[pull] master from DataDog:master

examples/v2/entity-risk-scores/ListEntityRiskScores.rb

@@ -0,0 +1,8 @@
+# List Entity Risk Scores returns "OK" response
+
+require "datadog_api_client"
+DatadogAPIClient.configure do |config|
+  config.unstable_operations["v2.list_entity_risk_scores".to_sym] = true
+end
+api_instance = DatadogAPIClient::V2::EntityRiskScoresAPI.new
+p api_instance.list_entity_risk_scores()

features/scenarios_model_mapping.rb

@@ -3155,6 +3155,16 @@
             "rule_id" => "String",
             "body" => "UpdateRuleRequest",
     },
+    "v2.ListEntityRiskScores" => {
+            "from" => "Integer",
+            "to" => "Integer",
+            "page_size" => "Integer",
+            "page_number" => "Integer",
+            "page_query_id" => "String",
+            "filter_sort" => "String",
+            "filter_query" => "String",
+            "entity_type" => "Array<String>",
+    },
     "v2.ReorderScanningGroups" => {
             "body" => "SensitiveDataScannerConfigRequest",
     },

features/v2/entity_risk_scores.feature

@@ -0,0 +1,20 @@
+@endpoint(entity-risk-scores) @endpoint(entity-risk-scores-v2)
+Feature: Entity Risk Scores
+  Retrieves security risk scores for entities in your organization.
+
+  Background:
+    Given a valid "apiKeyAuth" key in the system
+    And a valid "appKeyAuth" key in the system
+    And an instance of "EntityRiskScores" API
+    And operation "ListEntityRiskScores" enabled
+    And new "ListEntityRiskScores" request
+
+  @generated @skip @team:DataDog/cloud-siem
+  Scenario: List Entity Risk Scores returns "Bad Request" response
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @generated @skip @team:DataDog/cloud-siem
+  Scenario: List Entity Risk Scores returns "OK" response
+    When the request is sent
+    Then the response status is 200 OK

features/v2/security_risk_scores.feature

@@ -0,0 +1,20 @@
+@endpoint(security-risk-scores) @endpoint(security-risk-scores-v2)
+Feature: Entity Risk Scores
+  Retrieves security risk scores for entities in your organization.
+
+  Background:
+    Given a valid "apiKeyAuth" key in the system
+    And a valid "appKeyAuth" key in the system
+    And an instance of "EntityRiskScores" API
+    And operation "ListEntityRiskScores" enabled
+    And new "ListEntityRiskScores" request
+
+  @generated @skip @team:DataDog/cloud-siem
+  Scenario: List Entity Risk Scores returns "Bad Request" response
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @generated @skip @team:DataDog/cloud-siem
+  Scenario: List Entity Risk Scores returns "OK" response
+    When the request is sent
+    Then the response status is 200 OK

features/v2/undo.json

@@ -3842,6 +3842,12 @@
       "type": "idempotent"
     }
   },
+  "ListEntityRiskScores": {
+    "tag": "Entity Risk Scores",
+    "undo": {
+      "type": "safe"
+    }
+  },
   "DownloadCloudWorkloadPolicyFile": {
     "tag": "CSM Threats",
     "undo": {

lib/datadog_api_client/configuration.rb

@@ -333,6 +333,7 @@ def initialize
             "v2.list_scorecard_rules": false,
             "v2.update_scorecard_outcomes_async": false,
             "v2.update_scorecard_rule": false,
+            "v2.list_entity_risk_scores": false,
             "v2.create_incident_service": false,
             "v2.delete_incident_service": false,
             "v2.get_incident_service": false,

lib/datadog_api_client/inflector.rb

@@ -4044,6 +4044,14 @@ def overrides
           "v2.secret_rule_data_attributes_match_validation_invalid_http_status_code_items" => "SecretRuleDataAttributesMatchValidationInvalidHttpStatusCodeItems",
           "v2.secret_rule_data_attributes_match_validation_valid_http_status_code_items" => "SecretRuleDataAttributesMatchValidationValidHttpStatusCodeItems",
           "v2.secret_rule_data_type" => "SecretRuleDataType",
+          "v2.security_entity_config_risks" => "SecurityEntityConfigRisks",
+          "v2.security_entity_metadata" => "SecurityEntityMetadata",
+          "v2.security_entity_risk_score" => "SecurityEntityRiskScore",
+          "v2.security_entity_risk_score_attributes" => "SecurityEntityRiskScoreAttributes",
+          "v2.security_entity_risk_score_attributes_severity" => "SecurityEntityRiskScoreAttributesSeverity",
+          "v2.security_entity_risk_scores_meta" => "SecurityEntityRiskScoresMeta",
+          "v2.security_entity_risk_scores_response" => "SecurityEntityRiskScoresResponse",
+          "v2.security_entity_risk_score_type" => "SecurityEntityRiskScoreType",
           "v2.security_filter" => "SecurityFilter",
           "v2.security_filter_attributes" => "SecurityFilterAttributes",
           "v2.security_filter_create_attributes" => "SecurityFilterCreateAttributes",
@@ -4882,6 +4890,7 @@ def overrides
         "v2.domain_allowlist_api" => "DomainAllowlistAPI",
         "v2.dora_metrics_api" => "DORAMetricsAPI",
         "v2.downtimes_api" => "DowntimesAPI",
+        "v2.entity_risk_scores_api" => "EntityRiskScoresAPI",
         "v2.error_tracking_api" => "ErrorTrackingAPI",
         "v2.events_api" => "EventsAPI",
         "v2.fastly_integration_api" => "FastlyIntegrationAPI",

lib/datadog_api_client/v2/api/entity_risk_scores_api.rb

@@ -0,0 +1,109 @@
+=begin
+#Datadog API V2 Collection
+
+#Collection of all Datadog Public endpoints.
+
+The version of the OpenAPI document: 1.0
+Contact: support@datadoghq.com
+Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator
+
+ Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
+ This product includes software developed at Datadog (https://www.datadoghq.com/).
+ Copyright 2020-Present Datadog, Inc.
+
+=end
+
+require 'cgi'
+
+module DatadogAPIClient::V2
+  class EntityRiskScoresAPI
+    attr_accessor :api_client
+
+    def initialize(api_client = DatadogAPIClient::APIClient.default)
+      @api_client = api_client
+    end
+
+    # List Entity Risk Scores.
+    #
+    # @see #list_entity_risk_scores_with_http_info
+    def list_entity_risk_scores(opts = {})
+      data, _status_code, _headers = list_entity_risk_scores_with_http_info(opts)
+      data
+    end
+
+    # List Entity Risk Scores.
+    #
+    # Get a list of entity risk scores for your organization. Entity risk scores provide security risk assessment for entities like cloud resources, identities, or services based on detected signals, misconfigurations, and identity risks.
+    #
+    # @param opts [Hash] the optional parameters
+    # @option opts [Integer] :from Start time for the query in Unix timestamp (milliseconds). Defaults to 2 weeks ago.
+    # @option opts [Integer] :to End time for the query in Unix timestamp (milliseconds). Defaults to now.
+    # @option opts [Integer] :page_size Size of the page to return. Maximum is 1000.
+    # @option opts [Integer] :page_number Page number to return (1-indexed).
+    # @option opts [String] :page_query_id Query ID for pagination consistency.
+    # @option opts [String] :filter_sort Sort order for results. Format: `field:direction` where direction is `asc` or `desc`. Supported fields: `riskScore`, `lastDetected`, `firstDetected`, `entityName`, `signalsDetected`.
+    # @option opts [String] :filter_query Supports filtering by entity attributes, risk scores, severity, and more. Example: `severity:critical AND entityType:aws_iam_user`
+    # @option opts [Array<String>] :entity_type Filter by entity type(s). Can specify multiple values.
+    # @return [Array<(SecurityEntityRiskScoresResponse, Integer, Hash)>] SecurityEntityRiskScoresResponse data, response status code and response headers
+    def list_entity_risk_scores_with_http_info(opts = {})
+      unstable_enabled = @api_client.config.unstable_operations["v2.list_entity_risk_scores".to_sym]
+      if unstable_enabled
+        @api_client.config.logger.warn format("Using unstable operation '%s'", "v2.list_entity_risk_scores")
+      else
+        raise DatadogAPIClient::APIError.new(message: format("Unstable operation '%s' is disabled", "v2.list_entity_risk_scores"))
+      end
+
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: EntityRiskScoresAPI.list_entity_risk_scores ...'
+      end
+      # resource path
+      local_var_path = '/api/v2/security-entities/risk-scores'
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+      query_params[:'from'] = opts[:'from'] if !opts[:'from'].nil?
+      query_params[:'to'] = opts[:'to'] if !opts[:'to'].nil?
+      query_params[:'page[size]'] = opts[:'page_size'] if !opts[:'page_size'].nil?
+      query_params[:'page[number]'] = opts[:'page_number'] if !opts[:'page_number'].nil?
+      query_params[:'page[queryId]'] = opts[:'page_query_id'] if !opts[:'page_query_id'].nil?
+      query_params[:'filter[sort]'] = opts[:'filter_sort'] if !opts[:'filter_sort'].nil?
+      query_params[:'filter[query]'] = opts[:'filter_query'] if !opts[:'filter_query'].nil?
+      query_params[:'entityType'] = @api_client.build_collection_param(opts[:'entity_type'], :multi) if !opts[:'entity_type'].nil?
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json'])
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body]
+
+      # return_type
+      return_type = opts[:debug_return_type] || 'SecurityEntityRiskScoresResponse'
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || [:apiKeyAuth, :appKeyAuth]
+
+      new_options = opts.merge(
+        :operation => :list_entity_risk_scores,
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type,
+        :api_version => "V2"
+      )
+      new_options[:query_string_normalizer] = HTTParty::Request::NON_RAILS_QUERY_STRING_NORMALIZER
+
+      data, status_code, headers = @api_client.call_api(Net::HTTP::Get, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: EntityRiskScoresAPI#list_entity_risk_scores\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+  end
+end

lib/datadog_api_client/v2/api/on_call_api.rb

@@ -791,7 +791,7 @@ def get_schedule_on_call_user(schedule_id, opts = {})
     # @param schedule_id [String] The ID of the schedule.
     # @param opts [Hash] the optional parameters
     # @option opts [String] :include Specifies related resources to include in the response as a comma-separated list. Allowed value: `user`.
-    # @option opts [String] :filter_at_ts Retrieves the on-call user at the given timestamp (ISO-8601). Defaults to the current time if omitted."
+    # @option opts [String] :filter_at_ts Retrieves the on-call user at the given timestamp in RFC3339 format (for example, `2025-05-07T02:53:01Z` or `2025-05-07T02:53:01+00:00`). When using timezone offsets with `+` or `-`, ensure proper URL encoding (`+` should be encoded as `%2B`). Defaults to the current time if omitted.
     # @return [Array<(Shift, Integer, Hash)>] Shift data, response status code and response headers
     def get_schedule_on_call_user_with_http_info(schedule_id, opts = {})