DataDog
diff --git a/‎.apigentools-info
+4-4 b/‎.apigentools-info
+4-4
diff --git a/‎.generator/schemas/v2/openapi.yaml
+92 b/‎.generator/schemas/v2/openapi.yaml
+92
diff --git a/‎examples/v2_security-monitoring_CreateSecurityMonitoringRule_1965169892.rs
+63 b/‎examples/v2_security-monitoring_CreateSecurityMonitoringRule_1965169892.rs
+63
diff --git a/‎src/datadogV2/model/mod.rs
+6 b/‎src/datadogV2/model/mod.rs
+6
diff --git a/‎src/datadogV2/model/model_job_definition.rs
+18 b/‎src/datadogV2/model/model_job_definition.rs
+18
diff --git a/‎src/datadogV2/model/model_security_monitoring_rule_case.rs
+22 b/‎src/datadogV2/model/model_security_monitoring_rule_case.rs
+22
@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-02-10 19:09:28.614674",
-            "spec_repo_commit": "824f78a1"
+            "regenerated": "2025-02-11 09:59:44.838748",
+            "spec_repo_commit": "b980d49f"
         },
         "v2": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-02-10 19:09:28.634477",
-            "spec_repo_commit": "824f78a1"
+            "regenerated": "2025-02-11 09:59:44.853754",
+            "spec_repo_commit": "b980d49f"
         }
     }
 }
@@ -15657,6 +15657,15 @@ components:
           example: 1729843470000
           format: int64
           type: integer
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups.
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         index:
           description: Index used to load the data.
           example: cloud_siem
@@ -24242,6 +24251,11 @@ components:
     SecurityMonitoringRuleCase:
       description: Case when signal is generated.
       properties:
+        actions:
+          description: Action to perform for each rule case.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringRuleCaseAction'
+          type: array
         condition:
           description: 'A rule case contains logical operations (`>`,`>=`, `&&`, `||`)
             to determine if a signal should be generated
@@ -24260,9 +24274,42 @@ components:
         status:
           $ref: '#/components/schemas/SecurityMonitoringRuleSeverity'
       type: object
+    SecurityMonitoringRuleCaseAction:
+      description: Action to perform when a signal is triggered. Only available for
+        Application Security rule type.
+      properties:
+        options:
+          $ref: '#/components/schemas/SecurityMonitoringRuleCaseActionOptions'
+        type:
+          $ref: '#/components/schemas/SecurityMonitoringRuleCaseActionType'
+      type: object
+    SecurityMonitoringRuleCaseActionOptions:
+      description: Options for the rule action
+      properties:
+        duration:
+          description: Duration of the action in seconds. 0 indicates no expiration.
+          example: 0
+          format: int64
+          minimum: 0
+          type: integer
+      type: object
+    SecurityMonitoringRuleCaseActionType:
+      description: The action type.
+      enum:
+      - block_ip
+      - block_user
+      type: string
+      x-enum-varnames:
+      - BLOCK_IP
+      - BLOCK_USER
     SecurityMonitoringRuleCaseCreate:
       description: Case when signal is generated.
       properties:
+        actions:
+          description: Action to perform for each rule case.
+          items:
+            $ref: '#/components/schemas/SecurityMonitoringRuleCaseAction'
+          type: array
         condition:
           description: 'A case contains logical operations (`>`,`>=`, `&&`, `||`)
             to determine if a signal should be generated
@@ -24724,6 +24771,15 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringFilter'
           type: array
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups.
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         hasExtendedTitle:
           description: Whether the notifications include the triggering group-by values
             in their title.
@@ -25429,6 +25485,15 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringFilter'
           type: array
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups.
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         hasExtendedTitle:
           description: Whether the notifications include the triggering group-by values
             in their title.
@@ -25501,6 +25566,15 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringFilter'
           type: array
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups.
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         hasExtendedTitle:
           description: Whether the notifications include the triggering group-by values
             in their title.
@@ -25642,6 +25716,15 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringFilter'
           type: array
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups.
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         hasExtendedTitle:
           description: Whether the notifications include the triggering group-by values
             in their title.
@@ -25719,6 +25802,15 @@ components:
           items:
             $ref: '#/components/schemas/SecurityMonitoringFilter'
           type: array
+        groupSignalsBy:
+          description: Additional grouping to perform on top of the existing groups
+            in the query section. Must be a subset of the existing groups.
+          example:
+          - service
+          items:
+            description: Field to group by.
+            type: string
+          type: array
         hasExtendedTitle:
           description: Whether the notifications include the triggering group-by values
             in their title.
 
@@ -0,0 +1,63 @@
+// Create a detection rule with type 'application_security 'returns "OK" response
+use datadog_api_client::datadog;
+use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleCaseAction;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleCaseActionOptions;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleCaseActionType;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleCaseCreate;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleCreatePayload;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleDetectionMethod;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleEvaluationWindow;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleKeepAlive;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleMaxSignalDuration;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleOptions;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleQueryAggregation;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleSeverity;
+use datadog_api_client::datadogV2::model::SecurityMonitoringRuleTypeCreate;
+use datadog_api_client::datadogV2::model::SecurityMonitoringStandardRuleCreatePayload;
+use datadog_api_client::datadogV2::model::SecurityMonitoringStandardRuleQuery;
+
+#[tokio::main]
+async fn main() {
+    let body =
+        SecurityMonitoringRuleCreatePayload::SecurityMonitoringStandardRuleCreatePayload(Box::new(
+            SecurityMonitoringStandardRuleCreatePayload::new(
+                vec![
+                    SecurityMonitoringRuleCaseCreate::new(SecurityMonitoringRuleSeverity::INFO)
+                        .actions(vec![SecurityMonitoringRuleCaseAction::new()
+                            .options(SecurityMonitoringRuleCaseActionOptions::new().duration(900))
+                            .type_(SecurityMonitoringRuleCaseActionType::BLOCK_IP)])
+                        .condition("a > 100000".to_string())
+                        .name("".to_string())
+                        .notifications(vec![]),
+                ],
+                true,
+                "Test rule".to_string(),
+                "Example-Security-Monitoring_appsec_rule".to_string(),
+                SecurityMonitoringRuleOptions::new()
+                    .detection_method(SecurityMonitoringRuleDetectionMethod::THRESHOLD)
+                    .evaluation_window(SecurityMonitoringRuleEvaluationWindow::FIFTEEN_MINUTES)
+                    .keep_alive(SecurityMonitoringRuleKeepAlive::ONE_HOUR)
+                    .max_signal_duration(SecurityMonitoringRuleMaxSignalDuration::ONE_DAY),
+                vec![SecurityMonitoringStandardRuleQuery::new()
+                    .aggregation(SecurityMonitoringRuleQueryAggregation::COUNT)
+                    .distinct_fields(vec![])
+                    .group_by_fields(vec!["service".to_string(), "@http.client_ip".to_string()])
+                    .query(
+                        "@appsec.security_activity:business_logic.users.login.failure".to_string(),
+                    )],
+            )
+            .filters(vec![])
+            .group_signals_by(vec!["service".to_string()])
+            .tags(vec![])
+            .type_(SecurityMonitoringRuleTypeCreate::APPLICATION_SECURITY),
+        ));
+    let configuration = datadog::Configuration::new();
+    let api = SecurityMonitoringAPI::with_config(configuration);
+    let resp = api.create_security_monitoring_rule(body).await;
+    if let Ok(value) = resp {
+        println!("{:#?}", value);
+    } else {
+        println!("{:#?}", resp.unwrap_err());
+    }
+}
@@ -3034,6 +3034,12 @@ pub mod model_security_monitoring_standard_rule_response;
 pub use self::model_security_monitoring_standard_rule_response::SecurityMonitoringStandardRuleResponse;
 pub mod model_security_monitoring_rule_case;
 pub use self::model_security_monitoring_rule_case::SecurityMonitoringRuleCase;
+pub mod model_security_monitoring_rule_case_action;
+pub use self::model_security_monitoring_rule_case_action::SecurityMonitoringRuleCaseAction;
+pub mod model_security_monitoring_rule_case_action_options;
+pub use self::model_security_monitoring_rule_case_action_options::SecurityMonitoringRuleCaseActionOptions;
+pub mod model_security_monitoring_rule_case_action_type;
+pub use self::model_security_monitoring_rule_case_action_type::SecurityMonitoringRuleCaseActionType;
 pub mod model_security_monitoring_rule_severity;
 pub use self::model_security_monitoring_rule_severity::SecurityMonitoringRuleSeverity;
 pub mod model_cloud_configuration_rule_compliance_signal_options;
 
@@ -20,6 +20,9 @@ pub struct JobDefinition {
     /// Starting time of data analyzed by the job.
     #[serde(rename = "from")]
     pub from: i64,
+    /// Additional grouping to perform on top of the existing groups in the query section. Must be a subset of the existing groups.
+    #[serde(rename = "groupSignalsBy")]
+    pub group_signals_by: Option<Vec<String>>,
     /// Index used to load the data.
     #[serde(rename = "index")]
     pub index: String,
@@ -72,6 +75,7 @@ impl JobDefinition {
             calculated_fields: None,
             cases,
             from,
+            group_signals_by: None,
             index,
             message,
             name,
@@ -95,6 +99,11 @@ impl JobDefinition {
         self
     }
 
+    pub fn group_signals_by(mut self, value: Vec<String>) -> Self {
+        self.group_signals_by = Some(value);
+        self
+    }
+
     pub fn options(mut self, value: crate::datadogV2::model::HistoricalJobOptions) -> Self {
         self.options = Some(value);
         self
@@ -158,6 +167,7 @@ impl<'de> Deserialize<'de> for JobDefinition {
                     Vec<crate::datadogV2::model::SecurityMonitoringRuleCaseCreate>,
                 > = None;
                 let mut from: Option<i64> = None;
+                let mut group_signals_by: Option<Vec<String>> = None;
                 let mut index: Option<String> = None;
                 let mut message: Option<String> = None;
                 let mut name: Option<String> = None;
@@ -193,6 +203,13 @@ impl<'de> Deserialize<'de> for JobDefinition {
                         "from" => {
                             from = Some(serde_json::from_value(v).map_err(M::Error::custom)?);
                         }
+                        "groupSignalsBy" => {
+                            if v.is_null() {
+                                continue;
+                            }
+                            group_signals_by =
+                                Some(serde_json::from_value(v).map_err(M::Error::custom)?);
+                        }
                         "index" => {
                             index = Some(serde_json::from_value(v).map_err(M::Error::custom)?);
                         }
@@ -259,6 +276,7 @@ impl<'de> Deserialize<'de> for JobDefinition {
                     calculated_fields,
                     cases,
                     from,
+                    group_signals_by,
                     index,
                     message,
                     name,
 
@@ -11,6 +11,9 @@ use std::fmt::{self, Formatter};
 #[skip_serializing_none]
 #[derive(Clone, Debug, PartialEq, Serialize)]
 pub struct SecurityMonitoringRuleCase {
+    /// Action to perform for each rule case.
+    #[serde(rename = "actions")]
+    pub actions: Option<Vec<crate::datadogV2::model::SecurityMonitoringRuleCaseAction>>,
     /// A rule case contains logical operations (`>`,`>=`, `&&`, `||`) to determine if a signal should be generated
     /// based on the event counts in the previously defined queries.
     #[serde(rename = "condition")]
@@ -34,6 +37,7 @@ pub struct SecurityMonitoringRuleCase {
 impl SecurityMonitoringRuleCase {
     pub fn new() -> SecurityMonitoringRuleCase {
         SecurityMonitoringRuleCase {
+            actions: None,
             condition: None,
             name: None,
             notifications: None,
@@ -43,6 +47,14 @@ impl SecurityMonitoringRuleCase {
         }
     }
 
+    pub fn actions(
+        mut self,
+        value: Vec<crate::datadogV2::model::SecurityMonitoringRuleCaseAction>,
+    ) -> Self {
+        self.actions = Some(value);
+        self
+    }
+
     pub fn condition(mut self, value: String) -> Self {
         self.condition = Some(value);
         self
@@ -98,6 +110,9 @@ impl<'de> Deserialize<'de> for SecurityMonitoringRuleCase {
             where
                 M: MapAccess<'a>,
             {
+                let mut actions: Option<
+                    Vec<crate::datadogV2::model::SecurityMonitoringRuleCaseAction>,
+                > = None;
                 let mut condition: Option<String> = None;
                 let mut name: Option<String> = None;
                 let mut notifications: Option<Vec<String>> = None;
@@ -111,6 +126,12 @@ impl<'de> Deserialize<'de> for SecurityMonitoringRuleCase {
 
                 while let Some((k, v)) = map.next_entry::<String, serde_json::Value>()? {
                     match k.as_str() {
+                        "actions" => {
+                            if v.is_null() {
+                                continue;
+                            }
+                            actions = Some(serde_json::from_value(v).map_err(M::Error::custom)?);
+                        }
                         "condition" => {
                             if v.is_null() {
                                 continue;
@@ -153,6 +174,7 @@ impl<'de> Deserialize<'de> for SecurityMonitoringRuleCase {
                 }
 
                 let content = SecurityMonitoringRuleCase {
+                    actions,
                     condition,
                     name,
                     notifications,
Original file line number	Diff line number	Diff line change
`@@ -4,13 +4,13 @@`
`4`	`4`	`"spec_versions": {`
`5`	`5`	`"v1": {`
`6`	`6`	`"apigentools_version": "1.6.6",`
`7`		`- "regenerated": "2025-02-10 19:09:28.614674",`
`8`		`- "spec_repo_commit": "824f78a1"`
	`7`	`+ "regenerated": "2025-02-11 09:59:44.838748",`
	`8`	`+ "spec_repo_commit": "b980d49f"`
`9`	`9`	`},`
`10`	`10`	`"v2": {`
`11`	`11`	`"apigentools_version": "1.6.6",`
`12`		`- "regenerated": "2025-02-10 19:09:28.634477",`
`13`		`- "spec_repo_commit": "824f78a1"`
	`12`	`+ "regenerated": "2025-02-11 09:59:44.853754",`
	`13`	`+ "spec_repo_commit": "b980d49f"`
`14`	`14`	`}`
`15`	`15`	`}`
`16`	`16`	`}`