Add OpenAPI documentation for list and get indicators of compromise endpoints (#3422)

Co-authored-by: ci.datadog-api-spec <packages@datadoghq.com>

Author: api-clients-generation-pipeline[bot]

.generator/schemas/v2/openapi.yaml

@@ -12506,6 +12506,27 @@ datadog\_api\_client.v2.model.get\_investigation\_response\_links module
    :members:
    :show-inheritance:
 
+datadog\_api\_client.v2.model.get\_io\_c\_indicator\_response module
+--------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.get_io_c_indicator_response
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.get\_io\_c\_indicator\_response\_attributes module
+--------------------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.get_io_c_indicator_response_attributes
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.get\_io\_c\_indicator\_response\_data module
+--------------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.get_io_c_indicator_response_data
+   :members:
+   :show-inheritance:
+
 datadog\_api\_client.v2.model.get\_issue\_include\_query\_parameter\_item module
 --------------------------------------------------------------------------------
 
@@ -15054,6 +15075,83 @@ datadog\_api\_client.v2.model.investigation\_type module
    :members:
    :show-inheritance:
 
+datadog\_api\_client.v2.model.io\_c\_explorer\_list\_response module
+--------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.io_c_explorer_list_response
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.io\_c\_explorer\_list\_response\_attributes module
+--------------------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.io_c_explorer_list_response_attributes
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.io\_c\_explorer\_list\_response\_data module
+--------------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.io_c_explorer_list_response_data
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.io\_c\_explorer\_list\_response\_metadata module
+------------------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.io_c_explorer_list_response_metadata
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.io\_c\_explorer\_list\_response\_paging module
+----------------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.io_c_explorer_list_response_paging
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.io\_c\_geo\_location module
+---------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.io_c_geo_location
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.io\_c\_indicator module
+-----------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.io_c_indicator
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.io\_c\_indicator\_detailed module
+---------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.io_c_indicator_detailed
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.io\_c\_score\_effect module
+---------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.io_c_score_effect
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.io\_c\_signal\_severity\_count module
+-------------------------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.io_c_signal_severity_count
+   :members:
+   :show-inheritance:
+
+datadog\_api\_client.v2.model.io\_c\_source module
+--------------------------------------------------
+
+.. automodule:: datadog_api_client.v2.model.io_c_source
+   :members:
+   :show-inheritance:
+
 datadog\_api\_client.v2.model.ip\_allowlist\_attributes module
 --------------------------------------------------------------
 

docs/datadog_api_client.v2.model.rst

@@ -0,0 +1,16 @@
+"""
+Get an indicator of compromise returns "OK" response
+"""
+
+from datadog_api_client import ApiClient, Configuration
+from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
+
+configuration = Configuration()
+configuration.unstable_operations["get_indicator_of_compromise"] = True
+with ApiClient(configuration) as api_client:
+    api_instance = SecurityMonitoringApi(api_client)
+    response = api_instance.get_indicator_of_compromise(
+        indicator="masscan/1.3 (https://github.com/robertdavidgraham/masscan)",
+    )
+
+    print(response)

examples/v2/security-monitoring/GetIndicatorOfCompromise.py

@@ -0,0 +1,16 @@
+"""
+List indicators of compromise returns "OK" response
+"""
+
+from datadog_api_client import ApiClient, Configuration
+from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
+
+configuration = Configuration()
+configuration.unstable_operations["list_indicators_of_compromise"] = True
+with ApiClient(configuration) as api_client:
+    api_instance = SecurityMonitoringApi(api_client)
+    response = api_instance.list_indicators_of_compromise(
+        limit=1,
+    )
+
+    print(response)

examples/v2/security-monitoring/ListIndicatorsOfCompromise.py

@@ -304,12 +304,14 @@ def __init__(
                 "v2.delete_threat_hunting_job": False,
                 "v2.get_content_packs_states": False,
                 "v2.get_finding": False,
+                "v2.get_indicator_of_compromise": False,
                 "v2.get_rule_version_history": False,
                 "v2.get_secrets_rules": False,
                 "v2.get_security_monitoring_histsignal": False,
                 "v2.get_security_monitoring_histsignals_by_job_id": False,
                 "v2.get_threat_hunting_job": False,
                 "v2.list_findings": False,
+                "v2.list_indicators_of_compromise": False,
                 "v2.list_multiple_rulesets": False,
                 "v2.list_scanned_assets_metadata": False,
                 "v2.list_security_monitoring_histsignals": False,

src/datadog_api_client/configuration.py

@@ -56,6 +56,8 @@
 from datadog_api_client.v2.model.sbom_format import SBOMFormat
 from datadog_api_client.v2.model.scanned_assets_metadata import ScannedAssetsMetadata
 from datadog_api_client.v2.model.cloud_asset_type import CloudAssetType
+from datadog_api_client.v2.model.io_c_explorer_list_response import IoCExplorerListResponse
+from datadog_api_client.v2.model.get_io_c_indicator_response import GetIoCIndicatorResponse
 from datadog_api_client.v2.model.notification_rule_response import NotificationRuleResponse
 from datadog_api_client.v2.model.create_notification_rule_parameters import CreateNotificationRuleParameters
 from datadog_api_client.v2.model.patch_notification_rule_parameters import PatchNotificationRuleParameters
@@ -976,6 +978,29 @@ def __init__(self, api_client=None):
             api_client=api_client,
         )
 
+        self._get_indicator_of_compromise_endpoint = _Endpoint(
+            settings={
+                "response_type": (GetIoCIndicatorResponse,),
+                "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"],
+                "endpoint_path": "/api/v2/security/siem/ioc-explorer/indicator",
+                "operation_id": "get_indicator_of_compromise",
+                "http_method": "GET",
+                "version": "v2",
+            },
+            params_map={
+                "indicator": {
+                    "required": True,
+                    "openapi_types": (str,),
+                    "attribute": "indicator",
+                    "location": "query",
+                },
+            },
+            headers_map={
+                "accept": ["application/json"],
+            },
+            api_client=api_client,
+        )
+
         self._get_investigation_log_queries_matching_signal_endpoint = _Endpoint(
             settings={
                 "response_type": (SecurityMonitoringSignalSuggestedActionsResponse,),
@@ -1673,6 +1698,54 @@ def __init__(self, api_client=None):
             api_client=api_client,
         )
 
+        self._list_indicators_of_compromise_endpoint = _Endpoint(
+            settings={
+                "response_type": (IoCExplorerListResponse,),
+                "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"],
+                "endpoint_path": "/api/v2/security/siem/ioc-explorer",
+                "operation_id": "list_indicators_of_compromise",
+                "http_method": "GET",
+                "version": "v2",
+            },
+            params_map={
+                "limit": {
+                    "validation": {
+                        "inclusive_maximum": 2147483647,
+                    },
+                    "openapi_types": (int,),
+                    "attribute": "limit",
+                    "location": "query",
+                },
+                "offset": {
+                    "validation": {
+                        "inclusive_maximum": 2147483647,
+                    },
+                    "openapi_types": (int,),
+                    "attribute": "offset",
+                    "location": "query",
+                },
+                "query": {
+                    "openapi_types": (str,),
+                    "attribute": "query",
+                    "location": "query",
+                },
+                "sort_column": {
+                    "openapi_types": (str,),
+                    "attribute": "sort[column]",
+                    "location": "query",
+                },
+                "sort_order": {
+                    "openapi_types": (str,),
+                    "attribute": "sort[order]",
+                    "location": "query",
+                },
+            },
+            headers_map={
+                "accept": ["application/json"],
+            },
+            api_client=api_client,
+        )
+
         self._list_multiple_rulesets_endpoint = _Endpoint(
             settings={
                 "response_type": (GetMultipleRulesetsResponse,),
@@ -3447,6 +3520,23 @@ def get_finding(
 
         return self._get_finding_endpoint.call_with_http_info(**kwargs)
 
+    def get_indicator_of_compromise(
+        self,
+        indicator: str,
+    ) -> GetIoCIndicatorResponse:
+        """Get an indicator of compromise.
+
+        Get detailed information about a specific indicator of compromise (IoC).
+
+        :param indicator: The indicator value to look up (for example, an IP address or domain).
+        :type indicator: str
+        :rtype: GetIoCIndicatorResponse
+        """
+        kwargs: Dict[str, Any] = {}
+        kwargs["indicator"] = indicator
+
+        return self._get_indicator_of_compromise_endpoint.call_with_http_info(**kwargs)
+
     def get_investigation_log_queries_matching_signal(
         self,
         signal_id: str,
@@ -4227,6 +4317,49 @@ def list_findings_with_pagination(
         }
         return endpoint.call_with_http_info_paginated(pagination)
 
+    def list_indicators_of_compromise(
+        self,
+        *,
+        limit: Union[int, UnsetType] = unset,
+        offset: Union[int, UnsetType] = unset,
+        query: Union[str, UnsetType] = unset,
+        sort_column: Union[str, UnsetType] = unset,
+        sort_order: Union[str, UnsetType] = unset,
+    ) -> IoCExplorerListResponse:
+        """List indicators of compromise.
+
+        Get a list of indicators of compromise (IoCs) matching the specified filters.
+
+        :param limit: Number of results per page.
+        :type limit: int, optional
+        :param offset: Pagination offset.
+        :type offset: int, optional
+        :param query: Search/filter query (supports field:value syntax).
+        :type query: str, optional
+        :param sort_column: Sort column: score, first_seen_ts_epoch, last_seen_ts_epoch, indicator, indicator_type, signal_count, log_count, category, as_type.
+        :type sort_column: str, optional
+        :param sort_order: Sort order: asc or desc.
+        :type sort_order: str, optional
+        :rtype: IoCExplorerListResponse
+        """
+        kwargs: Dict[str, Any] = {}
+        if limit is not unset:
+            kwargs["limit"] = limit
+
+        if offset is not unset:
+            kwargs["offset"] = offset
+
+        if query is not unset:
+            kwargs["query"] = query
+
+        if sort_column is not unset:
+            kwargs["sort_column"] = sort_column
+
+        if sort_order is not unset:
+            kwargs["sort_order"] = sort_order
+
+        return self._list_indicators_of_compromise_endpoint.call_with_http_info(**kwargs)
+
     def list_multiple_rulesets(
         self,
         body: GetMultipleRulesetsRequest,

src/datadog_api_client/v2/api/security_monitoring_api.py

@@ -0,0 +1,42 @@
+# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+# This product includes software developed at Datadog (https://www.datadoghq.com/).
+# Copyright 2019-Present Datadog, Inc.
+from __future__ import annotations
+
+from typing import Union, TYPE_CHECKING
+
+from datadog_api_client.model_utils import (
+    ModelNormal,
+    cached_property,
+    unset,
+    UnsetType,
+)
+
+
+if TYPE_CHECKING:
+    from datadog_api_client.v2.model.get_io_c_indicator_response_data import GetIoCIndicatorResponseData
+
+
+class GetIoCIndicatorResponse(ModelNormal):
+    @cached_property
+    def openapi_types(_):
+        from datadog_api_client.v2.model.get_io_c_indicator_response_data import GetIoCIndicatorResponseData
+
+        return {
+            "data": (GetIoCIndicatorResponseData,),
+        }
+
+    attribute_map = {
+        "data": "data",
+    }
+
+    def __init__(self_, data: Union[GetIoCIndicatorResponseData, UnsetType] = unset, **kwargs):
+        """
+        Response for the get indicator of compromise endpoint.
+
+        :param data: IoC indicator response data object.
+        :type data: GetIoCIndicatorResponseData, optional
+        """
+        if data is not unset:
+            kwargs["data"] = data
+        super().__init__(kwargs)