-txb-xxx
+  response:
+    body:
+      encoding: UTF-8
+      string: ''
+    headers: {}
+    status:
+      code: 204
+      message: No Content
+recorded_with: VCR 6.0.0
diff --git a/cassettes/features/v2/security_monitoring/Validate-a-detection-rule-with-detection-method-sequence-detection-returns-OK-response.frozen b/cassettes/features/v2/security_monitoring/Validate-a-detection-rule-with-detection-method-sequence-detection-returns-OK-response.frozen
new file mode 100644
index 00000000000..50a6e3a2a14
--- /dev/null
+++ b/cassettes/features/v2/security_monitoring/Validate-a-detection-rule-with-detection-method-sequence-detection-returns-OK-response.frozen
@@ -0,0 +1 @@
+2025-09-12T15:43:48.016Z
\ No newline at end of file
diff --git a/cassettes/features/v2/security_monitoring/Validate-a-detection-rule-with-detection-method-sequence-detection-returns-OK-response.yml b/cassettes/features/v2/security_monitoring/Validate-a-detection-rule-with-detection-method-sequence-detection-returns-OK-response.yml
new file mode 100644
index 00000000000..f68eb436fdf
--- /dev/null
+++ b/cassettes/features/v2/security_monitoring/Validate-a-detection-rule-with-detection-method-sequence-detection-returns-OK-response.yml
@@ -0,0 +1,24 @@
+http_interactions:
+- recorded_at: Fri, 12 Sep 2025 15:43:48 GMT
+  request:
+    body:
+      encoding: UTF-8
+      string: '{"cases":[{"condition":"step_b > 0","name":"","notifications":[],"status":"info"}],"hasExtendedTitle":true,"isEnabled":true,"message":"My
+        security monitoring rule","name":"My security monitoring rule","options":{"detectionMethod":"sequence_detection","evaluationWindow":0,"keepAlive":300,"maxSignalDuration":600,"sequenceDetectionOptions":{"stepTransitions":[{"child":"step_b","evaluationWindow":900,"parent":"step_a"}],"steps":[{"condition":"a
+        > 0","evaluationWindow":60,"name":"step_a"},{"condition":"b > 0","evaluationWindow":60,"name":"step_b"}]}},"queries":[{"aggregation":"count","distinctFields":[],"groupByFields":["@userIdentity.assumed_role"],"name":"","query":"source:source_here"},{"aggregation":"count","distinctFields":[],"groupByFields":[],"name":"","query":"source:source_here2"}],"tags":["env:prod","team:security"],"type":"log_detection"}'
+    headers:
+      Accept:
+      - '*/*'
+      Content-Type:
+      - application/json
+    method: POST
+    uri: https://api.datadoghq.com/api/v2/security_monitoring/rules/validation
+  response:
+    body:
+      encoding: UTF-8
+      string: ''
+    headers: {}
+    status:
+      code: 204
+      message: No Content
+recorded_with: VCR 6.0.0
diff --git a/examples/v2/security-monitoring/CreateSecurityMonitoringRule_2899714190.rb b/examples/v2/security-monitoring/CreateSecurityMonitoringRule_2899714190.rb
new file mode 100644
index 00000000000..b2868e9a02e
--- /dev/null
+++ b/examples/v2/security-monitoring/CreateSecurityMonitoringRule_2899714190.rb
@@ -0,0 +1,68 @@
+# Create a detection rule with detection method 'sequence_detection' returns "OK" response
+
+require "datadog_api_client"
+api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
+
+body = DatadogAPIClient::V2::SecurityMonitoringStandardRuleCreatePayload.new({
+  name: "Example-Security-Monitoring",
+  type: DatadogAPIClient::V2::SecurityMonitoringRuleTypeCreate::LOG_DETECTION,
+  is_enabled: true,
+  queries: [
+    DatadogAPIClient::V2::SecurityMonitoringStandardRuleQuery.new({
+      aggregation: DatadogAPIClient::V2::SecurityMonitoringRuleQueryAggregation::COUNT,
+      data_source: DatadogAPIClient::V2::SecurityMonitoringStandardDataSource::LOGS,
+      distinct_fields: [],
+      group_by_fields: [],
+      has_optional_group_by_fields: false,
+      name: "",
+      query: "service:logs-rule-reducer source:paul test2",
+    }),
+    DatadogAPIClient::V2::SecurityMonitoringStandardRuleQuery.new({
+      aggregation: DatadogAPIClient::V2::SecurityMonitoringRuleQueryAggregation::COUNT,
+      data_source: DatadogAPIClient::V2::SecurityMonitoringStandardDataSource::LOGS,
+      distinct_fields: [],
+      group_by_fields: [],
+      has_optional_group_by_fields: false,
+      name: "",
+      query: "service:logs-rule-reducer source:paul test1",
+    }),
+  ],
+  cases: [
+    DatadogAPIClient::V2::SecurityMonitoringRuleCaseCreate.new({
+      name: "",
+      status: DatadogAPIClient::V2::SecurityMonitoringRuleSeverity::INFO,
+      notifications: [],
+      condition: "step_b > 0",
+    }),
+  ],
+  message: "Logs and signals asdf",
+  options: DatadogAPIClient::V2::SecurityMonitoringRuleOptions.new({
+    detection_method: DatadogAPIClient::V2::SecurityMonitoringRuleDetectionMethod::SEQUENCE_DETECTION,
+    evaluation_window: DatadogAPIClient::V2::SecurityMonitoringRuleEvaluationWindow::ZERO_MINUTES,
+    keep_alive: DatadogAPIClient::V2::SecurityMonitoringRuleKeepAlive::FIVE_MINUTES,
+    max_signal_duration: DatadogAPIClient::V2::SecurityMonitoringRuleMaxSignalDuration::TEN_MINUTES,
+    sequence_detection_options: DatadogAPIClient::V2::SecurityMonitoringRuleSequenceDetectionOptions.new({
+      step_transitions: [
+        DatadogAPIClient::V2::SecurityMonitoringRuleSequenceDetectionStepTransition.new({
+          child: "step_b",
+          evaluation_window: DatadogAPIClient::V2::SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES,
+          parent: "step_a",
+        }),
+      ],
+      steps: [
+        DatadogAPIClient::V2::SecurityMonitoringRuleSequenceDetectionStep.new({
+          condition: "a > 0",
+          evaluation_window: DatadogAPIClient::V2::SecurityMonitoringRuleEvaluationWindow::ONE_MINUTE,
+          name: "step_a",
+        }),
+        DatadogAPIClient::V2::SecurityMonitoringRuleSequenceDetectionStep.new({
+          condition: "b > 0",
+          evaluation_window: DatadogAPIClient::V2::SecurityMonitoringRuleEvaluationWindow::ONE_MINUTE,
+          name: "step_b",
+        }),
+      ],
+    }),
+  }),
+  tags: [],
+})
+p api_instance.create_security_monitoring_rule(body)
diff --git a/examples/v2/security-monitoring/ValidateSecurityMonitoringRule_4152369508.rb b/examples/v2/security-monitoring/ValidateSecurityMonitoringRule_4152369508.rb
new file mode 100644
index 00000000000..c097b0762ad
--- /dev/null
+++ b/examples/v2/security-monitoring/ValidateSecurityMonitoringRule_4152369508.rb
@@ -0,0 +1,70 @@
+# Validate a detection rule with detection method 'sequence_detection' returns "OK" response
+
+require "datadog_api_client"
+api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
+
+body = DatadogAPIClient::V2::SecurityMonitoringStandardRulePayload.new({
+  cases: [
+    DatadogAPIClient::V2::SecurityMonitoringRuleCaseCreate.new({
+      name: "",
+      status: DatadogAPIClient::V2::SecurityMonitoringRuleSeverity::INFO,
+      notifications: [],
+      condition: "step_b > 0",
+    }),
+  ],
+  has_extended_title: true,
+  is_enabled: true,
+  message: "My security monitoring rule",
+  name: "My security monitoring rule",
+  options: DatadogAPIClient::V2::SecurityMonitoringRuleOptions.new({
+    evaluation_window: DatadogAPIClient::V2::SecurityMonitoringRuleEvaluationWindow::ZERO_MINUTES,
+    keep_alive: DatadogAPIClient::V2::SecurityMonitoringRuleKeepAlive::FIVE_MINUTES,
+    max_signal_duration: DatadogAPIClient::V2::SecurityMonitoringRuleMaxSignalDuration::TEN_MINUTES,
+    detection_method: DatadogAPIClient::V2::SecurityMonitoringRuleDetectionMethod::SEQUENCE_DETECTION,
+    sequence_detection_options: DatadogAPIClient::V2::SecurityMonitoringRuleSequenceDetectionOptions.new({
+      step_transitions: [
+        DatadogAPIClient::V2::SecurityMonitoringRuleSequenceDetectionStepTransition.new({
+          child: "step_b",
+          evaluation_window: DatadogAPIClient::V2::SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES,
+          parent: "step_a",
+        }),
+      ],
+      steps: [
+        DatadogAPIClient::V2::SecurityMonitoringRuleSequenceDetectionStep.new({
+          condition: "a > 0",
+          evaluation_window: DatadogAPIClient::V2::SecurityMonitoringRuleEvaluationWindow::ONE_MINUTE,
+          name: "step_a",
+        }),
+        DatadogAPIClient::V2::SecurityMonitoringRuleSequenceDetectionStep.new({
+          condition: "b > 0",
+          evaluation_window: DatadogAPIClient::V2::SecurityMonitoringRuleEvaluationWindow::ONE_MINUTE,
+          name: "step_b",
+        }),
+      ],
+    }),
+  }),
+  queries: [
+    DatadogAPIClient::V2::SecurityMonitoringStandardRuleQuery.new({
+      query: "source:source_here",
+      group_by_fields: [
+        "@userIdentity.assumed_role",
+      ],
+      distinct_fields: [],
+      aggregation: DatadogAPIClient::V2::SecurityMonitoringRuleQueryAggregation::COUNT,
+      name: "",
+    }),
+    DatadogAPIClient::V2::SecurityMonitoringStandardRuleQuery.new({
+      query: "source:source_here2",
+      group_by_fields: [],
+      distinct_fields: [],
+      aggregation: DatadogAPIClient::V2::SecurityMonitoringRuleQueryAggregation::COUNT,
+      name: "",
+    }),
+  ],
+  tags: [
+    "env:prod",
+    "team:security",
+  ],
+  type: DatadogAPIClient::V2::SecurityMonitoringRuleTypeCreate::LOG_DETECTION,
+})
+api_instance.validate_security_monitoring_rule(body)
diff --git a/features/v2/dora_metrics.feature b/features/v2/dora_metrics.feature
index e34092056ca..6352e0e5584 100644
--- a/features/v2/dora_metrics.feature
+++ b/features/v2/dora_metrics.feature
@@ -42,28 +42,32 @@ Feature: DORA Metrics
 
   @generated @skip @team:DataDog/ci-app-backend
   Scenario: Get a deployment event returns "Bad Request" response
-    Given new "GetDORADeployment" request
+    Given a valid "appKeyAuth" key in the system
+    And new "GetDORADeployment" request
     And request contains "deployment_id" parameter from "REPLACE.ME"
     When the request is sent
     Then the response status is 400 Bad Request
 
   @generated @skip @team:DataDog/ci-app-backend
   Scenario: Get a deployment event returns "OK" response
-    Given new "GetDORADeployment" request
+    Given a valid "appKeyAuth" key in the system
+    And new "GetDORADeployment" request
     And request contains "deployment_id" parameter from "REPLACE.ME"
     When the request is sent
     Then the response status is 200 OK
 
   @generated @skip @team:DataDog/ci-app-backend
   Scenario: Get a failure event returns "Bad Request" response
-    Given new "GetDORAFailure" request
+    Given a valid "appKeyAuth" key in the system
+    And new "GetDORAFailure" request
     And request contains "failure_id" parameter from "REPLACE.ME"
     When the request is sent
     Then the response status is 400 Bad Request
 
   @generated @skip @team:DataDog/ci-app-backend
   Scenario: Get a failure event returns "OK" response
-    Given new "GetDORAFailure" request
+    Given a valid "appKeyAuth" key in the system
+    And new "GetDORAFailure" request
     And request contains "failure_id" parameter from "REPLACE.ME"
     When the request is sent
     Then the response status is 200 OK
diff --git a/features/v2/security_monitoring.feature b/features/v2/security_monitoring.feature
index 612e8fc5f98..f4eab41ff04 100644
--- a/features/v2/security_monitoring.feature
+++ b/features/v2/security_monitoring.feature
@@ -211,6 +211,16 @@ Feature: Security Monitoring
     And the response "message" is equal to "Test rule"
     And the response "referenceTables" is equal to [{"tableName": "synthetics_test_reference_table_dont_delete", "columnName": "value", "logFieldPath":"testtag", "checkPresence":true, "ruleQueryName":"a"}]
 
+  @team:DataDog/k9-cloud-security-platform
+  Scenario: Create a detection rule with detection method 'sequence_detection' returns "OK" response
+    Given new "CreateSecurityMonitoringRule" request
+    And body with value {"name":"{{ unique }}","type":"log_detection","isEnabled":true,"queries":[{"aggregation":"count","dataSource":"logs","distinctFields":[],"groupByFields":[],"hasOptionalGroupByFields":false,"name":"","query":"service:logs-rule-reducer source:paul test2"},{"aggregation":"count","dataSource":"logs","distinctFields":[],"groupByFields":[],"hasOptionalGroupByFields":false,"name":"","query":"service:logs-rule-reducer source:paul test1"}],"cases":[{"name":"","status":"info","notifications":[],"condition":"step_b > 0"}],"message":"Logs and signals asdf","options":{"detectionMethod":"sequence_detection","evaluationWindow":0,"keepAlive":300,"maxSignalDuration":600,"sequenceDetectionOptions":{"stepTransitions":[{"child":"step_b","evaluationWindow":900,"parent":"step_a"}],"steps":[{"condition":"a > 0","evaluationWindow":60,"name":"step_a"},{"condition":"b > 0","evaluationWindow":60,"name":"step_b"}]}},"tags":[]}
+    When the request is sent
+    Then the response status is 200 OK
+    And the response "name" is equal to "{{ unique }}"
+    And the response "type" is equal to "log_detection"
+    And the response "options.detectionMethod" is equal to "sequence_detection"
+
   @team:DataDog/k9-cloud-security-platform
   Scenario: Create a detection rule with detection method 'third_party' returns "OK" response
     Given new "CreateSecurityMonitoringRule" request
@@ -1483,6 +1493,13 @@ Feature: Security Monitoring
     When the request is sent
     Then the response status is 204 OK
 
+  @team:DataDog/k9-cloud-security-platform
+  Scenario: Validate a detection rule with detection method 'sequence_detection' returns "OK" response
+    Given new "ValidateSecurityMonitoringRule" request
+    And body with value {"cases":[{"name":"","status":"info","notifications":[],"condition":"step_b > 0"}],"hasExtendedTitle":true,"isEnabled":true,"message":"My security monitoring rule","name":"My security monitoring rule","options":{"evaluationWindow":0,"keepAlive":300,"maxSignalDuration":600,"detectionMethod":"sequence_detection","sequenceDetectionOptions":{"stepTransitions":[{"child":"step_b","evaluationWindow":900,"parent":"step_a"}],"steps":[{"condition":"a > 0","evaluationWindow":60,"name":"step_a"},{"condition":"b > 0","evaluationWindow":60,"name":"step_b"}]}},"queries":[{"query":"source:source_here","groupByFields":["@userIdentity.assumed_role"],"distinctFields":[],"aggregation":"count","name":""},{"query":"source:source_here2","groupByFields":[],"distinctFields":[],"aggregation":"count","name":""}],"tags":["env:prod","team:security"],"type":"log_detection"}
+    When the request is sent
+    Then the response status is 204 OK
+
   @team:DataDog/k9-cloud-security-platform
   Scenario: Validate a suppression rule returns "Bad Request" response
     Given new "ValidateSecurityMonitoringSuppression" request
diff --git a/lib/datadog_api_client/inflector.rb b/lib/datadog_api_client/inflector.rb
index 0dce647766f..7b9a1eefcdb 100644
--- a/lib/datadog_api_client/inflector.rb
+++ b/lib/datadog_api_client/inflector.rb
@@ -3521,6 +3521,9 @@ def overrides
           "v2.security_monitoring_rule_query_payload" => "SecurityMonitoringRuleQueryPayload",
           "v2.security_monitoring_rule_query_payload_data" => "SecurityMonitoringRuleQueryPayloadData",
           "v2.security_monitoring_rule_response" => "SecurityMonitoringRuleResponse",
+          "v2.security_monitoring_rule_sequence_detection_options" => "SecurityMonitoringRuleSequenceDetectionOptions",
+          "v2.security_monitoring_rule_sequence_detection_step" => "SecurityMonitoringRuleSequenceDetectionStep",
+          "v2.security_monitoring_rule_sequence_detection_step_transition" => "SecurityMonitoringRuleSequenceDetectionStepTransition",
           "v2.security_monitoring_rule_severity" => "SecurityMonitoringRuleSeverity",
           "v2.security_monitoring_rule_test_payload" => "SecurityMonitoringRuleTestPayload",
           "v2.security_monitoring_rule_test_request" => "SecurityMonitoringRuleTestRequest",
diff --git a/lib/datadog_api_client/v2/models/historical_job_options.rb b/lib/datadog_api_client/v2/models/historical_job_options.rb
index 00add5fd1fe..d6368dd7e6c 100644
--- a/lib/datadog_api_client/v2/models/historical_job_options.rb
+++ b/lib/datadog_api_client/v2/models/historical_job_options.rb
@@ -42,6 +42,9 @@ class HistoricalJobOptions
     # Options on new value detection method.
     attr_accessor :new_value_options
 
+    # Options on sequence detection method.
+    attr_accessor :sequence_detection_options
+
     # Options on third party detection method.
     attr_accessor :third_party_rule_options
 
@@ -57,6 +60,7 @@ def self.attribute_map
         :'keep_alive' => :'keepAlive',
         :'max_signal_duration' => :'maxSignalDuration',
         :'new_value_options' => :'newValueOptions',
+        :'sequence_detection_options' => :'sequenceDetectionOptions',
         :'third_party_rule_options' => :'thirdPartyRuleOptions'
       }
     end
@@ -71,6 +75,7 @@ def self.openapi_types
         :'keep_alive' => :'SecurityMonitoringRuleKeepAlive',
         :'max_signal_duration' => :'SecurityMonitoringRuleMaxSignalDuration',
         :'new_value_options' => :'SecurityMonitoringRuleNewValueOptions',
+        :'sequence_detection_options' => :'SecurityMonitoringRuleSequenceDetectionOptions',
         :'third_party_rule_options' => :'SecurityMonitoringRuleThirdPartyOptions'
       }
     end
@@ -117,6 +122,10 @@ def initialize(attributes = {})
         self.new_value_options = attributes[:'new_value_options']
       end
 
+      if attributes.key?(:'sequence_detection_options')
+        self.sequence_detection_options = attributes[:'sequence_detection_options']
+      end
+
       if attributes.key?(:'third_party_rule_options')
         self.third_party_rule_options = attributes[:'third_party_rule_options']
       end
@@ -154,6 +163,7 @@ def ==(o)
           keep_alive == o.keep_alive &&
           max_signal_duration == o.max_signal_duration &&
           new_value_options == o.new_value_options &&
+          sequence_detection_options == o.sequence_detection_options &&
           third_party_rule_options == o.third_party_rule_options &&
           additional_properties == o.additional_properties
     end
@@ -162,7 +172,7 @@ def ==(o)
     # @return [Integer] Hash code
     # @!visibility private
     def hash
-      [detection_method, evaluation_window, impossible_travel_options, keep_alive, max_signal_duration, new_value_options, third_party_rule_options, additional_properties].hash
+      [detection_method, evaluation_window, impossible_travel_options, keep_alive, max_signal_duration, new_value_options, sequence_detection_options, third_party_rule_options, additional_properties].hash
     end
   end
 end
diff --git a/lib/datadog_api_client/v2/models/security_monitoring_rule_detection_method.rb b/lib/datadog_api_client/v2/models/security_monitoring_rule_detection_method.rb
index 5833abf33c6..d221c2e3fb7 100644
--- a/lib/datadog_api_client/v2/models/security_monitoring_rule_detection_method.rb
+++ b/lib/datadog_api_client/v2/models/security_monitoring_rule_detection_method.rb
@@ -28,5 +28,6 @@ class SecurityMonitoringRuleDetectionMethod
     HARDCODED = "hardcoded".freeze
     THIRD_PARTY = "third_party".freeze
     ANOMALY_THRESHOLD = "anomaly_threshold".freeze
+    SEQUENCE_DETECTION = "sequence_detection".freeze
   end
 end
diff --git a/lib/datadog_api_client/v2/models/security_monitoring_rule_options.rb b/lib/datadog_api_client/v2/models/security_monitoring_rule_options.rb
index 30ebd7259c1..1496dd3af7e 100644
--- a/lib/datadog_api_client/v2/models/security_monitoring_rule_options.rb
+++ b/lib/datadog_api_client/v2/models/security_monitoring_rule_options.rb
@@ -55,6 +55,9 @@ class SecurityMonitoringRuleOptions
     # Options on new value detection method.
     attr_accessor :new_value_options
 
+    # Options on sequence detection method.
+    attr_accessor :sequence_detection_options
+
     # Options on third party detection method.
     attr_accessor :third_party_rule_options
 
@@ -73,6 +76,7 @@ def self.attribute_map
         :'keep_alive' => :'keepAlive',
         :'max_signal_duration' => :'maxSignalDuration',
         :'new_value_options' => :'newValueOptions',
+        :'sequence_detection_options' => :'sequenceDetectionOptions',
         :'third_party_rule_options' => :'thirdPartyRuleOptions'
       }
     end
@@ -90,6 +94,7 @@ def self.openapi_types
         :'keep_alive' => :'SecurityMonitoringRuleKeepAlive',
         :'max_signal_duration' => :'SecurityMonitoringRuleMaxSignalDuration',
         :'new_value_options' => :'SecurityMonitoringRuleNewValueOptions',
+        :'sequence_detection_options' => :'SecurityMonitoringRuleSequenceDetectionOptions',
         :'third_party_rule_options' => :'SecurityMonitoringRuleThirdPartyOptions'
       }
     end
@@ -148,6 +153,10 @@ def initialize(attributes = {})
         self.new_value_options = attributes[:'new_value_options']
       end
 
+      if attributes.key?(:'sequence_detection_options')
+        self.sequence_detection_options = attributes[:'sequence_detection_options']
+      end
+
       if attributes.key?(:'third_party_rule_options')
         self.third_party_rule_options = attributes[:'third_party_rule_options']
       end
@@ -188,6 +197,7 @@ def ==(o)
           keep_alive == o.keep_alive &&
           max_signal_duration == o.max_signal_duration &&
           new_value_options == o.new_value_options &&
+          sequence_detection_options == o.sequence_detection_options &&
           third_party_rule_options == o.third_party_rule_options &&
           additional_properties == o.additional_properties
     end
@@ -196,7 +206,7 @@ def ==(o)
     # @return [Integer] Hash code
     # @!visibility private
     def hash
-      [compliance_rule_options, decrease_criticality_based_on_env, detection_method, evaluation_window, hardcoded_evaluator_type, impossible_travel_options, keep_alive, max_signal_duration, new_value_options, third_party_rule_options, additional_properties].hash
+      [compliance_rule_options, decrease_criticality_based_on_env, detection_method, evaluation_window, hardcoded_evaluator_type, impossible_travel_options, keep_alive, max_signal_duration, new_value_options, sequence_detection_options, third_party_rule_options, additional_properties].hash
     end
   end
 end
diff --git a/lib/datadog_api_client/v2/models/security_monitoring_rule_sequence_detection_options.rb b/lib/datadog_api_client/v2/models/security_monitoring_rule_sequence_detection_options.rb
new file mode 100644
index 00000000000..07e15739286
--- /dev/null
+++ b/lib/datadog_api_client/v2/models/security_monitoring_rule_sequence_detection_options.rb
@@ -0,0 +1,119 @@
+=begin
+#Datadog API V2 Collection
+
+#Collection of all Datadog Public endpoints.
+
+The version of the OpenAPI document: 1.0
+Contact: support@datadoghq.com
+Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator
+
+ Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+ This product includes software developed at Datadog (https://www.datadoghq.com/).
+ Copyright 2020-Present Datadog, Inc.
+
+=end
+
+require 'date'
+require 'time'
+
+module DatadogAPIClient::V2
+  # Options on sequence detection method.
+  class SecurityMonitoringRuleSequenceDetectionOptions
+    include BaseGenericModel
+
+    # Transitions defining the allowed order of steps and their evaluation windows.
+    attr_accessor :step_transitions
+
+    # Steps that define the conditions to be matched in sequence.
+    attr_accessor :steps
+
+    attr_accessor :additional_properties
+
+    # Attribute mapping from ruby-style variable name to JSON key.
+    # @!visibility private
+    def self.attribute_map
+      {
+        :'step_transitions' => :'stepTransitions',
+        :'steps' => :'steps'
+      }
+    end
+
+    # Attribute type mapping.
+    # @!visibility private
+    def self.openapi_types
+      {
+        :'step_transitions' => :'Array<SecurityMonitoringRuleSequenceDetectionStepTransition>',
+        :'steps' => :'Array<SecurityMonitoringRuleSequenceDetectionStep>'
+      }
+    end
+
+    # Initializes the object
+    # @param attributes [Hash] Model attributes in the form of hash
+    # @!visibility private
+    def initialize(attributes = {})
+      if (!attributes.is_a?(Hash))
+        fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::SecurityMonitoringRuleSequenceDetectionOptions` initialize method"
+      end
+
+      self.additional_properties = {}
+      # check to see if the attribute exists and convert string to symbol for hash key
+      attributes = attributes.each_with_object({}) { |(k, v), h|
+        if (!self.class.attribute_map.key?(k.to_sym))
+          self.additional_properties[k.to_sym] = v
+        else
+          h[k.to_sym] = v
+        end
+      }
+
+      if attributes.key?(:'step_transitions')
+        if (value = attributes[:'step_transitions']).is_a?(Array)
+          self.step_transitions = value
+        end
+      end
+
+      if attributes.key?(:'steps')
+        if (value = attributes[:'steps']).is_a?(Array)
+          self.steps = value
+        end
+      end
+    end
+
+    # Returns the object in the form of hash, with additionalProperties support.
+    # @return [Hash] Returns the object in the form of hash
+    # @!visibility private
+    def to_hash
+      hash = {}
+      self.class.attribute_map.each_pair do |attr, param|
+        value = self.send(attr)
+        if value.nil?
+          is_nullable = self.class.openapi_nullable.include?(attr)
+          next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
+        end
+
+        hash[param] = _to_hash(value)
+      end
+      self.additional_properties.each_pair do |attr, value|
+        hash[attr] = value
+      end
+      hash
+    end
+
+    # Checks equality by comparing each attribute.
+    # @param o [Object] Object to be compared
+    # @!visibility private
+    def ==(o)
+      return true if self.equal?(o)
+      self.class == o.class &&
+          step_transitions == o.step_transitions &&
+          steps == o.steps &&
+          additional_properties == o.additional_properties
+    end
+
+    # Calculates hash code according to all attributes.
+    # @return [Integer] Hash code
+    # @!visibility private
+    def hash
+      [step_transitions, steps, additional_properties].hash
+    end
+  end
+end
diff --git a/lib/datadog_api_client/v2/models/security_monitoring_rule_sequence_detection_step.rb b/lib/datadog_api_client/v2/models/security_monitoring_rule_sequence_detection_step.rb
new file mode 100644
index 00000000000..890eed2f6f4
--- /dev/null
+++ b/lib/datadog_api_client/v2/models/security_monitoring_rule_sequence_detection_step.rb
@@ -0,0 +1,126 @@
+=begin
+#Datadog API V2 Collection
+
+#Collection of all Datadog Public endpoints.
+
+The version of the OpenAPI document: 1.0
+Contact: support@datadoghq.com
+Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator
+
+ Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+ This product includes software developed at Datadog (https://www.datadoghq.com/).
+ Copyright 2020-Present Datadog, Inc.
+
+=end
+
+require 'date'
+require 'time'
+
+module DatadogAPIClient::V2
+  # Step definition for sequence detection containing the step name, condition, and evaluation window.
+  class SecurityMonitoringRuleSequenceDetectionStep
+    include BaseGenericModel
+
+    # Condition referencing rule queries (e.g., `a > 0`).
+    attr_accessor :condition
+
+    # A time window is specified to match when at least one of the cases matches true. This is a sliding window
+    # and evaluates in real time. For third party detection method, this field is not used.
+    attr_accessor :evaluation_window
+
+    # Unique name identifying the step.
+    attr_accessor :name
+
+    attr_accessor :additional_properties
+
+    # Attribute mapping from ruby-style variable name to JSON key.
+    # @!visibility private
+    def self.attribute_map
+      {
+        :'condition' => :'condition',
+        :'evaluation_window' => :'evaluationWindow',
+        :'name' => :'name'
+      }
+    end
+
+    # Attribute type mapping.
+    # @!visibility private
+    def self.openapi_types
+      {
+        :'condition' => :'String',
+        :'evaluation_window' => :'SecurityMonitoringRuleEvaluationWindow',
+        :'name' => :'String'
+      }
+    end
+
+    # Initializes the object
+    # @param attributes [Hash] Model attributes in the form of hash
+    # @!visibility private
+    def initialize(attributes = {})
+      if (!attributes.is_a?(Hash))
+        fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::SecurityMonitoringRuleSequenceDetectionStep` initialize method"
+      end
+
+      self.additional_properties = {}
+      # check to see if the attribute exists and convert string to symbol for hash key
+      attributes = attributes.each_with_object({}) { |(k, v), h|
+        if (!self.class.attribute_map.key?(k.to_sym))
+          self.additional_properties[k.to_sym] = v
+        else
+          h[k.to_sym] = v
+        end
+      }
+
+      if attributes.key?(:'condition')
+        self.condition = attributes[:'condition']
+      end
+
+      if attributes.key?(:'evaluation_window')
+        self.evaluation_window = attributes[:'evaluation_window']
+      end
+
+      if attributes.key?(:'name')
+        self.name = attributes[:'name']
+      end
+    end
+
+    # Returns the object in the form of hash, with additionalProperties support.
+    # @return [Hash] Returns the object in the form of hash
+    # @!visibility private
+    def to_hash
+      hash = {}
+      self.class.attribute_map.each_pair do |attr, param|
+        value = self.send(attr)
+        if value.nil?
+          is_nullable = self.class.openapi_nullable.include?(attr)
+          next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
+        end
+
+        hash[param] = _to_hash(value)
+      end
+      self.additional_properties.each_pair do |attr, value|
+        hash[attr] = value
+      end
+      hash
+    end
+
+    # Checks equality by comparing each attribute.
+    # @param o [Object] Object to be compared
+    # @!visibility private
+    def ==(o)
+      return true if self.equal?(o)
+      self.class == o.class &&
+          condition == o.condition &&
+          evaluation_window == o.evaluation_window &&
+          name == o.name &&
+          additional_properties == o.additional_properties
+    end
+
+    # Calculates hash code according to all attributes.
+    # @return [Integer] Hash code
+    # @!visibility private
+    def hash
+      [condition, evaluation_window, name, additional_properties].hash
+    end
+  end
+end
diff --git a/lib/datadog_api_client/v2/models/security_monitoring_rule_sequence_detection_step_transition.rb b/lib/datadog_api_client/v2/models/security_monitoring_rule_sequence_detection_step_transition.rb
new file mode 100644
index 00000000000..be5bb5a3421
--- /dev/null
+++ b/lib/datadog_api_client/v2/models/security_monitoring_rule_sequence_detection_step_transition.rb
@@ -0,0 +1,126 @@
+=begin
+#Datadog API V2 Collection
+
+#Collection of all Datadog Public endpoints.
+
+The version of the OpenAPI document: 1.0
+Contact: support@datadoghq.com
+Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator
+
+ Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+ This product includes software developed at Datadog (https://www.datadoghq.com/).
+ Copyright 2020-Present Datadog, Inc.
+
+=end
+
+require 'date'
+require 'time'
+
+module DatadogAPIClient::V2
+  # Transition from a parent step to a child step within a sequence detection rule.
+  class SecurityMonitoringRuleSequenceDetectionStepTransition
+    include BaseGenericModel
+
+    # Name of the child step.
+    attr_accessor :child
+
+    # A time window is specified to match when at least one of the cases matches true. This is a sliding window
+    # and evaluates in real time. For third party detection method, this field is not used.
+    attr_accessor :evaluation_window
+
+    # Name of the parent step.
+    attr_accessor :parent
+
+    attr_accessor :additional_properties
+
+    # Attribute mapping from ruby-style variable name to JSON key.
+    # @!visibility private
+    def self.attribute_map
+      {
+        :'child' => :'child',
+        :'evaluation_window' => :'evaluationWindow',
+        :'parent' => :'parent'
+      }
+    end
+
+    # Attribute type mapping.
+    # @!visibility private
+    def self.openapi_types
+      {
+        :'child' => :'String',
+        :'evaluation_window' => :'SecurityMonitoringRuleEvaluationWindow',
+        :'parent' => :'String'
+      }
+    end
+
+    # Initializes the object
+    # @param attributes [Hash] Model attributes in the form of hash
+    # @!visibility private
+    def initialize(attributes = {})
+      if (!attributes.is_a?(Hash))
+        fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V2::SecurityMonitoringRuleSequenceDetectionStepTransition` initialize method"
+      end
+
+      self.additional_properties = {}
+      # check to see if the attribute exists and convert string to symbol for hash key
+      attributes = attributes.each_with_object({}) { |(k, v), h|
+        if (!self.class.attribute_map.key?(k.to_sym))
+          self.additional_properties[k.to_sym] = v
+        else
+          h[k.to_sym] = v
+        end
+      }
+
+      if attributes.key?(:'child')
+        self.child = attributes[:'child']
+      end
+
+      if attributes.key?(:'evaluation_window')
+        self.evaluation_window = attributes[:'evaluation_window']
+      end
+
+      if attributes.key?(:'parent')
+        self.parent = attributes[:'parent']
+      end
+    end
+
+    # Returns the object in the form of hash, with additionalProperties support.
+    # @return [Hash] Returns the object in the form of hash
+    # @!visibility private
+    def to_hash
+      hash = {}
+      self.class.attribute_map.each_pair do |attr, param|
+        value = self.send(attr)
+        if value.nil?
+          is_nullable = self.class.openapi_nullable.include?(attr)
+          next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
+        end
+
+        hash[param] = _to_hash(value)
+      end
+      self.additional_properties.each_pair do |attr, value|
+        hash[attr] = value
+      end
+      hash
+    end
+
+    # Checks equality by comparing each attribute.
+    # @param o [Object] Object to be compared
+    # @!visibility private
+    def ==(o)
+      return true if self.equal?(o)
+      self.class == o.class &&
+          child == o.child &&
+          evaluation_window == o.evaluation_window &&
+          parent == o.parent &&
+          additional_properties == o.additional_properties
+    end
+
+    # Calculates hash code according to all attributes.
+    # @return [Integer] Hash code
+    # @!visibility private
+    def hash
+      [child, evaluation_window, parent, additional_properties].hash
+    end
+  end
+end