[SEC-19484] Add datasource to rule model (#2450)

Co-authored-by: ci.datadog-api-spec <packages@datadoghq.com>

Author: api-clients-generation-pipeline[bot]

.apigentools-info

@@ -4,13 +4,13 @@
     "spec_versions": {
         "v1": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-03-11 16:30:34.112704",
-            "spec_repo_commit": "baf04a80"
+            "regenerated": "2025-03-13 09:11:35.893974",
+            "spec_repo_commit": "a1fc1148"
         },
         "v2": {
             "apigentools_version": "1.6.6",
-            "regenerated": "2025-03-11 16:30:34.128567",
-            "spec_repo_commit": "baf04a80"
+            "regenerated": "2025-03-13 09:11:35.910718",
+            "spec_repo_commit": "a1fc1148"
         }
     }
 }

.generator/schemas/v2/openapi.yaml

@@ -27642,6 +27642,17 @@ components:
       x-enum-varnames:
       - TIMESTAMP_ASCENDING
       - TIMESTAMP_DESCENDING
+    SecurityMonitoringStandardDataSource:
+      default: logs
+      description: Source of events, either logs or audit trail.
+      enum:
+      - logs
+      - audit
+      example: logs
+      type: string
+      x-enum-varnames:
+      - LOGS
+      - AUDIT
     SecurityMonitoringStandardRuleCreatePayload:
       description: Create a new rule.
       properties:
@@ -27809,6 +27820,8 @@ components:
       properties:
         aggregation:
           $ref: '#/components/schemas/SecurityMonitoringRuleQueryAggregation'
+        dataSource:
+          $ref: '#/components/schemas/SecurityMonitoringStandardDataSource'
         distinctFields:
           description: Field for which the cardinality is measured. Sent as an array.
           items:

docs/datadog_api_client.v2.model.rst

@@ -12149,6 +12149,13 @@ datadog\_api\_client.v2.model.security\_monitoring\_signals\_sort module
    :members:
    :show-inheritance:
 
+datadog\_api\_client.v2.model.security\_monitoring\_standard\_data\_source module
+---------------------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.security_monitoring_standard_data_source
+   :members:
+   :show-inheritance:
+
 datadog\_api\_client.v2.model.security\_monitoring\_standard\_rule\_create\_payload module
 ------------------------------------------------------------------------------------------
 

src/datadog_api_client/v2/model/security_monitoring_rule_query.py

@@ -18,6 +18,9 @@ def __init__(self, **kwargs):
         :param aggregation: The aggregation type.
         :type aggregation: SecurityMonitoringRuleQueryAggregation, optional
 
+        :param data_source: Source of events, either logs or audit trail.
+        :type data_source: SecurityMonitoringStandardDataSource, optional
+
         :param distinct_fields: Field for which the cardinality is measured. Sent as an array.
         :type distinct_fields: [str], optional
 

src/datadog_api_client/v2/model/security_monitoring_standard_data_source.py

@@ -0,0 +1,38 @@
+# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+# This product includes software developed at Datadog (https://www.datadoghq.com/).
+# Copyright 2019-Present Datadog, Inc.
+from __future__ import annotations
+
+
+from datadog_api_client.model_utils import (
+    ModelSimple,
+    cached_property,
+)
+
+from typing import ClassVar
+
+
+class SecurityMonitoringStandardDataSource(ModelSimple):
+    """
+    Source of events, either logs or audit trail.
+
+    :param value: If omitted defaults to "logs". Must be one of ["logs", "audit"].
+    :type value: str
+    """
+
+    allowed_values = {
+        "logs",
+        "audit",
+    }
+    LOGS: ClassVar["SecurityMonitoringStandardDataSource"]
+    AUDIT: ClassVar["SecurityMonitoringStandardDataSource"]
+
+    @cached_property
+    def openapi_types(_):
+        return {
+            "value": (str,),
+        }
+
+
+SecurityMonitoringStandardDataSource.LOGS = SecurityMonitoringStandardDataSource("logs")
+SecurityMonitoringStandardDataSource.AUDIT = SecurityMonitoringStandardDataSource("audit")

src/datadog_api_client/v2/model/security_monitoring_standard_rule_query.py

@@ -17,6 +17,9 @@
     from datadog_api_client.v2.model.security_monitoring_rule_query_aggregation import (
         SecurityMonitoringRuleQueryAggregation,
     )
+    from datadog_api_client.v2.model.security_monitoring_standard_data_source import (
+        SecurityMonitoringStandardDataSource,
+    )
 
 
 class SecurityMonitoringStandardRuleQuery(ModelNormal):
@@ -25,9 +28,13 @@ def openapi_types(_):
         from datadog_api_client.v2.model.security_monitoring_rule_query_aggregation import (
             SecurityMonitoringRuleQueryAggregation,
         )
+        from datadog_api_client.v2.model.security_monitoring_standard_data_source import (
+            SecurityMonitoringStandardDataSource,
+        )
 
         return {
             "aggregation": (SecurityMonitoringRuleQueryAggregation,),
+            "data_source": (SecurityMonitoringStandardDataSource,),
             "distinct_fields": ([str],),
             "group_by_fields": ([str],),
             "has_optional_group_by_fields": (bool,),
@@ -39,6 +46,7 @@ def openapi_types(_):
 
     attribute_map = {
         "aggregation": "aggregation",
+        "data_source": "dataSource",
         "distinct_fields": "distinctFields",
         "group_by_fields": "groupByFields",
         "has_optional_group_by_fields": "hasOptionalGroupByFields",
@@ -54,6 +62,7 @@ def openapi_types(_):
     def __init__(
         self_,
         aggregation: Union[SecurityMonitoringRuleQueryAggregation, UnsetType] = unset,
+        data_source: Union[SecurityMonitoringStandardDataSource, UnsetType] = unset,
         distinct_fields: Union[List[str], UnsetType] = unset,
         group_by_fields: Union[List[str], UnsetType] = unset,
         has_optional_group_by_fields: Union[bool, UnsetType] = unset,
@@ -69,6 +78,9 @@ def __init__(
         :param aggregation: The aggregation type.
         :type aggregation: SecurityMonitoringRuleQueryAggregation, optional
 
+        :param data_source: Source of events, either logs or audit trail.
+        :type data_source: SecurityMonitoringStandardDataSource, optional
+
         :param distinct_fields: Field for which the cardinality is measured. Sent as an array.
         :type distinct_fields: [str], optional
 
@@ -93,6 +105,8 @@ def __init__(
         """
         if aggregation is not unset:
             kwargs["aggregation"] = aggregation
+        if data_source is not unset:
+            kwargs["data_source"] = data_source
         if distinct_fields is not unset:
             kwargs["distinct_fields"] = distinct_fields
         if group_by_fields is not unset:

src/datadog_api_client/v2/models/__init__.py

@@ -2172,6 +2172,7 @@
     SecurityMonitoringSignalsListResponseMetaPage,
 )
 from datadog_api_client.v2.model.security_monitoring_signals_sort import SecurityMonitoringSignalsSort
+from datadog_api_client.v2.model.security_monitoring_standard_data_source import SecurityMonitoringStandardDataSource
 from datadog_api_client.v2.model.security_monitoring_standard_rule_create_payload import (
     SecurityMonitoringStandardRuleCreatePayload,
 )
@@ -4385,6 +4386,7 @@
     "SecurityMonitoringSignalsListResponseMeta",
     "SecurityMonitoringSignalsListResponseMetaPage",
     "SecurityMonitoringSignalsSort",
+    "SecurityMonitoringStandardDataSource",
     "SecurityMonitoringStandardRuleCreatePayload",
     "SecurityMonitoringStandardRulePayload",
     "SecurityMonitoringStandardRuleQuery",