Regenerate client from commit eb00cf1 of spec repo

ci.datadog-api-spec · ci.datadog-api-spec · commit 220f85a355bd · 2025-12-10T08:47:23.000Z
diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml
@@ -47194,6 +47194,8 @@ components:
       properties:
         forgetAfter:
           $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptionsForgetAfter'
+        instantaneousBaseline:
+          $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptionsInstantaneousBaseline'
         learningDuration:
           $ref: '#/components/schemas/SecurityMonitoringRuleNewValueOptionsLearningDuration'
         learningMethod:
@@ -47219,6 +47221,15 @@ components:
       - TWO_WEEKS
       - THREE_WEEKS
       - FOUR_WEEKS
+    SecurityMonitoringRuleNewValueOptionsInstantaneousBaseline:
+      description: 'If true, every time Datadog learns a new group-by value, it takes
+        old matching values within the learning window and builds the baseline with
+        it.
+
+        Therefore, it attempts to build the baseline swiftly using existing values
+        instead of learning them over time.'
+      example: false
+      type: boolean
     SecurityMonitoringRuleNewValueOptionsLearningDuration:
       default: 0
       description: 'The duration in days during which values are learned, and after
diff --git a/cassettes/v2/Security-Monitoring_1187227211/Validate-a-detection-rule-with-detection-method-new_value-with-enabled-feature-instantaneo_524919511/frozen.json b/cassettes/v2/Security-Monitoring_1187227211/Validate-a-detection-rule-with-detection-method-new_value-with-enabled-feature-instantaneo_524919511/frozen.json
@@ -0,0 +1 @@
+"2025-12-10T08:37:17.537Z"
diff --git a/cassettes/v2/Security-Monitoring_1187227211/Validate-a-detection-rule-with-detection-method-new_value-with-enabled-feature-instantaneo_524919511/recording.har b/cassettes/v2/Security-Monitoring_1187227211/Validate-a-detection-rule-with-detection-method-new_value-with-enabled-feature-instantaneo_524919511/recording.har
@@ -0,0 +1,61 @@
+{
+  "log": {
+    "_recordingName": "Security Monitoring/Validate a detection rule with detection method 'new_value' with enabled feature 'instantaneousBaseline' returns \"OK\" response",
+    "creator": {
+      "comment": "persister:fs",
+      "name": "Polly.JS",
+      "version": "6.0.5"
+    },
+    "entries": [
+      {
+        "_id": "cbc721010d20de2d84fcd5191be021fe",
+        "_order": 0,
+        "cache": {},
+        "request": {
+          "bodySize": 675,
+          "cookies": [],
+          "headers": [
+            {
+              "_fromType": "array",
+              "name": "accept",
+              "value": "*/*"
+            },
+            {
+              "_fromType": "array",
+              "name": "content-type",
+              "value": "application/json"
+            }
+          ],
+          "headersSize": 588,
+          "httpVersion": "HTTP/1.1",
+          "method": "POST",
+          "postData": {
+            "mimeType": "application/json",
+            "params": [],
+            "text": "{\"cases\":[{\"name\":\"\",\"notifications\":[],\"status\":\"info\"}],\"hasExtendedTitle\":true,\"isEnabled\":true,\"message\":\"My security monitoring rule\",\"name\":\"My security monitoring rule\",\"options\":{\"detectionMethod\":\"new_value\",\"evaluationWindow\":0,\"keepAlive\":300,\"maxSignalDuration\":600,\"newValueOptions\":{\"forgetAfter\":7,\"instantaneousBaseline\":true,\"learningDuration\":1,\"learningMethod\":\"duration\",\"learningThreshold\":0}},\"queries\":[{\"aggregation\":\"new_value\",\"dataSource\":\"logs\",\"distinctFields\":[],\"groupByFields\":[\"@userIdentity.assumed_role\"],\"metric\":\"name\",\"metrics\":[\"name\"],\"name\":\"\",\"query\":\"source:source_here\"}],\"tags\":[\"env:prod\",\"team:security\"],\"type\":\"log_detection\"}"
+          },
+          "queryString": [],
+          "url": "https://api.datadoghq.com/api/v2/security_monitoring/rules/validation"
+        },
+        "response": {
+          "bodySize": 0,
+          "content": {
+            "mimeType": "text/plain",
+            "size": 0
+          },
+          "cookies": [],
+          "headers": [],
+          "headersSize": 601,
+          "httpVersion": "HTTP/1.1",
+          "redirectURL": "",
+          "status": 204,
+          "statusText": "No Content"
+        },
+        "startedDateTime": "2025-12-10T08:37:18.179Z",
+        "time": 297
+      }
+    ],
+    "pages": [],
+    "version": "1.2"
+  }
+}
diff --git a/features/v2/security_monitoring.feature b/features/v2/security_monitoring.feature
@@ -1797,6 +1797,13 @@ Feature: Security Monitoring
     When the request is sent
     Then the response status is 204 OK
 
+  @team:DataDog/k9-cloud-security-platform
+  Scenario: Validate a detection rule with detection method 'new_value' with enabled feature 'instantaneousBaseline' returns "OK" response
+    Given new "ValidateSecurityMonitoringRule" request
+    And body with value {"cases":[{"name":"","status":"info","notifications":[]}],"hasExtendedTitle":true,"isEnabled":true,"message":"My security monitoring rule","name":"My security monitoring rule","options":{"evaluationWindow":0,"keepAlive":300,"maxSignalDuration":600,"detectionMethod":"new_value","newValueOptions":{"forgetAfter":7,"instantaneousBaseline":true,"learningDuration":1,"learningThreshold":0,"learningMethod":"duration"}},"queries":[{"query":"source:source_here","groupByFields":["@userIdentity.assumed_role"],"distinctFields":[],"metric":"name","metrics":["name"],"aggregation":"new_value","name":"","dataSource":"logs"}],"tags":["env:prod","team:security"],"type":"log_detection"}
+    When the request is sent
+    Then the response status is 204 OK
+
   @team:DataDog/k9-cloud-security-platform
   Scenario: Validate a detection rule with detection method 'sequence_detection' returns "OK" response
     Given new "ValidateSecurityMonitoringRule" request
diff --git a/services/security_monitoring/src/v2/models/SecurityMonitoringRuleNewValueOptions.ts b/services/security_monitoring/src/v2/models/SecurityMonitoringRuleNewValueOptions.ts
@@ -13,6 +13,11 @@ export class SecurityMonitoringRuleNewValueOptions {
    * The duration in days after which a learned value is forgotten.
    */
   "forgetAfter"?: SecurityMonitoringRuleNewValueOptionsForgetAfter;
+  /**
+   * If true, every time Datadog learns a new group-by value, it takes old matching values within the learning window and builds the baseline with it.
+   * Therefore, it attempts to build the baseline swiftly using existing values instead of learning them over time.
+   */
+  "instantaneousBaseline"?: boolean;
   /**
    * The duration in days during which values are learned, and after which signals will be generated for values that
    * weren't learned. If set to 0, a signal will be generated for all new values after the first value is learned.
@@ -46,6 +51,10 @@ export class SecurityMonitoringRuleNewValueOptions {
       type: "SecurityMonitoringRuleNewValueOptionsForgetAfter",
       format: "int32",
     },
+    instantaneousBaseline: {
+      baseName: "instantaneousBaseline",
+      type: "boolean",
+    },
     learningDuration: {
       baseName: "learningDuration",
       type: "SecurityMonitoringRuleNewValueOptionsLearningDuration",
