Regenerate client from commit 16dee31 of spec repo

Author: ci.datadog-api-spec

.generator/schemas/v2/openapi.yaml

@@ -47194,6 +47194,8 @@ components:
       properties:
         forgetAfter:
           $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptionsForgetAfter'
+        instantaneousBaseline:
+          $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptionsInstantaneousBaseline'
         learningDuration:
           $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptionsLearningDuration'
         learningMethod:
@@ -47219,6 +47221,15 @@ components:
       - TWO_WEEKS
       - THREE_WEEKS
       - FOUR_WEEKS
+    SecurityMonitoringRuleNewValueOptionsInstantaneousBaseline:
+      description: 'If true, every time Datadog learns a new group-by value, it takes
+        old matching values within the learning window and builds the baseline with
+        it.
+
+        Therefore, it attempts to build the baseline swiftly using existing values
+        instead of learning them over time.'
+      example: false
+      type: boolean
     SecurityMonitoringRuleNewValueOptionsLearningDuration:
       default: 0
       description: 'The duration in days during which values are learned, and after

examples/v2/security-monitoring/ValidateSecurityMonitoringRule_2609327779.rb

@@ -0,0 +1,54 @@
+# Validate a detection rule with detection method 'new_value' with enabled feature 'instantaneousBaseline' returns "OK"
+response
+
+require "datadog_api_client"
+api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
+
+body = DatadogAPIClient::V2::SecurityMonitoringStandardRulePayload.new({
+  cases: [
+    DatadogAPIClient::V2::SecurityMonitoringRuleCaseCreate.new({
+      name: "",
+      status: DatadogAPIClient::V2::SecurityMonitoringRuleSeverity::INFO,
+      notifications: [],
+    }),
+  ],
+  has_extended_title: true,
+  is_enabled: true,
+  message: "My security monitoring rule",
+  name: "My security monitoring rule",
+  options: DatadogAPIClient::V2::SecurityMonitoringRuleOptions.new({
+    evaluation_window: DatadogAPIClient::V2::SecurityMonitoringRuleEvaluationWindow::ZERO_MINUTES,
+    keep_alive: DatadogAPIClient::V2::SecurityMonitoringRuleKeepAlive::FIVE_MINUTES,
+    max_signal_duration: DatadogAPIClient::V2::SecurityMonitoringRuleMaxSignalDuration::TEN_MINUTES,
+    detection_method: DatadogAPIClient::V2::SecurityMonitoringRuleDetectionMethod::NEW_VALUE,
+    new_value_options: DatadogAPIClient::V2::SecurityMonitoringRuleNewValueOptions.new({
+      forget_after: DatadogAPIClient::V2::SecurityMonitoringRuleNewValueOptionsForgetAfter::ONE_WEEK,
+      instantaneous_baseline: true,
+      learning_duration: DatadogAPIClient::V2::SecurityMonitoringRuleNewValueOptionsLearningDuration::ONE_DAY,
+      learning_threshold: DatadogAPIClient::V2::SecurityMonitoringRuleNewValueOptionsLearningThreshold::ZERO_OCCURRENCES,
+      learning_method: DatadogAPIClient::V2::SecurityMonitoringRuleNewValueOptionsLearningMethod::DURATION,
+    }),
+  }),
+  queries: [
+    DatadogAPIClient::V2::SecurityMonitoringStandardRuleQuery.new({
+      query: "source:source_here",
+      group_by_fields: [
+        "@userIdentity.assumed_role",
+      ],
+      distinct_fields: [],
+      metric: "name",
+      metrics: [
+        "name",
+      ],
+      aggregation: DatadogAPIClient::V2::SecurityMonitoringRuleQueryAggregation::NEW_VALUE,
+      name: "",
+      data_source: DatadogAPIClient::V2::SecurityMonitoringStandardDataSource::LOGS,
+    }),
+  ],
+  tags: [
+    "env:prod",
+    "team:security",
+  ],
+  type: DatadogAPIClient::V2::SecurityMonitoringRuleTypeCreate::LOG_DETECTION,
+})
+api_instance.validate_security_monitoring_rule(body)

features/v2/security_monitoring.feature

@@ -1797,6 +1797,13 @@ Feature: Security Monitoring
     When the request is sent
     Then the response status is 204 OK
 
+  @team:DataDog/k9-cloud-security-platform
+  Scenario: Validate a detection rule with detection method 'new_value' with enabled feature 'instantaneousBaseline' returns "OK" response
+    Given new "ValidateSecurityMonitoringRule" request
+    And body with value {"cases":[{"name":"","status":"info","notifications":[]}],"hasExtendedTitle":true,"isEnabled":true,"message":"My security monitoring rule","name":"My security monitoring rule","options":{"evaluationWindow":0,"keepAlive":300,"maxSignalDuration":600,"detectionMethod":"new_value","newValueOptions":{"forgetAfter":7,"instantaneousBaseline":true,"learningDuration":1,"learningThreshold":0,"learningMethod":"duration"}},"queries":[{"query":"source:source_here","groupByFields":["@userIdentity.assumed_role"],"distinctFields":[],"metric":"name","metrics":["name"],"aggregation":"new_value","name":"","dataSource":"logs"}],"tags":["env:prod","team:security"],"type":"log_detection"}
+    When the request is sent
+    Then the response status is 204 OK
+
   @team:DataDog/k9-cloud-security-platform
   Scenario: Validate a detection rule with detection method 'sequence_detection' returns "OK" response
     Given new "ValidateSecurityMonitoringRule" request

lib/datadog_api_client/v2/models/security_monitoring_rule_new_value_options.rb

@@ -24,6 +24,10 @@ class SecurityMonitoringRuleNewValueOptions
     # The duration in days after which a learned value is forgotten.
     attr_accessor :forget_after
 
+    # If true, every time Datadog learns a new group-by value, it takes old matching values within the learning window and builds the baseline with it.
+    # Therefore, it attempts to build the baseline swiftly using existing values instead of learning them over time.
+    attr_accessor :instantaneous_baseline
+
     # The duration in days during which values are learned, and after which signals will be generated for values that
     # weren't learned. If set to 0, a signal will be generated for all new values after the first value is learned.
     attr_accessor :learning_duration
@@ -41,6 +45,7 @@ class SecurityMonitoringRuleNewValueOptions
     def self.attribute_map
       {
         :'forget_after' => :'forgetAfter',
+        :'instantaneous_baseline' => :'instantaneousBaseline',
         :'learning_duration' => :'learningDuration',
         :'learning_method' => :'learningMethod',
         :'learning_threshold' => :'learningThreshold'
@@ -52,6 +57,7 @@ def self.attribute_map
     def self.openapi_types
       {
         :'forget_after' => :'SecurityMonitoringRuleNewValueOptionsForgetAfter',
+        :'instantaneous_baseline' => :'Boolean',
         :'learning_duration' => :'SecurityMonitoringRuleNewValueOptionsLearningDuration',
         :'learning_method' => :'SecurityMonitoringRuleNewValueOptionsLearningMethod',
         :'learning_threshold' => :'SecurityMonitoringRuleNewValueOptionsLearningThreshold'
@@ -80,6 +86,10 @@ def initialize(attributes = {})
         self.forget_after = attributes[:'forget_after']
       end
 
+      if attributes.key?(:'instantaneous_baseline')
+        self.instantaneous_baseline = attributes[:'instantaneous_baseline']
+      end
+
       if attributes.key?(:'learning_duration')
         self.learning_duration = attributes[:'learning_duration']
       end
@@ -120,6 +130,7 @@ def ==(o)
       return true if self.equal?(o)
       self.class == o.class &&
           forget_after == o.forget_after &&
+          instantaneous_baseline == o.instantaneous_baseline &&
           learning_duration == o.learning_duration &&
           learning_method == o.learning_method &&
           learning_threshold == o.learning_threshold &&
@@ -130,7 +141,7 @@ def ==(o)
     # @return [Integer] Hash code
     # @!visibility private
     def hash
-      [forget_after, learning_duration, learning_method, learning_threshold, additional_properties].hash
+      [forget_after, instantaneous_baseline, learning_duration, learning_method, learning_threshold, additional_properties].hash
     end
   end
 end