DataDog · api-clients-generation-pipeline · Sep 3, 2025 · Sep 2, 2025
@@ -64816,6 +64816,38 @@ paths:
       summary: Get suppressions affecting a specific rule
       tags:
       - Security Monitoring
+  /api/v2/security_monitoring/configuration/suppressions/validation:
+    post:
+      description: Validate a suppression rule.
+      operationId: ValidateSecurityMonitoringSuppression
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/SecurityMonitoringSuppressionUpdateRequest'
+        required: true
+      responses:
+        '204':
+          description: OK
+        '400':
+          $ref: '#/components/responses/BadRequestResponse'
+        '403':
+          $ref: '#/components/responses/NotAuthorizedResponse'
+        '429':
+          $ref: '#/components/responses/TooManyRequestsResponse'
+      security:
+      - apiKeyAuth: []
+        appKeyAuth: []
+      - AuthZ:
+        - security_monitoring_suppressions_write
+      summary: Validate a suppression rule
+      tags:
+      - Security Monitoring
+      x-codegen-request-body-name: body
+      x-permission:
+        operator: OR
+        permissions:
+        - security_monitoring_suppressions_write
   /api/v2/security_monitoring/configuration/suppressions/{suppression_id}:
     delete:
       description: Delete a specific suppression rule.

@@ -0,0 +1,34 @@
+"""
+Validate a suppression rule returns "OK" response
+"""
+
+from datadog_api_client import ApiClient, Configuration
+from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
+from datadog_api_client.v2.model.security_monitoring_suppression_type import SecurityMonitoringSuppressionType
+from datadog_api_client.v2.model.security_monitoring_suppression_update_attributes import (
+    SecurityMonitoringSuppressionUpdateAttributes,
+)
+from datadog_api_client.v2.model.security_monitoring_suppression_update_data import (
+    SecurityMonitoringSuppressionUpdateData,
+)
+from datadog_api_client.v2.model.security_monitoring_suppression_update_request import (
+    SecurityMonitoringSuppressionUpdateRequest,
+)
+
+body = SecurityMonitoringSuppressionUpdateRequest(
+    data=SecurityMonitoringSuppressionUpdateData(
+        attributes=SecurityMonitoringSuppressionUpdateAttributes(
+            data_exclusion_query="source:cloudtrail account_id:12345",
+            description="This rule suppresses low-severity signals in staging environments.",
+            enabled=True,
+            name="Custom suppression",
+            rule_query="type:log_detection source:cloudtrail",
+        ),
+        type=SecurityMonitoringSuppressionType.SUPPRESSIONS,
+    ),
+)
+
+configuration = Configuration()
+with ApiClient(configuration) as api_client:
+    api_instance = SecurityMonitoringApi(api_client)
+    api_instance.validate_security_monitoring_suppression(body=body)
@@ -1922,6 +1922,26 @@ def __init__(self, api_client=None):
             api_client=api_client,
         )
 
+        self._validate_security_monitoring_suppression_endpoint = _Endpoint(
+            settings={
+                "response_type": None,
+                "auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"],
+                "endpoint_path": "/api/v2/security_monitoring/configuration/suppressions/validation",
+                "operation_id": "validate_security_monitoring_suppression",
+                "http_method": "POST",
+                "version": "v2",
+            },
+            params_map={
+                "body": {
+                    "required": True,
+                    "openapi_types": (SecurityMonitoringSuppressionUpdateRequest,),
+                    "location": "body",
+                },
+            },
+            headers_map={"accept": ["*/*"], "content_type": ["application/json"]},
+            api_client=api_client,
+        )
+
     def cancel_historical_job(
         self,
         job_id: str,
@@ -3923,3 +3943,19 @@ def validate_security_monitoring_rule(
         kwargs["body"] = body
 
         return self._validate_security_monitoring_rule_endpoint.call_with_http_info(**kwargs)
+
+    def validate_security_monitoring_suppression(
+        self,
+        body: SecurityMonitoringSuppressionUpdateRequest,
+    ) -> None:
+        """Validate a suppression rule.
+
+        Validate a suppression rule.
+
+        :type body: SecurityMonitoringSuppressionUpdateRequest
+        :rtype: None
+        """
+        kwargs: Dict[str, Any] = {}
+        kwargs["body"] = body
+
+        return self._validate_security_monitoring_suppression_endpoint.call_with_http_info(**kwargs)
@@ -0,0 +1 @@
+2025-09-01T21:36:42.334Z
@@ -0,0 +1,22 @@
+interactions:
+- request:
+    body: '{"data":{"attributes":{"data_exclusion_query":"not enough attributes"},"type":"suppressions"}}'
+    headers:
+      accept:
+      - '*/*'
+      content-type:
+      - application/json
+    method: POST
+    uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/validation
+  response:
+    body:
+      string: '{"errors":["input_validation_error(Field ''data.attributes.rule_query''
+        is invalid: field ''rule_query'' is required)","input_validation_error(Field
+        ''data.attributes.name'' is invalid: name cannot be empty)"]}'
+    headers:
+      content-type:
+      - application/json
+    status:
+      code: 400
+      message: Bad Request
+version: 1
@@ -0,0 +1 @@
+2025-09-01T21:36:20.593Z
@@ -0,0 +1,20 @@
+interactions:
+- request:
+    body: '{"data":{"attributes":{"data_exclusion_query":"source:cloudtrail account_id:12345","description":"This
+      rule suppresses low-severity signals in staging environments.","enabled":true,"name":"Custom
+      suppression","rule_query":"type:log_detection source:cloudtrail"},"type":"suppressions"}}'
+    headers:
+      accept:
+      - '*/*'
+      content-type:
+      - application/json
+    method: POST
+    uri: https://api.datadoghq.com/api/v2/security_monitoring/configuration/suppressions/validation
+  response:
+    body:
+      string: ''
+    headers: {}
+    status:
+      code: 204
+      message: No Content
+version: 1
@@ -1389,3 +1389,17 @@ Feature: Security Monitoring
     And body with value {"cases":[{"name":"","status":"info","notifications":[],"condition":"a > 0"}],"hasExtendedTitle":true,"isEnabled":true,"message":"My security monitoring rule","name":"My security monitoring rule","options":{"evaluationWindow":1800,"keepAlive":1800,"maxSignalDuration":1800,"detectionMethod":"threshold"},"queries":[{"query":"source:source_here","groupByFields":["@userIdentity.assumed_role"],"distinctFields":[],"aggregation":"count","name":""}],"tags":["env:prod","team:security"],"type":"log_detection"}
     When the request is sent
     Then the response status is 204 OK
+
+  @team:DataDog/k9-cloud-security-platform
+  Scenario: Validate a suppression rule returns "Bad Request" response
+    Given new "ValidateSecurityMonitoringSuppression" request
+    And body with value {"data": {"attributes": {"data_exclusion_query": "not enough attributes"}, "type": "suppressions"}}
+    When the request is sent
+    Then the response status is 400 Bad Request
+
+  @team:DataDog/k9-cloud-security-platform
+  Scenario: Validate a suppression rule returns "OK" response
+    Given new "ValidateSecurityMonitoringSuppression" request
+    And body with value {"data": {"attributes": {"data_exclusion_query": "source:cloudtrail account_id:12345", "description": "This rule suppresses low-severity signals in staging environments.", "enabled": true, "name": "Custom suppression", "rule_query": "type:log_detection source:cloudtrail"}, "type": "suppressions"}}
+    When the request is sent
+    Then the response status is 204 OK
@@ -3024,6 +3024,12 @@
       "type": "safe"
     }
   },
+  "ValidateSecurityMonitoringSuppression": {
+    "tag": "Security Monitoring",
+    "undo": {
+      "type": "idempotent"
+    }
+  },
   "DeleteSecurityMonitoringSuppression": {
     "tag": "Security Monitoring",
     "undo": {